Privacy Policy

Effective Date: October 2025
Last Updated: October 9, 2025

This Privacy Policy explains how EchoEcho (“we,” “our,” or “us”) collects, uses, stores, and protects your personal information. We value your privacy and are committed to complying with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Australian Privacy Act 1988 (Cth), and other global privacy standards.

By using our website www.getechoecho.com, our services, or interacting with our communications, you agree to the terms of this Privacy Policy.

1. Who We Are

EchoEcho
Business ID: 3567881-5
Registered Address: Unikkotie 5, Vantaa, Finland, 01300
Email: info@getechoecho.com
Operating locations: Helsinki, Finland and Melbourne, Australia

We provide automation and digital marketing solutions for small businesses, including campaign management, data automation, analytics, and related technology services.

Depending on the activity, EchoEcho may act as either a Data Controller (for our own marketing and communications) or a Data Processor (when handling data on behalf of our clients).

2. Information We Collect

We may collect and process the following categories of personal information:

a. Contact Information – Name, email address, phone number, business name, and role.
b. Payment and Billing Information – When purchasing subscriptions or services (processed securely through third-party providers such as Stripe or Brevo).
c. Website and Technical Data – IP address, browser type, device data, and usage activity via cookies and analytics tools.
d. Marketing and Behavioural Data – Email engagement, campaign interactions, ad preferences, and form responses.
e. Uploaded or Integrated Data – Files, automation inputs, or datasets shared through integrations (e.g., Make.com, HubSpot, Brevo).
f. AI and Automation Data – Information that may occasionally be used by artificial intelligence systems for filtering, adapting, or building internal knowledge bases.
g. Client Data (as Processor) – Data provided by clients to perform marketing automation or campaign management on their behalf.

We do not intentionally collect or process personal data from individuals under the age of 16.

3. How We Collect Information

We collect data through:

  • Direct interactions (forms, email, chat, subscription, or service requests)
  • Automated technologies (cookies, analytics, and automation tools)
  • Payment and billing systems
  • Third-party platforms such as advertising networks (Meta, LinkedIn, Google), CRMs, and automation platforms (Make.com, HubSpot, Brevo)
  • Client-provided data during managed marketing or automation projects

4. How We Use Your Data

We use personal data for the following purposes:

  1. Providing and managing our services – Delivering automation, analytics, and marketing services to you or your business.
  2. Communications and updates – Sending service updates, newsletters, marketing campaigns, and event invitations.
  3. Advertising and marketing – Running digital advertising, retargeting campaigns, and lookalike audiences across ad platforms.
  4. Client campaign management – Managing campaigns or automation systems on behalf of clients (client-owned data is used only for the purpose agreed upon).
  5. Analytics and improvement – Measuring performance, improving our website, tools, and customer experience.
  6. AI and automation training – Occasionally using anonymized or minimally identifiable data to train or optimize our systems.
  7. Legal and compliance – Meeting legal obligations, resolving disputes, and enforcing agreements.

We do not sell or rent personal data to any third party.

5. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your personal data under one or more of the following lawful bases:

  • Consent – When you opt in to communications or cookies.
  • Contract – To deliver services you’ve purchased or requested.
  • Legitimate Interest – For analytics, product improvement, and marketing activities that are proportionate and expected.
  • Legal Obligation – Where necessary to comply with applicable laws.

6. Data Sharing and Disclosure

We may share data with trusted third parties only when necessary to operate our services:

  • Advertising and analytics platforms (e.g., Meta, LinkedIn, Google Ads)
  • Automation and CRM tools (e.g., Make.com, HubSpot, Brevo)
  • Cloud hosting and IT infrastructure providers
  • Payment processors and accounting systems

All such third parties are required to handle your data in compliance with applicable privacy laws and only for the specific purpose of providing their service to us.

We do not currently outsource data processing or allow affiliates or partners to access your data. Cross-border data transfers (for example, between the EU, Australia, or the U.S.) are protected by standard contractual clauses or other recognized safeguards.

7. Data Retention

We retain personal information for up to two (2) years after the end of our relationship or the last interaction, unless a longer period is required by law.
Archived data may be stored securely for recordkeeping or legal purposes before being anonymized or deleted.

8. Data Security

We use appropriate technical and organizational measures to safeguard personal data, including:

  • Encrypted connections (HTTPS)
  • Two-factor authentication (2FA)
  • Password protection and limited access
  • Secure cloud storage and automated backups

Although we take all reasonable precautions, no online system is entirely risk-free, and we cannot guarantee absolute security.

9. Your Rights

Under the GDPR and Australian Privacy Principles, you have the right to:

  • Access the personal data we hold about you
  • Correct or update inaccurate information
  • Request deletion of your data (“right to be forgotten”)
  • Withdraw consent at any time (for marketing or cookies)
  • Export or transfer your data to another provider (data portability)
  • Object to certain processing activities (e.g., direct marketing)

You can exercise these rights by emailing us at info@getechoecho.com.
We will respond within a reasonable timeframe and in accordance with applicable law.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and analyze usage.
In future, we may use additional tracking tools (e.g., Google Analytics, Meta Pixel) for advertising and analytics.

When implemented, users in applicable regions will be able to opt in or withdraw consent through a cookie banner or preference manager.

11. International Data Transfers

As EchoEcho operates globally, your personal data may be transferred and stored in other countries, including the EU, Australia, and the United States.
Where data is transferred outside the EU/EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent measures.

12. Acting as a Data Processor

When providing automation or marketing services for our clients, we may process their customer data strictly under their instructions.
We do not use client-owned data for our own marketing, analytics, or advertising.
Each client remains the Data Controller for their customer information, and EchoEcho acts solely as a Data Processor under a written agreement.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.
The “Effective Date” at the top of this page will indicate when the latest version was published.
Significant updates will be communicated through our website or by email when appropriate.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

EchoEcho
Unikkotie 5
Vantaa, Finland, 01300
Email: info@getechoecho.com

If you are in the EU and believe your privacy rights have been violated, you also have the right to lodge a complaint with your local Data Protection Authority.
In Australia, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

© EchoEcho 2025. All rights reserved.