Privacy Policy

This might be the shortest privacy policy you've ever read - because we collect almost nothing.

Last updated: December 6, 2025 | Effective: January 1, 2024

TL;DR Summary

✅ What We Collect

  • Nothing from the app itself
  • Basic web analytics (if you visit this website)
  • Support emails (only if you contact us)

❌ What We Don't Collect

  • Your vault contents (encrypted or otherwise)
  • Personal information or user profiles
  • Usage analytics or tracking data
  • Device identifiers or location data

This policy explains our practices in detail, but the summary above covers 95% of what you need to know.

1. Information We Collect

1.1 From the EchoVaults App

We collect zero data from the EchoVaults mobile application. The app operates entirely offline, stores all data locally on your device, and makes no network requests to our servers or any third-party services.

1.2 From This Website

When you visit echovaults.org, we collect minimal information necessary to operate the website:

  • Server logs: IP address, browser type, pages visited, and timestamps (automatically deleted after 30 days)
  • Basic analytics: Page views and referral sources (using privacy-focused analytics without cookies)
  • Contact forms: Information you voluntarily provide when contacting us

1.3 From Support Communications

If you email us for support, we retain your email address and the content of your message only as long as necessary to respond to your inquiry (typically 30-90 days).

2. How We Use Information

Website Analytics

We use basic website analytics to understand which pages are most helpful and how people find EchoVaults. This helps us improve our educational content about digital privacy.

Support & Communication

We use contact information solely to respond to your inquiries, provide technical support, or send important security updates (only if you explicitly request them).

Security & Legal Compliance

We may use collected information to prevent abuse of our website, investigate security incidents, or comply with legal obligations (though we design our systems to minimize such needs).

3. Information Sharing & Disclosure

We do not sell, rent, or trade your information to anyone. We may disclose information only in these limited circumstances:

Legal Requirements

If required by law, court order, or government regulation (we will resist overly broad requests and notify users when legally possible).

Service Providers

Minimal data shared with essential service providers (web hosting, email delivery) under strict data processing agreements.

Safety & Security

To prevent abuse, protect against security threats, or investigate potential violations of our terms.

4. Data Security

We implement industry-standard security measures to protect any information we do collect:

  • Encrypted transmission: All website communications use HTTPS/TLS encryption
  • Minimal data retention: We delete most data automatically after 30-90 days
  • Access controls: Only essential team members can access any collected data
  • Regular audits: Our security practices are reviewed annually by independent firms
  • Incident response: We have procedures to quickly address any potential data breaches

Remember: The most secure data is data that doesn't exist. EchoVaults is designed so that even a complete breach of our systems wouldn't compromise your vault contents, because we never have access to them in the first place.

5. Your Rights

You have the following rights regarding any personal information we may have collected:

🔍 Access

Request a copy of any personal information we have about you (usually none or very little).

✏️ Correction

Request correction of any inaccurate personal information we may have.

🗑️ Deletion

Request deletion of your personal information (subject to legal retention requirements).

📦 Portability

Request a copy of your data in a machine-readable format (if technically feasible).

To exercise these rights, email us at privacy@echovaults.org. We'll respond within 30 days for most requests.

6. Children's Privacy

EchoVaults is designed for adults (18+) dealing with end-of-life planning and digital legacy concerns. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@echovaults.org and we will delete it promptly.

7. International Users & Data Transfers

EchoVaults is available worldwide, but our servers are located in the United States. If you're located outside the US, please be aware that:

  • Your app data stays entirely on your device and is never transferred anywhere
  • Website data may be transferred to and stored in the United States
  • We comply with applicable international privacy laws (GDPR, CCPA, etc.)
  • Data transfers are protected by appropriate safeguards and encryption

🇪🇺 EU Users (GDPR)

You have additional rights under GDPR, including the right to object to processing, restrict processing, and lodge complaints with supervisory authorities. Contact our EU representative at eu-privacy@echovaults.org.

8. Changes to This Policy

We may update this privacy policy occasionally to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on this page with a new "Last Updated" date
  • Notify users of material changes through our website and/or email (if we have your email)
  • Maintain an archive of previous policy versions for transparency
  • Never make changes that retroactively reduce your privacy protections

Your continued use of EchoVaults after policy changes constitutes acceptance of the updated terms.

9. Contact Us About Privacy

If you have any questions about this privacy policy or our data practices, please contact us:

📧 Email

General privacy questions:
privacy@echovaults.org

Data deletion requests:
delete@echovaults.org

📝 Contact Form

Use our secure contact form for detailed privacy inquiries:

Privacy Contact Form

Response time: We typically respond to privacy inquiries within 1-3 business days. For complex requests requiring research, we may take up to 30 days as permitted by law.