Privacy Policy
Effective Date: February 26, 2026
1. Information We Collect
Email Registration
Email address, password (encrypted), nickname
Entered directly by the user
Social Login (Google, Apple)
Social account unique ID, email address, nickname, profile photo URL
Automatically collected via social login provider
During Service Use
Device token (for push notifications), device identifier, profile image
Auto-generated or registered directly by user
※ Echoo does not collect sensitive personal information such as national ID numbers, credit card details, or financial account information.
2. How We Use Your Information
- Member management: user identification, login authentication, account management
- Service delivery: sending and receiving messages, operating chat rooms
- Notifications: sending push notifications when new messages arrive
- Service improvement: responding to errors and improving service quality
3. Message Data Processing
Echoo applies end-to-end encryption (E2EE) technology. Message content is not stored on servers.
Only message metadata (sender, chat room, timestamp, message type) is stored on the server.
Actual conversation content is encrypted and stored only on each user's device.
4. Data Retention and Deletion
Member informationDeleted immediately upon withdrawal
Message metadataDeleted immediately upon withdrawal
Media filesAuto-deleted 30 days after transmission
Offline message queueAuto-deleted upon receipt or after 7 days
Device tokensDeleted immediately upon withdrawal
Upon account deletion, all personal data is immediately destroyed. Re-registration with the same account is possible.
5. Third-Party Disclosure
Echoo does not share personal information with third parties. Exceptions include:
- When the user has given prior consent
- When required by law or requested by investigative authorities
6. Third-Party Service Providers
Expo (Expo.dev)Push notification delivery
Google LLCSocial login authentication
Apple Inc.Social login authentication
7. Your Rights
You may exercise the following rights at any time:
- Access: View your information in the app's profile screen.
- Correction: Update your nickname, profile photo, and status message in the app.
- Deletion: Delete your account from the profile screen; all data is deleted immediately.
- Biometric settings: Enable or disable Face ID/Touch ID in app settings.
8. Security Measures
- Passwords are encrypted using the bcrypt algorithm.
- All communications are protected with HTTPS (TLS) encryption.
- Messages use end-to-end encryption (E2EE); even Echoo servers cannot read content.
- Authentication tokens are stored in the device's secure storage.
- Encryption keys are managed only on each device and are never sent to the server.
9. Cookies and Tracking
As a mobile app, Echoo does not use web cookies and does not collect data
for behavioral tracking or advertising purposes.
10. Contact
For privacy-related inquiries, please contact us and we will respond promptly.
11. Policy Updates
This policy is effective from the date shown above. Any additions, deletions, or
corrections will be announced in the app at least 7 days prior to taking effect.