Privacy Policy

Last updated: March 3, 2026

Echive ("Echive", "we", "us", or "our") values your privacy deeply. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Echive app and related services (collectively, the "Service").

Echive is built around private archives, intentional sharing, and trust. We do not sell your personal data to any third party.

1. What Data We Collect

1.1 Account Information

Echive supports sign-in exclusively via Google Sign-In and Apple Sign-In. No email and password registration is offered. When you authenticate, we receive the following information from your chosen identity provider:

• • Full name
• • Email address

This information is used solely to create and identify your Echive account. Your authentication session is stored securely in your device's encrypted keychain using Apple's Keychain Services — not in plain device storage.

Google's handling of your data is governed by Google's Privacy Policy (policies.google.com/privacy). Apple's handling is governed by Apple's Privacy Policy (apple.com/legal/privacy).

1.2 Profile & Content Data

When you use Echive, you may provide:

• • Display name (your public name within the app)
• • Profile avatar image (optional)
• • Archive names and descriptions
• • Echo content: audio recordings, voice messages, and text entries
• • Speaker names and avatars for non-user participants in an Echo
• • Invitations you send to other users
• • Comments and mentions within Echoes

Profile avatar images and speaker avatar images are uploaded to and stored in Echive's cloud storage. We do not listen to or analyse your audio content for advertising or AI training purposes.

1.3 Push Notification Token

If you grant permission for push notifications, your device generates an Expo push notification token. We store this token in our database linked to your account. It is used exclusively to deliver activity-related notifications to your device, such as:

• • New Echoes in your archives
• • Comments and replies on your Echoes
• • Mentions of you in Echoes or comments

Your push token is never used for advertising and is deleted when your account is deleted.

1.4 Automatically Collected Technical Data

We may collect limited technical data, such as:

• • Device type and operating system
• • App version
• • Anonymous usage events (e.g. feature interactions)
• • Crash and error logs

This data is used only to improve stability, performance, and user experience.

2. How We Use Your Data

We use your data to:

• • Authenticate and identify your account
• • Provide and operate the Service
• • Store and play back your Echoes
• • Enable shared archives and invitations
• • Deliver push notifications for activity you are involved in
• • Secure your account and prevent abuse
• • Improve features and usability
• • Communicate important service updates

We do not:

• • Sell your personal data to any third party
• • Run third-party advertising or ad targeting
• • Use your audio content for AI model training without your explicit consent

3. Legal Basis for Processing (GDPR)

Echive is based in Sweden and subject to the General Data Protection Regulation (GDPR). We process your personal data on the following legal bases:

• • Contractual necessity – to provide the Service you have signed up for
• • Consent – for audio recordings, push notifications, avatar uploads, and other optional features
• • Legitimate interest – for security, reliability, and product improvement
• • Legal obligations – when required by applicable law

4. Sharing & Third-Party Services

4.1 With Other Users (You Control This)

Content is shared only with people you explicitly invite to an archive. If you add content to a shared archive, other participants may access it according to the archive's permissions.

4.2 Third-Party Service Providers

We use the following trusted third-party providers to operate the Service:

• • Google (authentication) – your sign-in is processed by Google. See policies.google.com/privacy.
• • Apple (authentication) – your sign-in is processed by Apple. See apple.com/legal/privacy.
• • Supabase (backend infrastructure, database, and file storage) – your account data, content, and uploaded files are stored on Supabase's cloud infrastructure. See supabase.com/privacy.
• • Expo (push notification delivery) – your push notification token is processed by Expo's infrastructure to deliver notifications to your device. See expo.dev/privacy.

Audio playback in the app uses react-native-track-player, which operates entirely on your device. No audio data is transmitted through this library.

All service providers are contractually required to protect your data and may not use it for their own purposes.

4.3 Legal Requirements

We may disclose data if required by law or to protect the safety, rights, or property of Echive or its users.

5. Data Storage & Security

We take reasonable technical and organisational measures to protect your data, including:

• • Encrypted connections (HTTPS/TLS) for all data in transit
• • Authentication sessions stored in your device's encrypted keychain (not plain storage)
• • Secure cloud storage infrastructure (Supabase)
• • Access controls limiting who can read your data

However, no system is 100% secure. You use the Service at your own risk.

6. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

• • Access your personal data
• • Correct inaccurate data
• • Delete your account and all associated content
• • Export your data (data portability)
• • Withdraw consent at any time
• • Object to certain processing activities

To request complete deletion of your account and all associated data, email hello@echiveapp.com with the subject line "Data Deletion Request". We will process your request within 30 days.

For all other privacy enquiries or rights requests, contact us at hello@echiveapp.com.

7. Data Retention

We retain your data:

• • For as long as your account is active
• • For as long as necessary to provide the Service

When you delete your account or submit a data deletion request:

• • Your personal data and content will be deleted within 30 days
• • Your push notification token will be deleted immediately
• • Backup copies may persist for up to 90 days before being fully purged

8. Children's Privacy

Echive is not intended for children under 13.

We do not knowingly collect personal data from children. If you believe a child has used the Service, contact us at hello@echiveapp.com and we will delete the data promptly.

9. International Data Transfers

Echive is based in Sweden (European Union). Your data may be processed on infrastructure located in the EU and/or the United States (via Supabase and Expo).

When data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms.

10. Cookies & Tracking

Echive uses minimal tracking.

We do not use:

• • Third-party advertising cookies
• • Cross-app tracking for ads

Any analytics used are privacy-focused and anonymised where possible.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are significant:

• • We will notify you in the app or via email
• • Continued use of the Service after the update constitutes acceptance of the revised policy

12. Contact Us

If you have questions or requests regarding this Privacy Policy or your personal data: