Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

• Account Information: Name, email address, phone number, company name, job title, and billing information when you create an account or contact sales.
• Communication Data: Messages, emails, and inquiries you send to us through our contact forms, live chat, or support channels.
• Payment Information: Credit card details, billing address, and transaction history processed through our third-party payment providers. We do not store full credit card numbers on our servers.
• Campaign Data: Contact lists, call scripts, lead information, and campaign configurations you upload or create within the platform.
• Voice Recordings & Transcripts: Audio recordings and AI-generated transcripts of calls made through our AI voice agents, as configured by you.
• WhatsApp & SMS Content: Message content sent and received through our WhatsApp Business API and SMS integrations, as configured by your campaigns.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, clicks, session duration, and interaction patterns within the platform.
• Device Information: Browser type, operating system, device type, screen resolution, and unique device identifiers.
• Log Data: IP addresses, access times, referring URLs, and server logs.
• Cookies & Similar Technologies: We use cookies, pixels, and local storage to maintain sessions, remember preferences, and analyze usage. See Section 8 for details.

1.3 Information from Third Parties

• CRM Integrations: When you connect third-party CRMs (e.g., HubSpot, Salesforce), we may receive contact and lead data as authorized by you.
• OAuth Providers: If you sign in using Google, Microsoft, or other OAuth providers, we receive your name, email, and profile picture as authorized by the provider.
• Analytics Providers: We receive aggregated analytics data from services like Google Analytics.

2. How We Use Your Information

We use the information we collect to:

• Provide and Operate Services: Run AI voice agents, process calls, deliver WhatsApp/SMS campaigns, qualify leads, schedule appointments, and provide the core platform functionality.
• AI Processing: Analyze voice conversations and text interactions using artificial intelligence and natural language processing to qualify leads, generate transcripts, score sentiment, and improve conversation quality.
• Account Management: Create and manage your account, process payments, and provide customer support.
• Improve Our Services: Analyze usage patterns, diagnose technical issues, and develop new features. We may use anonymized and aggregated data to train and improve our AI models.
• Communications: Send service-related notices, security alerts, billing reminders, product updates, and (with your consent) marketing communications.
• Security & Compliance: Detect fraud, prevent abuse, enforce our terms of service, and comply with legal obligations.
• Analytics & Reporting: Generate call analytics, campaign performance reports, and insights for your dashboard.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

• Cloud Infrastructure: Amazon Web Services (AWS), Google Cloud Platform, or similar providers for hosting and data storage.
• Voice & Telephony: Twilio, Exotel, or similar providers for voice call routing and delivery.
• AI & Language Processing: OpenAI, Google Cloud AI, ElevenLabs, Deepgram, or similar providers for speech-to-text, text-to-speech, and conversational AI processing.
• Messaging: WhatsApp Business API providers and SMS gateway providers for message delivery.
• Payment Processing: Razorpay, Stripe, or similar providers for payment processing.
• Analytics: Google Analytics and similar tools for usage analysis.
• Email: SendGrid, AWS SES, or similar providers for transactional and marketing emails.

These providers are contractually obligated to use your data only as necessary to provide services to us and are bound by confidentiality obligations.

3.2 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as when you enable CRM integrations or connect third-party applications.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

3.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of EchoLeads, our users, or the public.

4. Voice Recording & AI Call Data

Given that our core service involves AI-powered voice calls, we want to be especially transparent about how call data is handled:

• Recording Consent: Our AI agents can be configured to play a consent disclosure at the beginning of each call, as required by applicable laws. It is your responsibility to ensure that call recording complies with the laws of the jurisdictions in which you operate, including two-party consent requirements.
• Call Transcripts: AI-generated transcripts are stored in your account and accessible through the dashboard. Transcripts are processed using third-party speech-to-text services.
• AI Analysis: Call audio and transcripts may be analyzed by AI to score lead quality, detect sentiment, extract action items, and improve conversation flows.
• Retention: Call recordings and transcripts are retained for the duration specified in your plan or as configured in your account settings. You may delete recordings at any time through the dashboard.
• No Unauthorized Use: We do not use your specific call recordings or customer data to train AI models for other clients without your explicit consent. Anonymized and aggregated data may be used to improve general platform performance.

5. WhatsApp

• WhatsApp Business API: Our WhatsApp integration operates through the official WhatsApp Business API. Message data is subject to Meta's WhatsApp Business Terms and Privacy Policy in addition to this policy.
• Opt-Out Compliance: We provide mechanisms for message recipients to opt out of communications. You are responsible for honoring opt-out requests and complying with applicable anti-spam and telemarketing laws (including TCPA, TRAI DND regulations, and GDPR consent requirements).

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser/app and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls, multi-factor authentication, and least-privilege principles govern internal access to data.
• Infrastructure Security: Our cloud infrastructure includes firewalls, intrusion detection, DDoS protection, and regular security audits.
• Incident Response: We maintain an incident response plan and will notify affected users within 72 hours of discovering a confirmed data breach, as required by applicable law.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

• Account Data: Retained for the duration of your account plus 90 days after account deletion to allow for reactivation or dispute resolution.
• Call Recordings & Transcripts: Retained according to your plan settings. Default retention is 12 months. You may configure shorter retention periods or delete recordings manually.
• Campaign & Lead Data: Retained for the duration of your account. Deleted within 30 days of account termination unless otherwise required by law.
• Usage & Analytics Data: Retained in anonymized/aggregated form for up to 24 months for service improvement.
• Billing Records: Retained for 7 years as required by applicable tax and financial regulations.

8. Cookies & Tracking Technologies

We use the following types of cookies:

Managing Cookies: You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality. We honor "Do Not Track" browser signals for marketing cookies.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

9.1 For All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Export: Request your data in a structured, machine-readable format (data portability).
• Opt-Out: Unsubscribe from marketing communications at any time using the link in our emails or by contacting us.

9.2 Additional Rights Under GDPR (EU/EEA Users)

• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Lodge Complaint: File a complaint with your local data protection authority.

Legal Basis for Processing (GDPR): We process personal data on the following bases: performance of a contract (providing the Services), legitimate interests (improving services, fraud prevention), consent (marketing communications), and compliance with legal obligations.

9.3 Additional Rights Under CCPA (California Residents)

• Know: Request disclosure of data collected, used, and shared in the past 12 months.
• Delete: Request deletion of personal information.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• We Do Not Sell Personal Information as defined under the CCPA.

9.4 Rights Under Indian Data Protection Laws

We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Information Technology Act, 2000 rules. Indian users have the right to access, correct, and erase their personal data. We process personal data based on consent or legitimate uses as defined under the DPDPA.

10. International Data Transfers

EchoLeads is based in India. If you access our Services from outside India, your data may be transferred to and processed in India or other countries where our service providers operate.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

12. Third-Party Links

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may also notify you by email or through an in-app notification. Your continued use of the Services after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us: