Effective date: 2026-05-05
EchoLing is designed with privacy in mind. AI-generated recall cards pass through EchoLing's backend and the relevant processing provider. We do not sell your personal information or use your saved vocabulary for third-party advertising.
Account and session identifiers. When you sign in, we store your authentication user ID and an internal app user ID. These let us associate your saved entries and quota with your account.
Device and request metadata. Our servers log platform, app version, operating system, device model, IP address, timestamps, and request logs for security and debugging purposes.
Content you submit. When you use AI generation, the text you submit is processed by our backend and the relevant provider. Saved vocabulary entries are stored in our database linked to your account.
Usage and quota data. We track daily generation quota consumption, generation job records, and idempotency keys to prevent abuse and deliver consistent service.
Anonymous usage events. The app sends anonymous usage events — such as recall card generated, card exposed, or card reviewed — to our backend. These events are identified only by a randomly generated device identifier that is not linked to your account or any personal information. Events are recorded in server logs and are not stored in a persistent database.
Local data on your device. Entries, memory packs, and pending sync operations are stored in a local database on your device. Your current learning exposure position and recall language preference are also stored locally.
We use your data solely to provide and improve EchoLing:
We do not use your saved vocabulary or submitted text to train AI models for third parties, nor do we use it for targeted advertising.
Supabase — authentication and database. Your account data and saved entries are stored in Supabase-managed infrastructure. See supabase.com/privacy.
AI recall card generation provider — Text you submit for AI recall card generation is sent to our current AI provider for processing. Their data retention policies apply; please review the provider's privacy terms for details on how submitted text is handled. We will update this policy if we change providers.
Vercel — hosting and request logs. Standard server-side logs including IP addresses are retained per Vercel's default log retention period. Anonymous usage events are recorded in these logs.
Apple — App Store distribution and push notification delivery. Apple's privacy policy governs these interactions.
Your account data and saved vocabulary entries are retained until you delete them or delete your account. You can delete your account directly in the app from Settings — this immediately deletes all your entries, memory cards, quota records, and sync history from our database, and removes your authentication record. It also clears all associated local data from your device.
Server-side request logs follow the default retention policy of our hosting platform (Vercel). AI provider data retention follows each provider's applicable terms — we recommend reviewing our current AI provider's privacy terms for details on how submitted text is handled.
You may delete your account and all associated data directly within the app at any time via Settings. This permanently removes all your data from our systems.
For other requests — including data access, export, or correction — contact us at hello@echoling.app. We will respond within 30 days.
California residents may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, delete, and opt out of sale of personal information. As noted above, we do not sell personal information. For questions, contact us at the email above.
EchoLing is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at hello@echoling.app.
All data in transit is encrypted using TLS. Backend API keys and service credentials are server-side only and are never distributed to client apps. We apply the principle of least privilege to database and service permissions and minimize logging of user content.
We may update this policy as EchoLing evolves. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you through the app. Continued use of EchoLing after changes constitutes acceptance of the updated policy.
For privacy questions, data requests, or to report a concern, contact us at hello@echoling.app.
Contact: hello@echoling.app