Privacy Policy

Welcome to EchoDay. This Privacy Policy has been created to provide you with a clear and comprehensive understanding of how we handle your information.

Our guiding principle is that your data is yours. EchoDay is a privacy-first app for iOS. Calendar, reminders, and AI schedule analysis are processed on your device. We also use Firebase Analytics to collect limited anonymous usage data, such as app launches, taps, and screen views, to improve the app. We do not collect personal details like your name or email, and this analytics data is not linked to your identity or used for advertising.

To provide its features, EchoDay requests your permission to access the following information on your device. This access is strictly for the purposes described below. Your calendar and reminder content is processed on-device and is never transmitted to us or any third party for advertising or tracking.

• Calendar Data: We request permission to access your calendar ("This app needs to read your calendar to display your upcoming events"). This allows the app to display your schedule and provide it as context to the on-device AI.
• Reminders Data: We request permission to access your reminders ("This app needs to read your reminders to display and summarise your tasks for the day"). This is used to give a complete overview of your daily commitments to you and the on-device AI.

EchoDay does not collect personal identifiers or your calendar and reminder content. The only app-level data we collect is limited anonymous analytics through Firebase Analytics.

This anonymous analytics data includes an anonymous app instance/device identifier and product interaction events such as app launches, taps, and screen views. It is used only to improve app quality and features.

• Personal Identifiers: We DO NOT collect: Your name, email address, phone number, or any other directly identifying personal information.
• Calendar and Reminder Content: Any details from your events or reminders, including titles, descriptions, locations, attendees, or notes.
• AI-Generated Content: Any summaries, insights, or chat conversations created by the AI models. These are stored locally on your device and are encrypted.
• Advertising and Cross-App Tracking: We do not use analytics data for advertising, profiling, or tracking you across other apps or websites.
• Google User Data: When you connect your Google Calendar, we do not collect, store, or transmit any Google user data. We do not transfer or disclose your information to third parties. All calendar data accessed through any integration is processed exclusively on your device using on-device AI models and never leaves your device.

The core functionality of EchoDay relies on processing your data securely and locally on your device.

• Local AI Models: EchoDay utilizes advanced AI models from Apple, Meta, Google, and Microsoft, which are downloaded and executed directly on your device. Your calendar and reminder data are fed into these models locally to generate summaries and power the chat feature. At no point does this information leave your device for processing.
• Contextual Chat: When you interact with the chat feature, the app uses the event and reminder data for the selected day as context for the AI model to provide relevant answers. This entire process is self-contained within the app on your device.

We employ robust security measures to protect the data stored by EchoDay on your device.

• Encryption at Rest: All chat histories and "liked" summaries are encrypted using the AES-GCM (Advanced Encryption Standard) algorithm before being saved to your device's local storage.
• Secure Key Management: The cryptographic key used for this encryption is generated on your device and stored securely in the iOS Keychain. The Keychain is a hardware-backed secure enclave, meaning the key is protected by your device's passcode and cannot be accessed by other apps or extracted from the device.

EchoDay uses third-party services to enable certain features. Our integration with these services is designed to maintain your privacy.

• Firebase Analytics (Google): We use Firebase Analytics to collect anonymous usage events, including app launches, taps, and screen views, along with an anonymous app instance/device identifier. This helps us improve EchoDay on iOS. We do not collect personal identifiers, calendar content, reminders, or AI chat content. This data is not used for advertising or user tracking.
• Microsoft Outlook Calendar: You have the option to connect your Microsoft Outlook Calendar. To do this, we use the official Microsoft authentication SDK for authentication. We only request read-only permission for your calendar events. The event data fetched is processed on-device in the same manner as your local Apple Calendar data. We do not see or store your Microsoft account credentials.
• Apple App Store: If you choose to subscribe to EchoDay Premium, all transactions are processed securely by Apple's in-app purchase system. We do not collect or have access to your payment information.

As we do not collect your personal data, we do not have a data retention policy for such information. All data generated by the app, such as chat history, is stored on your device until you either delete it from within the app or uninstall the app.

Anonymous analytics events collected through Firebase Analytics are retained only as needed to understand product usage and improve EchoDay, based on Firebase retention settings and our data-minimization practices.

You are in control of your data when using EchoDay. We are committed to supporting privacy rights under GDPR and CCPA.

• Permission Control: You can grant or revoke access to your calendar and reminders at any time through your iOS settings.
• Data Deletion: You can clear your "liked" summaries within the app's settings. Deleting the app from your device will remove locally stored app data, including chat history.
• GDPR Rights: If you are in the EEA or UK, you may request access, correction, deletion, restriction, objection, or portability for personal data where applicable.
• CCPA Rights: If you are a California resident, you may request to know, access, correct, or delete personal information where applicable, and you have the right to non-discrimination for exercising your privacy rights.

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by providing a notice within the app.

If you have any questions or concerns about our Privacy Policy or data practices, or if you want to exercise your GDPR or CCPA rights, please contact us through the "Send Feedback" option in the app's settings or email us at: hello@echoday.app.