Your memories, handled carefully
Privacy Policy
Echo Notes is designed to be local-first. Your memories remain on your device unless you deliberately use a feature that needs another service, such as optional private backup or Apple speech recognition.
Last updated: 10 July 2026
Privacy at a glance
Echo Notes lets you save written memories, voice recordings, transcripts, photos, people, tags, dates, reminders and related details. The app primarily stores this information locally on your iPhone.
You do not need to create an account to use local features. If you choose to create an account and use private backup, the information included in that backup is sent to our cloud service provider so that it can be restored to your device.
1. Who is responsible for your information?
Echo Notes is the controller of personal information processed for the operation of the Echo Notes app and website.
For privacy questions, requests or complaints, email echo.notes.app@outlook.com.
2. Information we process
| Memories and profile details | Text notes, dates, moods, tags, people or pets, captions, custom prompts, Life Book content, rules and other details that you choose to save. |
|---|---|
| Photos and audio | Images you select or take, voice recordings and related file information. These remain local unless included in an optional cloud backup or deliberately exported. |
| Account information | Your email address, account identifier, authentication information and password-reset records when you choose to create a backup account. We do not receive your readable password. |
| Backup information | The memories, profile data, rules, tags, photos and audio you choose to include in a private cloud backup, together with backup date, entry count and an optional device label. |
| Permissions and settings | Your choices for notifications, Face ID, photos, camera, microphone and speech recognition. iOS controls these permissions. |
| Support correspondence | Information you provide when contacting us, including your email address, message and any diagnostic details or screenshots you voluntarily send. |
| Basic service records | Our hosting and cloud providers may process technical records such as IP address, timestamps, request logs, device/browser information and security events to deliver and protect their services. |
Echo Notes does not intentionally collect precise location, contacts, advertising identifiers, payment-card details or health records through the current app.
3. How we use information
We process information only where needed to:
- save, organise, search, display and export your memories;
- record and play voice notes;
- turn recordings into editable text when you request transcription;
- attach, store and display photos;
- create local reminders and protect the app using Face ID or your device passcode;
- create, maintain, restore or delete an optional private cloud backup;
- create and secure an optional user account;
- respond to support enquiries and resolve technical problems;
- prevent misuse, investigate security incidents and comply with legal obligations; and
- maintain and improve the reliability of the app and website.
We do not sell your personal information. We do not use your memories to build an advertising profile, and we do not permit advertisers to access them.
4. Device permissions
Echo Notes asks for permissions only when a related feature needs them. You can refuse or withdraw a permission through iPhone Settings, although the relevant feature may stop working.
Photos and camera
Used when you choose to select existing photos or take a new photo for a memory. Echo Notes does not browse your photo library without permission.
Microphone
Used to record a voice memory. Recording starts only after you choose the recording feature and grant microphone access.
Speech recognition
Used only when you ask the app to transcribe a voice recording. More information appears in the voice transcription section below.
Face ID
Used to unlock the app when you enable privacy lock. Echo Notes receives only the result of the authentication check, not your facial biometric template. Face ID data is managed by iOS.
Notifications
Used to schedule reminders you create. Current reminders are scheduled locally on the device. Echo Notes does not require marketing push notifications.
5. Optional private cloud backup
Local use does not require an account. When you voluntarily create an account and start a backup, Echo Notes sends the selected backup data to Supabase, our cloud database, authentication and storage provider.
A cloud backup may include:
- your account email address and unique user identifier;
- profile and settings data;
- written memories, tags, people, dates, moods and custom rules;
- photos and audio files attached to backed-up memories; and
- backup metadata such as the date, entry count and optional device label.
The backup feature is intended to keep each user’s information separated using authenticated access controls. No internet-connected system can be guaranteed completely secure, so you should use a strong, unique password and protect access to your email account and device.
You can delete the stored cloud backup from within the app. You can also use the in-app account deletion option, which is designed to delete the Echo Notes account and associated backup data.
6. Voice recording and transcription
Voice recordings are stored locally as part of a memory unless you delete them, exclude the original recording when saving, export them or include them in an optional cloud backup.
When you request transcription, Echo Notes first asks iOS whether on-device speech recognition is available. Where supported, transcription can occur on the device. If on-device recognition is unavailable or fails for a supported reason, the app may retry using Apple’s speech-recognition service. This can require an internet connection and may cause audio or speech data to be processed by Apple under Apple’s terms and privacy information.
Echo Notes receives the resulting transcript and an indication of whether on-device recognition was used. Transcription does not send your recording to a generative-AI provider.
7. Who may receive information?
Information may be processed by:
- Supabase, when you use account, authentication, password reset, cloud backup or restore features;
- Apple and iOS services, when you use App Store distribution, permissions, Face ID, local notifications or speech recognition;
- our website and email providers, when you visit the website or contact support;
- professional advisers or authorities, where reasonably necessary to establish, exercise or defend legal rights, investigate misuse, protect users or comply with law; and
- a successor organisation, if the app or relevant business assets are reorganised or transferred, subject to appropriate safeguards.
Providers process information under their own terms and, where applicable, on our instructions. Some providers may process information outside the United Kingdom. Where UK data-protection law requires it, we rely on an approved transfer mechanism or other applicable safeguard.
8. Our lawful bases
Depending on the context, we rely on the following UK GDPR lawful bases:
- Contract: to provide requested app features, account services, backup and restoration.
- Legitimate interests: to keep the app and website secure, respond to support requests, prevent misuse and improve reliability, provided those interests are not overridden by your rights.
- Consent: where you actively grant optional device permissions or agree to a processing activity for which consent is the appropriate basis. You can withdraw device permissions in iPhone Settings.
- Legal obligation: where processing is necessary to comply with law.
9. How long information is kept
Local memories
Local notes, photos and recordings stay on your device until you delete them, clear the app’s data or uninstall the app. Device backups managed by you or Apple may retain copies separately.
Cloud backup and account
Optional backup data is kept while your backup/account remains active or until you use the relevant deletion feature. Limited records may be retained for a reasonable period where needed for security, fraud prevention, dispute handling, backup cycling or legal compliance.
Support messages
Support correspondence is retained only as long as reasonably necessary to answer the enquiry, maintain service records and deal with related legal or security matters.
We periodically review retained information and aim not to keep identifiable information longer than needed for the purpose for which it was collected.
10. Security
Echo Notes uses measures intended to protect information, including local app storage, iOS permission controls, optional Face ID protection, authenticated cloud access and encrypted network connections used by service providers.
You also play an important role. Keep iOS updated, use a device passcode, enable Face ID where appropriate, use a strong account password and avoid sharing exported Life Books or backup credentials with people who should not see them.
No storage or transmission method is completely secure. Please contact us promptly if you believe your Echo Notes account or information has been compromised.
11. Your data-protection rights
Subject to the circumstances and applicable law, you may have the right to:
- ask for access to personal information we hold about you;
- ask us to correct inaccurate or incomplete information;
- ask us to delete information;
- ask us to restrict processing;
- object to processing based on legitimate interests;
- receive certain information in a portable format;
- withdraw consent where processing relies on consent; and
- complain to a data-protection authority.
Many local records can be viewed, edited, exported or deleted directly in the app. Cloud backup and account deletion controls are also available in the app.
To make a privacy request, email echo.notes.app@outlook.com. We may need to verify your identity before responding.
In the UK, you can also complain to the Information Commissioner’s Office. We would appreciate the opportunity to address your concern first.
12. Children’s privacy
Echo Notes is a general memory and journalling app and is not directed specifically at children. Children should use the app only with the involvement and permission of a parent or guardian where required. Please do not create a cloud account or submit information if you are not legally able to do so in your country.
If you believe a child has provided account information without appropriate permission, contact us so we can review and, where appropriate, remove it.
13. The Echo Notes website and cookies
The Echo Notes website provides information about the app and links to contact or download it. The website’s hosting provider may automatically process standard server logs, such as IP address, browser type, date/time and requested page, for security and delivery.
The current website page does not need advertising cookies. WordPress, embedded media, analytics, security tools or other plugins may set cookies if those features are enabled by the website administrator. Where non-essential cookies are used, an appropriate cookie choice should be provided before they are placed.
Links to third-party websites, including Apple or service-provider pages, are governed by those organisations’ own privacy policies.
14. Changes to this policy
We may update this policy when the app, providers or legal requirements change. The current version will be published on this page with a revised “last updated” date. Where a change is significant, we may provide an additional notice in the app or website.
Questions or requests
Contact Echo Notes
For privacy questions, account deletion support or a request concerning your personal information, contact us by email.
echo.notes.app@outlook.com