Privacy Policy

Effective Date: December 11, 2025

1. Introduction

Haider Nawaz, operating as an individual proprietor ("we," "us," or "our"), operates the Echo Designs website located at echodesigns.space (the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

Contact Information:

• Email: privacy@echodesigns.space

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, full name, password (encrypted)
• Profile Information: Profile picture (if using Google Sign-In)
• User Content: Templates, mockups, artwork you create
• Payment Information: Processed securely by Paddle (we do not store payment details)

2.2 Automatically Collected Information

• Usage Data: Templates viewed, favorites, export history
• Analytics Data: We use Mixpanel to understand feature usage and improve the Service. Mixpanel may collect usage events (such as templates viewed, exports, and button clicks), device/browser information, and approximate location derived from IP. We do not share your password or payment details with Mixpanel.
• Technical Data: Browser type, device type, IP address
• Cookies: Authentication tokens, session management

2.3 Information from Third Parties

• Google OAuth: Name, email, profile picture (if you sign in with Google)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your subscriptions and manage credits
• Send transactional emails (account updates, export completions)
• Send product updates, tips, and offers (you can opt out anytime)
• Improve and personalize the Service
• Detect and prevent fraud and security issues
• Comply with legal obligations

We do not sell your personal information to third parties.

4. Data Storage and Security

• Storage: Your data is stored securely on Supabase (AWS infrastructure)
• Encryption: All data is encrypted in transit (SSL/TLS) and at rest
• Access Controls: Strict access controls limit who can access your data
• Retention: We retain your data while your account is active. You can request deletion at any time.

5. Third-Party Services

We use the following third-party services:

• Supabase: Database, authentication, file storage
  Supabase Privacy Policy
• Paddle: Payment processing
  Paddle Privacy Policy
• Google OAuth: Optional authentication
  Google Privacy Policy
• Mixpanel: Product analytics to help us improve Echo Designs
  Mixpanel Privacy Policy

These services have their own privacy policies governing their use of your information.

6. Your Rights

You have the right to:

6.1 Access and Portability

• Request a copy of your personal data
• Export your templates and projects

6.2 Correction

• Update your profile information anytime
• Correct inaccurate data

6.3 Deletion

• Delete your account and all associated data
• We will permanently delete your data within 30 days

6.4 Opt-Out

• Unsubscribe from marketing emails at any time using the unsubscribe link in the email

To exercise these rights, email us at privacy@echodesigns.space

GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority

CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to know what data we collect
• Right to opt-out of data sale (we do not sell data)
• Right to non-discrimination for exercising your rights

7. Cookies and Tracking

We use cookies for:

• Authentication: Keep you logged in
• Preferences: Remember your settings
• Security: Detect suspicious activity

You can disable cookies in your browser, but this may limit functionality.

We use first-party cookies and Mixpanel's tracking technologies for analytics. We do not use third-party advertising cookies.

8. Data Sharing

We do not sell or rent your personal information.

We may share your information only with:

• Service Providers: Supabase, Paddle (as needed to provide the Service)
• Legal Requirements: If required by law or to protect our rights

Your public templates (approved templates in the gallery) are visible to all users by design.

9. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us.

10. International Users

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending an email.

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

• Email: privacy@echodesigns.space
• Response Time: We aim to respond within 48 hours

This Privacy Policy is effective as of December 11, 2025 and governs your use of Echo Designs.