Privacy Policy

Last Updated: November 6, 2024

1. Introduction

Welcome to EchoTavern ("we," "us," or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI character voice chat application (the "Service"), available through our website and mobile applications.

By using EchoTavern, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Email address, username, display name, and password (encrypted)
  • Profile Information: Profile picture, age verification status, content preferences
  • Payment Information: Payment details processed through Stripe (we do not store full credit card numbers)
  • User-Generated Content: AI character profiles, prompts, descriptions, and images you create or upload

2.2 Audio and Voice Data

  • Voice Recordings: Audio input during voice conversations with AI characters
  • Custom Voice Data: Voice samples you upload for custom voice creation features
  • Voice Processing: Temporary audio data processed for speech-to-text and text-to-speech conversion

2.3 Automatically Collected Information

  • Device Information: Device type, operating system, browser type, and version
  • Usage Data: Features used, characters interacted with, session duration, and conversation history
  • Log Data: IP address, timestamps, and error logs
  • Analytics Data: Collected via Google Analytics and Vercel Analytics for service improvement
  • Cookies and Tracking: Session cookies, authentication tokens, and preference cookies

2.4 Authentication Data

  • Firebase Authentication: Account credentials and authentication tokens
  • Google Sign-In: Name, email, and profile picture from your Google account (if you choose to sign in with Google)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve AI character voice chat functionality
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Voice Processing: To convert speech to text, generate AI responses, and synthesize voice output
  • Personalization: To customize your experience, remember your preferences, and show relevant characters
  • Subscription Management: To process payments, manage subscription plans, and send billing notifications
  • Analytics and Improvement: To analyze usage patterns, improve Service performance, and develop new features
  • Security: To detect, prevent, and address fraud, abuse, technical issues, and security incidents
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service
  • Communications: To send service updates, technical notices, and respond to your inquiries

4. Data Storage and Retention

Storage Locations:

  • Firebase Cloud Firestore (user data and character information)
  • Firebase Cloud Storage (images, profile pictures, voice samples)
  • Secure cloud servers in Europe (audio processing and AI inference)

Retention Periods:

  • Account Data: Retained until account deletion or 3 years of inactivity
  • Voice Recordings: Processed in real-time and not permanently stored unless explicitly saved by you
  • Conversation Logs: Retained for 90 days for service improvement, then deleted
  • Payment Records: Retained for 7 years as required by financial regulations
  • Analytics Data: Anonymized and retained for up to 24 months

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

  • Firebase/Google Cloud: Cloud infrastructure and authentication services
  • Stripe: Payment processing for subscriptions
  • Google Analytics: Usage analytics and service improvement
  • Vercel: Hosting and analytics services

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

  • Comply with legal processes and law enforcement requests
  • Protect our rights, property, or safety, and that of our users
  • Prevent fraud or illegal activities
  • Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide choices regarding your information.

5.4 Public Information

Characters you create and mark as "public" will be visible to other users. This includes character names, descriptions, images, and personality traits. Do not include personal information in public characters.

6. Your Rights and Choices

6.1 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request limitation of processing of your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing of your data for specific purposes
  • Withdraw Consent: Withdraw consent for data processing at any time

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information we hold about you
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: support@echotavern.ai
  • Or through your account settings in the app

We will respond to your request within 30 days (or as required by applicable law).

6.4 Account Deletion

You can delete your account at any time through the app settings. Account deletion will permanently remove your personal information, though some data may be retained for legal compliance purposes.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with Firebase and OAuth 2.0
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for internal systems
  • Secure payment processing through PCI-DSS compliant Stripe

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze usage patterns and improve our Service
  • Measure advertising effectiveness (if applicable)

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

9. Children's Privacy

EchoTavern is intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

Our Service includes age verification mechanisms, particularly for access to mature (NSFW) content.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers
  • Compliance with GDPR requirements for international transfers

By using our Service, you consent to the transfer of your information to our facilities and service providers located worldwide.

11. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. California "Do Not Track" Disclosure

EchoTavern does not currently respond to "Do Not Track" signals from browsers. We may allow third parties to collect personal information through our Service for analytics purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)
  • Displaying an in-app notification

Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.

15. Legal Basis for Processing (GDPR)

For users in the EEA, we process your personal data based on the following legal grounds:

  • Consent: You have given explicit consent for specific processing activities
  • Contract Performance: Processing is necessary to provide the Service you requested
  • Legal Obligation: Processing is required to comply with applicable laws
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, service improvement)

© 2024 EchoTavern. All rights reserved.

Terms of ServiceBack to Home