Privacy Policy

Welcome to EchoDay. This Privacy Policy has been created to provide you with a clear and comprehensive understanding of how we handle your information.

Our guiding principle is that your data is yours. EchoDay is fundamentally designed as a privacy-first application. We have architected our service so that we do not have access to your personal information. All data processing, especially the AI powered analysis of your schedule, is performed exclusively on your device. We operate with zero servers and zero tracking.

To provide its features, EchoDay requests your permission to access the following information on your device. This access is strictly for the purposes described below, and this data is never transmitted to us or any third party.

• Calendar Data: We request permission to access your calendar ("This app needs to read your calendar to display your upcoming events"). This allows the app to display your schedule and provide it as context to the on-device AI.
• Reminders Data: We request permission to access your reminders ("This app needs to read your reminders to display and summarise your tasks for the day"). This is used to give a complete overview of your daily commitments to you and the on-device AI.

EchoDay does not collect, store, transmit, or have access to any of the following data:

• Personal Identifiers: Your name, email address, location, or any other personally identifiable information.
• Calendar and Reminder Content: Any details from your events or reminders, including titles, descriptions, locations, attendees, or notes.
• AI-Generated Content: Any summaries, insights, or chat conversations created by the AI models. These are stored locally on your device and are encrypted.
• Analytics and Usage Data: The app contains no third-party or proprietary analytics trackers. We do not monitor how you use the app.

The core functionality of EchoDay relies on processing your data securely and locally on your device.

• Local AI Models: EchoDay utilizes advanced AI models from Apple, Meta, Google, and Microsoft, which are downloaded and executed directly on your device. Your calendar and reminder data are fed into these models locally to generate summaries and power the chat feature. At no point does this information leave your device for processing.
• Contextual Chat: When you interact with the chat feature, the app uses the event and reminder data for the selected day as context for the AI model to provide relevant answers. This entire process is self-contained within the app on your device.

We employ robust security measures to protect the data stored by EchoDay on your device.

• Encryption at Rest: All chat histories and "liked" summaries are encrypted using the AES-GCM (Advanced Encryption Standard) algorithm before being saved to your device's local storage.
• Secure Key Management: The cryptographic key used for this encryption is generated on your device and stored securely in the iOS Keychain. The Keychain is a hardware-backed secure enclave, meaning the key is protected by your device's passcode and cannot be accessed by other apps or extracted from the device.

EchoDay uses third-party services to enable certain features. Our integration with these services is designed to maintain your privacy.

• Google Calendar: You have the option to connect your Google Calendar. To do this, we use the official Google Sign-In SDK for authentication. We only request read-only permission for your calendar events. The event data fetched is processed on-device in the same manner as your local Apple Calendar data. We do not see or store your Google account credentials.
• Apple App Store: If you choose to subscribe to EchoDay Premium, all transactions are processed securely by Apple's in-app purchase system. We do not collect or have access to your payment information.

As we do not collect your personal data on our servers, we do not have a data retention policy for such data. All data generated by the app, such as chat history, is stored on your device until you either delete it from within the app or uninstall the app.

You are in full control of your data when using EchoDay.

• Permission Control: You can grant or revoke access to your calendar and reminders at any time through the iOS Settings app.
• Data Deletion: You can clear your "liked" summaries within the app's settings. Deleting the app from your device will remove all of its locally stored data, including chat history.

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by updating the date at the top of this policy and providing a notice within the app.

If you have any questions or concerns about our Privacy Policy or data practices, please contact us through the "Send Feedback" option in the app's settings.