1. Data We Collect
Account information — email address, display name, and password (hashed) when you create an account.
Story preferences — genre, themes, protagonist details, chapter length preferences, and content settings you configure.
Usage data — chapters read, streaks, engagement events (opens, reads, shares), and session identifiers.
Device and technical data — IP address, browser type, OS, and push notification tokens (if you enable notifications).
Cookie data — essential cookies (required), analytics cookies (optional, consent required), and marketing cookies (optional, consent required).
2. How We Use Your Data
To provide and personalise the EchoPulse service, including generating AI story chapters tailored to your preferences.
To send push notifications when a new chapter is ready (only if you have opted in).
To maintain streaks, rewards, and engagement features.
To improve the service through aggregated, anonymised analytics (only with your consent).
To comply with legal obligations and enforce our Terms of Service.
3. AI-Generated Content
EchoPulse uses OpenAI to generate story content. Your story preferences and chapter prompts are sent to OpenAI's API to produce personalised content. OpenAI processes this data under its own privacy policy.
We do not share personally identifiable information with OpenAI beyond what is embedded in your story configuration (e.g. protagonist name if you provide one).
Generated story content is stored in our database and associated with your account.
4. Third-Party Services
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database, authentication, file storage | supabase.com/privacy |
| OpenAI | AI story generation | openai.com/policies/privacy-policy |
| Vercel | Hosting and deployment | vercel.com/legal/privacy-policy |
5. Data Retention
Account data is retained while your account is active. You may delete your account at any time, which permanently removes your profile, preferences, and story data within 30 days.
Aggregated, anonymised analytics data may be retained indefinitely.
Consent records are retained for 5 years for compliance purposes.
6. Your Rights (GDPR)
If you are in the EU or EEA, you have the right to: access your data, correct inaccuracies, request deletion, restrict or object to processing, and data portability. To exercise these rights, email privacy@echopulse.one.
7. Your Rights (CCPA)
If you are a California resident, you have the right to know what personal information is collected, to delete it, and to opt out of the “sale or sharing” of your personal information. We do not sell personal data. Disabling marketing cookies via our cookie banner is equivalent to exercising your opt-out right.
8. Cookies
We use three categories of cookies: Essential (always on — required for the app to function), Analytics (optional — help us improve the app), and Marketing (optional — personalised content and campaign measurement).
You can manage your cookie preferences at any time using the “Cookie preferences” link in the footer.
9. Security
We use industry-standard security measures including TLS encryption in transit, bcrypt password hashing, Supabase Row Level Security, and access controls. No method of transmission over the internet is 100% secure.
10. Contact
For privacy questions or to exercise your rights, contact us at privacy@echopulse.one.