EchoAI
PricingAssistantsIntegrations
Get Started

Privacy Policy

Last updated: March 31, 2026

1. Data Controller

Intersync Kft.
Registered office: 1021 Budapest, Huvosvolgy ut 32., Hungary
Tax number: 32451696-2-43
Contact: support@echoaichat.com

2. Data Collected

EchoAI processes the following personal data:

  • Registration data: name, email address (via Google OAuth through the Clerk authentication service)
  • Organization data: organization name, members, roles
  • Uploaded content: documents, text, URLs that users provide for building the knowledge base
  • Usage data: page visits, clicks, usage patterns (PostHog analytics)
  • Chat data: conversations with the AI assistant

3. Purpose and Legal Basis of Processing

  • Service provision — operating the platform and providing AI assistants (legal basis: performance of contract)
  • Product development — improving user experience based on anonymized usage data (legal basis: legitimate interest)
  • Communication — contacting users regarding service-related matters (legal basis: performance of contract)
  • Billing — processing payment transactions through Stripe (legal basis: legal obligation)

4. Data Processors

We use the following third-party service providers:

  • Clerk — authentication and user management (USA, SOC 2 certified)
  • OpenAI — AI language models (USA, under data processing agreement)
  • Stripe — payment processing (USA/EU, PCI DSS certified)
  • Railway — infrastructure and hosting (USA)
  • PostHog — product analytics (EU)
  • Weaviate — vector search and knowledge base storage (EU)

5. Data Transfers

We do not sell, trade, or transfer personal data to third parties for marketing purposes. Data transfers occur only to the data processors listed above, to the extent necessary to provide the service.

Transfers of data outside the EU (to the USA) are conducted under the European Commission's adequacy decisions or Standard Contractual Clauses (SCCs).

6. Data Retention

  • Account data: retained for the duration of the account; permanently deleted within 30 days of account deletion
  • Uploaded content: can be deleted by the user at any time; automatically deleted upon account deletion
  • Chat history: can be deleted by the user at any time
  • Billing data: retained for the period required by law (8 years)
  • Usage analytics: in anonymized form, indefinitely

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: you may request information about the data we process
  • Right to rectification: you may request correction of your data
  • Right to erasure: you may request deletion of your data
  • Right to data portability: you may request your data in a machine-readable format
  • Right to object: you may object to processing based on legitimate interest
  • Right to restriction: you may request restriction of processing

You may exercise your rights by contacting support@echoaichat.com. We will respond to requests within 30 days.

8. Data Security

To protect data, we use encrypted communication (TLS/HTTPS), access management, and regular security reviews. Data is stored in secure cloud infrastructure.

9. Supervisory Authority

If you believe your data protection rights have been violated, you may file a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

  • Website: naih.hu
  • Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
  • Email: ugyfelszolgalat@naih.hu

10. Amendments

Changes to this Privacy Policy will be published on this page. In case of material changes, users will also be notified via email.