Privacy Notice

Last updated: 5/27/2026

1. Who we are

Marie Lorraine Gerard Services ("we", "us") operates Echo (the "Service") and is the data controller for personal data processed in connection with the Service.

2. Data we collect

• Account data — name, email, login credentials, profile photo.
• Content data — workspaces, brand voice samples, drafts and posts you create, prompts and outputs from AI features.
• Usage & telemetry — feature usage, AI generation counts, page views, performance metrics.
• Device & technical data — IP address, browser type, device identifiers, log data.
• Support data — messages you send us through support channels.

Payment data (card details, billing address) is collected directly by our Merchant of Record, Paddle, and is not stored by us.

3. Why we use it

• Provide the Service — create your account, run AI generations, save your content. (Legal basis: contract.)
• Security & fraud prevention — protect accounts and the Service. (Legal basis: legitimate interests.)
• Product improvement & analytics — understand usage to improve features. (Legal basis: legitimate interests.)
• Customer support — respond to your questions. (Legal basis: contract / legitimate interests.)
• Legal compliance — meet tax, accounting, and regulatory obligations. (Legal basis: legal obligation.)
• Marketing — only with your consent where required. (Legal basis: consent.)

4. Who we share it with

• Service providers / subprocessors — hosting, database, AI model providers, analytics, customer support tooling.
• Paddle — our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
• Professional advisers — legal, accounting, and audit firms when required.
• Authorities — where required by law or to protect rights and safety.

5. International transfers

Where personal data is transferred outside your country (including to the UK/EEA or from it), we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep personal data only for as long as needed for the purposes above, to comply with legal obligations, or to resolve disputes. When no longer needed, data is deleted or anonymised. You can delete your account at any time from the in-app settings.

7. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, to withdraw consent, and to lodge a complaint with your local supervisory authority. For UK/EEA users, GDPR rights apply and we will respond within one month. To exercise any right, contact us through the in-app support channel.

8. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and audit logging — to protect personal data. No system is perfectly secure, but we work hard to keep yours safe.

9. Cookies

We use essential cookies required to run the Service (e.g. authentication) and may use limited analytics cookies to understand usage. You can manage cookies through your browser settings.

10. Changes

We may update this Notice from time to time. Material changes will be notified in-app or by email.

11. Contact

Questions about this Notice or your data? Contact us through the in-app support channel.