Privacy and data protection

Privacy Policy

This Privacy Policy explains how EchoBot, a SaaS platform based in Spain, collects, uses, stores, shares, and protects personal data when clients use our website, dashboard, Messenger automation tools, and related services.

Effective date: 17 July 2026Controller location: SpainApplies to EchoBot services
i

Important implementation note: replace the example contact email addresses in this template with your real company contact details before publishing. This page is a general operational template and should be reviewed for your exact business structure, data flows, vendors, and legal obligations.

Section 01

Who we are and what this policy covers

EchoBot provides software that enables clients to centrally manage social media conversations and related account activity, including Messenger interactions, from a unified dashboard.

This policy applies when you visit our website, create or use an EchoBot account, connect an authorized social media Page, communicate with our team, or interact with services operated by EchoBot.

EchoBot is established in Spain. References to “EchoBot,” “we,” “us,” or “our” mean the entity operating the EchoBot platform.

Section 02

Our role in processing personal data

Depending on the context, EchoBot may act in different data protection roles:

  • As a controller, when we process website visitor data, account registration data, billing and support data, security logs, or other information for our own business operations.
  • As a processor or service provider, when we process social media data on behalf of a client that has connected its Page or account to EchoBot.

Clients are responsible for ensuring that their use of EchoBot, including their instructions, messages, campaigns, and connected account activities, complies with applicable law and platform rules.

Section 03

Personal data we may collect

Account information

Name, business name, email address, user role, password-related security data, account preferences, and authentication records.

Connected Page data

Page identifiers, Page profile details, posts, comments, messages, conversation metadata, and authorized performance metrics.

Customer conversation data

Message content, sender information made available through the connected platform, timestamps, tags, assignments, and support status.

Usage and device data

IP address, browser type, device information, pages viewed, feature activity, error events, login history, and security logs.

Support communications

Questions, requests, attachments, feedback, and other information submitted to our support or business teams.

Billing information

Subscription plan, transaction records, invoice information, and limited payment-related details received from payment providers.

Data obtained from connected platforms

After a client grants authorization, EchoBot may access data made available through approved platform APIs and permissions. The exact data depends on the permissions granted, the connected account type, enabled product features, and platform availability.

Section 04

How we use personal data

We may use personal data to:

  • Provide, operate, maintain, and improve the EchoBot platform.
  • Display authorized Page information, posts, comments, private messages, and performance information within the client dashboard.
  • Enable clients to create and publish content, reply to messages and comments, manage conversations, and review operational reports.
  • Authenticate users, administer accounts, manage permissions, and prevent unauthorized access.
  • Provide customer support, respond to requests, and communicate service-related information.
  • Monitor performance, troubleshoot errors, detect abuse, and protect the security and integrity of the service.
  • Meet legal, regulatory, accounting, and compliance obligations.

We do not use connected client data to build unrelated advertising profiles, and we do not sell personal data.

Section 06

How data may be shared

We may disclose limited personal data to the following categories of recipients when necessary:

  • Service providers that support hosting, infrastructure, analytics, communications, customer support, security, and payment processing.
  • Connected platform providers where data must be exchanged to provide authorized functionality or maintain the connection requested by the client.
  • Professional advisers, such as legal, accounting, insurance, or audit providers, subject to appropriate confidentiality obligations.
  • Authorities or other parties when required by law, necessary to protect rights or safety, or needed to investigate fraud, abuse, or security incidents.
  • Business transaction parties in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate protections.

We do not sell connected social media data or disclose it to third parties for their own unrelated advertising purposes.

Section 07

International data transfers

EchoBot is based in Spain, but some service providers or connected platform systems may process data in other countries. When personal data is transferred outside the European Economic Area, we use legally recognized safeguards where required, such as adequacy decisions, standard contractual clauses, and additional technical or organizational measures.

Section 08

Data retention and deletion

We retain personal data only for as long as reasonably necessary to provide the service, maintain security, resolve disputes, meet legal obligations, enforce agreements, and follow documented client instructions.

When a client disconnects a Page or revokes platform authorization, EchoBot will stop accessing the relevant data through that authorization. Associated data will be deleted, returned, anonymized, or retained only where necessary for legal, security, or compliance reasons and in accordance with our agreements and applicable law.

Clients may request deletion of their account data through the contact method listed below. Some backup copies may remain for a limited period before being securely overwritten through normal system processes.

Section 09

Security measures

We use technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, misuse, alteration, and disclosure. Depending on the service and risk, these measures may include access controls, authentication safeguards, encryption in transit, monitoring, logging, least-privilege practices, backup procedures, and incident response processes.

No online service can guarantee absolute security. Users should protect their login credentials, use strong authentication practices, and notify EchoBot promptly if they suspect unauthorized account activity.

Section 10

Your data protection rights

Depending on your location and the circumstances, you may have rights regarding your personal data, including:

AccessRequest information about the personal data we process.
CorrectionAsk us to correct inaccurate or incomplete information.
DeletionRequest deletion where the legal requirements are met.
RestrictionAsk us to limit certain processing activities.
PortabilityReceive eligible data in a structured, commonly used format.
ObjectionObject to certain processing based on legitimate interests.
Withdraw consentWithdraw consent where consent is the legal basis.
ComplaintContact the competent data protection authority.
Human reviewRequest information about qualifying automated decisions, if applicable.

When EchoBot processes data solely on behalf of a client, we may direct your request to that client or assist the client in responding. We may need to verify your identity before completing a request.

Section 11

Cookies and similar technologies

Our website and dashboard may use cookies, local storage, pixels, and similar technologies to keep users signed in, maintain preferences, protect the service, understand product usage, diagnose problems, and improve performance.

Typical cookie categories

  • Strictly necessary, for authentication, security, session management, and core functionality.
  • Preference, to remember language, display, and account settings.
  • Analytics, to understand aggregated usage patterns and improve the service, where permitted.

Where required, we will request consent before using non-essential cookies. Users can also manage cookies through browser settings, although disabling certain technologies may affect functionality.

Section 12

Children’s privacy

EchoBot is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children through our own account registration process. Clients are responsible for configuring and using their messaging activities in accordance with applicable age-related requirements and platform policies.

Section 13

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our services, technology, legal obligations, or business practices. When changes are material, we may provide notice through the website, dashboard, or another appropriate channel. The “Effective date” shown at the top indicates when this version became effective.

Section 14

Contact us

EchoBot

Spain

Privacy inquiries: echobot.privacy@gmail.com

General support: echobot.support@gmail.com

Individuals in the European Union may also have the right to lodge a complaint with their local supervisory authority. In Spain, the national supervisory authority is the Spanish Data Protection Agency.