Privacy Policy

Hey Echo ("Hey Echo", "we", "our", or "us") provides a conversational interview and survey platform that helps organizations collect structured feedback through AI-guided conversations. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our services.

Information We Collect

We may collect the following categories of information:

Account Information

For administrators and authorized users:

  • Name

  • Email address

  • Organization name

  • Account credentials and authentication data


Participant Information

Information provided by the client organization for engagement administration, including:

  • Name

  • Email address

  • Mobile phone number

  • Employee ID or other custom participant fields

  • Department, role, or organizational information


Survey & Interview Data

Information collected during participation in an engagement, including:

  • Survey responses

  • Conversation transcripts

  • Voice recordings and transcriptions

  • Session activity and completion status

  • AI-generated summaries and insights

Technical Information

Information collected automatically when using the platform, including:

  • IP address

  • Device and browser information

  • Session identifiers

  • Cookies and similar technologies

  • Usage and diagnostic data


How We Use Information

We use information to:

  • Deliver and administer surveys, interviews, and research engagements

  • Authenticate users and maintain account security

  • Generate reports, summaries, and insights for client organizations

  • Send invitations, reminders, and engagement-related communications

  • Improve platform performance and reliability

  • Comply with legal obligations and enforce our terms


We do not sell personal information or participant data.


SMS Communications

Hey Echo may send SMS messages to participants when requested by a client organization.

These messages may include:

  • Interview invitations

  • Authentication or verification codes

  • Engagement reminders

  • Participation status updates


SMS Consent

Participants receive SMS communications only when a client organization has provided a mobile number for engagement-related communications and has obtained any required permissions or consent.

Message Frequency

Message frequency varies based on the engagement and participation status. Participants may receive multiple reminders during an active engagement.

Opt-Out

Participants may opt out of SMS communications at any time by replying:

STOP

After opting out, no further SMS messages will be sent unless re-enrollment occurs through a subsequent engagement or consent process.

Help

Participants may reply:

HELP

for assistance or contact:

privacy@heyecho.ai

Fees

Message and data rates may apply according to the participant's mobile carrier plan.

Data Sharing

Mobile phone numbers and SMS consent information are used solely for engagement-related communications.

SMS consent and phone numbers are not sold, rented, or shared with third parties for marketing purposes.

Third-Party Service Providers

We use trusted service providers to operate our platform, including:

  • Supabase (authentication and database infrastructure)

  • OpenAI (AI-powered analysis and synthesis)

  • AssemblyAI (voice transcription)

  • Twilio (SMS delivery and communications)

  • Resend (email delivery)

  • Vercel (application hosting and infrastructure)


These providers process data only as necessary to provide their services and are subject to their own privacy and security obligations.

Data Ownership

Survey content, participant responses, transcripts, and generated reports belong to the client organization that created the engagement.

Hey Echo acts as a service provider and processes
data on behalf of the client organization.

Data Retention

We retain information:

  • For the duration of the client engagement

  • As required by contractual obligations

  • As necessary to comply with legal requirements

  • As needed to maintain security, auditing, and backup processes


Data may be deleted upon request, subject to applicable contractual and legal obligations.

Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information, including:

  • Encryption in transit

  • Role-based access controls

  • Multi-tenant data isolation

  • Authentication and authorization controls

  • Security monitoring and logging

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information

  • Correct inaccurate information

  • Request deletion of personal information

  • Restrict or object to certain processing activities

  • Receive a copy of your information where applicable

Requests should be directed to your organization's administrator or to the contact information below.

Contact

Questions regarding this Privacy Policy or our privacy practices may be directed to:

privacy@heyecho.ai

The most important addition from a Twilio compliance perspective is this sentence:

SMS consent and phone numbers are not sold, rented, or shared with third parties for marketing purposes.

Many carriers and messaging providers now specifically look for language like this when reviewing A2P messaging programs.