Important implementation note: replace the example contact email addresses in this template with your real company contact details before publishing. This page is a general operational template and should be reviewed for your exact business structure, data flows, vendors, and legal obligations.
Who we are and what this policy covers
EchoBot provides software that enables clients to centrally manage social media conversations and related account activity, including Messenger interactions, from a unified dashboard.
This policy applies when you visit our website, create or use an EchoBot account, connect an authorized social media Page, communicate with our team, or interact with services operated by EchoBot.
EchoBot is established in Spain. References to “EchoBot,” “we,” “us,” or “our” mean the entity operating the EchoBot platform.
Our role in processing personal data
Depending on the context, EchoBot may act in different data protection roles:
- As a controller, when we process website visitor data, account registration data, billing and support data, security logs, or other information for our own business operations.
- As a processor or service provider, when we process social media data on behalf of a client that has connected its Page or account to EchoBot.
Clients are responsible for ensuring that their use of EchoBot, including their instructions, messages, campaigns, and connected account activities, complies with applicable law and platform rules.
Personal data we may collect
Account information
Name, business name, email address, user role, password-related security data, account preferences, and authentication records.
Connected Page data
Page identifiers, Page profile details, posts, comments, messages, conversation metadata, and authorized performance metrics.
Customer conversation data
Message content, sender information made available through the connected platform, timestamps, tags, assignments, and support status.
Usage and device data
IP address, browser type, device information, pages viewed, feature activity, error events, login history, and security logs.
Support communications
Questions, requests, attachments, feedback, and other information submitted to our support or business teams.
Billing information
Subscription plan, transaction records, invoice information, and limited payment-related details received from payment providers.
Data obtained from connected platforms
After a client grants authorization, EchoBot may access data made available through approved platform APIs and permissions. The exact data depends on the permissions granted, the connected account type, enabled product features, and platform availability.
How we use personal data
We may use personal data to:
- Provide, operate, maintain, and improve the EchoBot platform.
- Display authorized Page information, posts, comments, private messages, and performance information within the client dashboard.
- Enable clients to create and publish content, reply to messages and comments, manage conversations, and review operational reports.
- Authenticate users, administer accounts, manage permissions, and prevent unauthorized access.
- Provide customer support, respond to requests, and communicate service-related information.
- Monitor performance, troubleshoot errors, detect abuse, and protect the security and integrity of the service.
- Meet legal, regulatory, accounting, and compliance obligations.
We do not use connected client data to build unrelated advertising profiles, and we do not sell personal data.
Legal bases for processing
Where applicable under the General Data Protection Regulation and related European data protection laws, we rely on one or more of the following legal bases:
- Performance of a contract, to provide requested services and administer client accounts.
- Legitimate interests, such as securing the platform, preventing fraud, supporting users, improving functionality, and managing our business.
- Consent, where required, including for certain cookies or optional communications.
- Legal obligations, where processing is necessary to comply with applicable law.
How data may be shared
We may disclose limited personal data to the following categories of recipients when necessary:
- Service providers that support hosting, infrastructure, analytics, communications, customer support, security, and payment processing.
- Connected platform providers where data must be exchanged to provide authorized functionality or maintain the connection requested by the client.
- Professional advisers, such as legal, accounting, insurance, or audit providers, subject to appropriate confidentiality obligations.
- Authorities or other parties when required by law, necessary to protect rights or safety, or needed to investigate fraud, abuse, or security incidents.
- Business transaction parties in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate protections.
We do not sell connected social media data or disclose it to third parties for their own unrelated advertising purposes.
International data transfers
EchoBot is based in Spain, but some service providers or connected platform systems may process data in other countries. When personal data is transferred outside the European Economic Area, we use legally recognized safeguards where required, such as adequacy decisions, standard contractual clauses, and additional technical or organizational measures.
Data retention and deletion
We retain personal data only for as long as reasonably necessary to provide the service, maintain security, resolve disputes, meet legal obligations, enforce agreements, and follow documented client instructions.
When a client disconnects a Page or revokes platform authorization, EchoBot will stop accessing the relevant data through that authorization. Associated data will be deleted, returned, anonymized, or retained only where necessary for legal, security, or compliance reasons and in accordance with our agreements and applicable law.
Clients may request deletion of their account data through the contact method listed below. Some backup copies may remain for a limited period before being securely overwritten through normal system processes.
Security measures
We use technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, misuse, alteration, and disclosure. Depending on the service and risk, these measures may include access controls, authentication safeguards, encryption in transit, monitoring, logging, least-privilege practices, backup procedures, and incident response processes.
No online service can guarantee absolute security. Users should protect their login credentials, use strong authentication practices, and notify EchoBot promptly if they suspect unauthorized account activity.
Your data protection rights
Depending on your location and the circumstances, you may have rights regarding your personal data, including:
When EchoBot processes data solely on behalf of a client, we may direct your request to that client or assist the client in responding. We may need to verify your identity before completing a request.
Cookies and similar technologies
Our website and dashboard may use cookies, local storage, pixels, and similar technologies to keep users signed in, maintain preferences, protect the service, understand product usage, diagnose problems, and improve performance.
Typical cookie categories
- Strictly necessary, for authentication, security, session management, and core functionality.
- Preference, to remember language, display, and account settings.
- Analytics, to understand aggregated usage patterns and improve the service, where permitted.
Where required, we will request consent before using non-essential cookies. Users can also manage cookies through browser settings, although disabling certain technologies may affect functionality.
Children’s privacy
EchoBot is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children through our own account registration process. Clients are responsible for configuring and using their messaging activities in accordance with applicable age-related requirements and platform policies.
Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our services, technology, legal obligations, or business practices. When changes are material, we may provide notice through the website, dashboard, or another appropriate channel. The “Effective date” shown at the top indicates when this version became effective.
Contact us
EchoBot
Spain
Privacy inquiries: echobot.privacy@gmail.com
General support: echobot.support@gmail.com
Individuals in the European Union may also have the right to lodge a complaint with their local supervisory authority. In Spain, the national supervisory authority is the Spanish Data Protection Agency.