echo.

Privacy policy · last reviewed April 2026 · placeholder pending legal review

Privacy at Echo

This page describes our privacy posture while Echo is in private beta. It will be replaced by a legally-reviewed policy before general availability. Nothing here is legal advice.

What we collect — and what we deliberately don't

Echo is built on a principle of minimum necessary data. When you sign up as a therapist, we store your name, work email, practice name, jurisdiction, license number, and hashed password. Nothing else.

When you add a client to Echo, we store only what Echo needs to function: a display name (your choice — a first name is fine), an age range, a presenting issue, and the clinical configuration you provide (treatment goals, coping strategies, crisis keywords, tone).

We do not collect the client's legal name, date of birth, address, phone number, email address, insurance, or any record you would keep in your EHR. Those belong in your EHR.

How we use it

We use your data to run the service: authenticate you, show your dashboard, route messages between your clients and Echo, and surface alerts and analytics to you. That's it.

We do not sell data. We do not serve ads. We do not train general models on your conversations.

Who can see what

You can see your own practice's data. No other therapist can see your clients, conversations, or alerts. This is enforced in the database with row-level security, not just in the application code.

Your clients see only their own conversation with Echo. They cannot see your dashboard, your other clients, or any administrative surface. They consent to therapist oversight at the beginning of the first chat.

Where it lives

Data is stored on Supabase (PostgreSQL), encrypted at rest and in transit (TLS 1.3). Anthropic provides the underlying language model for Echo's responses; messages are sent to Anthropic at request-time under their API agreement and are not retained for model training.

Before general availability we will execute Business Associate Agreements (BAAs) with all sub-processors who handle protected health information.

Retention

By default, messages are retained for 90 days from the date of the conversation. You can change this in Settings (phase 2). You can export or delete a client's data at any time.

Crisis handling

If a client's message contains language Echo recognizes as a crisis indicator, Echo responds with a fixed safety template (referring the client to 988 in the US or local emergency services) and flags the conversation to you. This response is not generated by the AI; it is a pre-written, reviewed message.

Contact

Questions: privacy@echoforever.life.

Privacy — Echo