Privacy Policy

Last updated: December 2025

This Privacy Policy explains how EchoBridge Admin (a trading name of EchoBridge Holdings Ltd) collects, uses, and protects your personal information when you use EchoBridge Admin (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password, and organisation details when you register.
• Business Data: Client information, cases, tasks, invoices, notes, and files you create within the Service.
• Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store full credit card numbers.
• Communications: Information you provide when contacting support or submitting feedback.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, and interactions with the Service.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies: See Section 5 for details on cookie usage.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and manage subscriptions
• Send important notifications about your account
• Respond to support requests and inquiries
• Analyse usage patterns to improve user experience
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. Data Storage and Security

Your data is stored on infrastructure maintained by a platform with ISO/IEC 27001 and SOC 2 Type II accreditations. Security measures include:

• Encryption in transit
• Access controls managed using least-privilege principles
• Regular backups

While robust security measures are in place at the platform level, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

4. Data Sharing and Third Parties

We may share your information with:

• Service Providers: Third-party companies that help us operate the Service (e.g., hosting, payment processing, analytics).
• Integrations: When you connect third-party services (Xero, QuickBooks, Google Calendar, etc.), data may be shared as necessary for the integration to function.
• Legal Requirements: When required by law, court order, or to protect our rights and safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties.

5. Cookies and Tracking

We use cookies and similar technologies for various purposes. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

The main categories of cookies we use are:

• Essential Cookies: Required for the Service to function (authentication, security).
• Analytics Cookies: To understand how users interact with the Service.
• Preference Cookies: To remember your settings and preferences.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or UK, you have the following rights under GDPR:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Request your data in a portable format.
• Restriction: Request limitation of data processing.
• Objection: Object to certain types of processing.
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@echobridgeadmin.com. We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for a limited period to comply with legal obligations, resolve disputes, or enforce agreements.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. Where international data transfers occur, recognised transfer mechanisms such as Standard Contractual Clauses and the UK Addendum are used where applicable.

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of the Service constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@echobridgeadmin.com