Privacy Policy

Last updated: 21 May 2026

These terms apply to all visitors, registered users, and customers of EchoClip.ai.

1. Overview

Atlas Ridge Holdings and Developments, Co., trading as EchoClip.ai ("EchoClip", "we", "us", "our"), is committed to protecting your privacy. This Privacy Policy ("Policy") explains what personal information we collect when you use EchoClip.ai ("Service"), how we use it, who we share it with, and the choices you have.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please stop using the Service and contact us to delete your data.

This Policy applies to all users of the Service, including visitors, registered users, and customers. It does not apply to third-party services integrated with EchoClip, each of which has its own privacy policy.

2. Information We Collect

We collect information in three ways: information you give us directly, information collected automatically, and information from third parties.

Information You Provide Directly: • Account information: name, email address, and password (stored as a secure hash — we never store plain-text passwords). • Profile information: display name, avatar, and optional biography. • Payment information: billing address and payment method details. All payment processing is handled by Stripe. We never store full card numbers, CVVs, or other sensitive financial data. • Communications: messages you send us, including support requests and feedback. • User Content: videos, images, text, captions, and any other content you upload to or create through the Service.

Information Collected Automatically: • Usage data: pages visited, features used, clicks, session duration, timestamps, and user interactions. • Device and browser information: IP address, browser type and version, operating system, device identifiers, and time zone. • Log data: server logs, error reports, and diagnostic information. • Cookies and tracking technologies (see Section 9 for details).

Information From Third Parties: • If you sign in using a third-party provider (e.g., Google), we receive basic profile information (name, email, profile picture) as permitted by your authorisation. • If you connect social media accounts (YouTube, Instagram, TikTok, X, Threads, Pinterest), we receive account information, access tokens, and analytics data relevant to the publishing and tracking features you use.

3. How We Use Your Information

We do not sell your personal information to third parties, and we never will. Your data is used solely to provide, maintain, and improve the Service.

We use your information for the following purposes:

Service Delivery: To create and manage your account, process payments, provide customer support, and deliver the features of the Service you request.

AI Processing: Your User Content (videos, prompts, text) is processed by AI models to generate outputs such as clips, captions, and generated video. This processing is performed solely on your behalf.

Communications: To send transactional emails (account confirmation, password resets, receipts), product updates, and service announcements. You may opt out of marketing communications at any time.

Security & Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.

Product Improvement: Aggregated and anonymised usage data is used to understand how the Service is used and to improve its features and performance. We do not use your identifiable personal data to train AI models without your explicit consent.

Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

Business Operations: For internal analytics, auditing, and maintaining the security and integrity of the Service.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

Service Providers (Subprocessors): We work with trusted third-party service providers who assist us in operating the Service. These providers access your information only as necessary to perform their functions and are contractually obligated to protect it. Our current key subprocessors are: • Supabase Inc. — database, authentication, and file storage (US / EU regions) • Stripe, Inc. — payment processing and subscription billing (US) • Railway Corp. — backend compute and hosting (US) • Vercel Inc. — marketing site and frontend hosting (US) • fal.ai (Features and Labels, Inc.) — AI image and video generation (US) • OpenAI, L.L.C. and other AI model providers — text generation, captioning, and AI reasoning where applicable (US) • Resend, Inc. — transactional email delivery (US) • Cloudflare, Inc. — CDN, DNS, and DDoS protection (Global)

We maintain this list as our active subprocessor register. If we add, remove, or replace a subprocessor that materially affects how your data is processed, we will update this Policy and, where required by law, notify you in advance.

Social Media Platforms: When you connect and use social publishing features, we share the content you choose to publish with the relevant platforms (YouTube, Instagram, TikTok, X, Threads, Pinterest) on your behalf.

Legal Requirements: We may disclose your information if required by law, regulation, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful request.

Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of all or part of our business, your information may be transferred as part of that transaction. We will notify you of any such change and the choices available to you.

With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using TLS (Transport Layer Security) • Encryption of data at rest • Secure password hashing (bcrypt or equivalent) • Access controls limiting employee access to personal data • Regular security reviews and audits • Incident response procedures

However, no method of data transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You acknowledge and accept this risk.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users as required by applicable law.

6. Connected Social Accounts

When you connect a social media account to EchoClip, you authorise us to access certain data from that platform as permitted by your authorisation grant. Specifically:

• We store OAuth access tokens and refresh tokens, encrypted at rest, to enable posting and analytics on your behalf. • We access only the permissions necessary for the features you use. For example, posting requires write access; analytics requires read access to insights. • We do not access your private messages, contacts, follower lists, or data unrelated to our publishing and tracking features. • You can revoke our access at any time by: (a) disconnecting the account in your EchoClip settings, or (b) revoking the authorisation directly on the social platform.

Each social platform's own terms and privacy policies apply to data they hold about you. We recommend reviewing those policies.

7. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide you the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where: • We are legally required to retain certain records (e.g., financial transaction records for tax purposes, which may be retained for up to 7 years). • The data is necessary to resolve an outstanding dispute or enforce an agreement. • Anonymised or aggregated data may be retained indefinitely for analytics and product improvement.

User Content (uploaded videos, generated clips) will be deleted from our active storage within 30 days of account deletion. Some residual copies may persist in backup systems for up to 90 days before being overwritten.

8. Your Rights

You have meaningful control over your personal data. Exercise any of these rights by emailing privacy@echoclip.ai.

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

Right of Access & Portability: You may request a machine-readable copy of the personal data we hold about you. You can exercise this right yourself at any time from Settings → Privacy & data → "Download my data" in the EchoClip app; the download is a JSON archive of your profile, billing history, AI generations, clips, social posts, and references to every stored media file we hold on your behalf.

Right to Rectification: You may correct inaccurate or incomplete personal data yourself in Settings → General → Account (display name, email, password). For other fields, email privacy@echoclip.ai.

Right to Erasure ('Right to Be Forgotten'): You may permanently delete your EchoClip account yourself at any time from Settings → Privacy & data → "Delete my account". The deletion cancels any active subscription, removes your data from our active systems within minutes, and overwrites residual copies in encrypted backups within 90 days. We retain a minimal audit record (request id, timestamp, action) to demonstrate compliance — that record contains no personal content.

Right to Restriction: You may request that we restrict the processing of your personal data under certain circumstances. Email privacy@echoclip.ai.

Right to Object: You may object to the processing of your personal data for direct marketing purposes (by clicking unsubscribe in any marketing email or by emailing privacy@echoclip.ai), or on grounds relating to your particular situation.

Right to Withdraw Consent: Where processing is based on your consent (e.g. non-essential cookies), you may withdraw that consent at any time without affecting the lawfulness of prior processing. Adjust your cookie choices at echoclip.ai/cookies.

Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection authority.

For any of the above that cannot be handled self-serve, contact us at privacy@echoclip.ai. We will respond within 30 days. We may need to verify your identity before fulfilling your request. We reserve the right to deny requests that are manifestly unfounded, excessive, or repetitive.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (such as local storage and session storage) to operate and improve the Service.

Essential Cookies: Strictly necessary for the Service to function. They include authentication tokens, session identifiers, and security cookies. These cannot be disabled.

Analytics Cookies: Help us understand how users interact with the Service, such as which pages are most visited, error rates, and session durations. We use these to improve the Service.

Functional Cookies: Remember your preferences, such as language settings and UI configurations.

You may control non-essential cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

We do not use advertising cookies or sell your cookie data to advertisers.

10. International Data Transfers

EchoClip is operated from South Africa. Our infrastructure providers (Supabase, Railway, Vercel) may process and store data on servers located in various countries, including the United States and European Union member states.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your home country. We take reasonable steps to ensure that your data is treated securely and in accordance with this Policy, regardless of where it is processed.

Where we transfer personal data outside the EEA or other regions with comparable protections, we rely on appropriate transfer mechanisms including standard contractual clauses or adequacy decisions.

11. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use the Service or submit any personal information.

If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 16, please contact us at privacy@echoclip.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated Policy at echoclip.ai/privacy with a revised "Last Updated" date. • Sending an email notification to your registered address (for significant changes). • Displaying a notice in the Service.

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not accept the changes, you must stop using the Service and may request deletion of your data.

We encourage you to review this Policy periodically.

13. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy enquiries: privacy@echoclip.ai General contact: hello@echoclip.ai Website: https://echoclip.ai/contact

We aim to respond to all privacy-related enquiries within 30 days. For urgent matters, please indicate "URGENT" in your email subject line.