Privacy Policy
Last updated: June 3, 2026
1. Who we are
EchoSphere Notes is operated by Empowerment Support Group LLC ("we", "us", "our"), the data controller for personal data processed through this service. Contact us at the email address listed in your account or via our support channels.
2. Data we collect
- Account data — name, email, login credentials, professional credentials (e.g. license number).
- Client and session content — audio recordings, transcripts, clinical notes, and metadata you create or upload.
- Usage data — device identifiers, IP address, log data, and telemetry needed to operate and secure the service.
- Support communications — messages you send us.
- Billing data — payment data is collected and processed by Paddle (see Section 5). We receive only subscription status, plan, and the last four digits / expiry of the payment method.
3. Purposes and legal basis
- Providing the service (contract performance) — account creation, transcription, note generation, storage.
- Security and fraud prevention (legitimate interest) — abuse detection, audit logs.
- Product improvement (legitimate interest) — aggregated, de-identified usage analytics.
- Customer support (legitimate interest / contract performance).
- Legal compliance (legal obligation) — tax, accounting, responding to lawful requests.
4. AI processing
Audio you submit is transcribed and summarized by third-party large language model providers on our behalf. Content is sent solely to produce your transcript and notes and is not used by those providers to train their models under our processing agreements.
5. Data sharing
- Service providers / subprocessors — hosting, database, AI inference, error monitoring, email delivery.
- Merchant of Record — Paddle.com Market Limited acts as the reseller and Merchant of Record for all orders. Paddle handles payment processing, billing, sales tax, refunds, and invoicing. See Paddle's privacy notice at paddle.com/legal/privacy.
- Professional advisers — legal, accounting, where strictly necessary.
- Authorities — where required by applicable law.
We do not sell personal data.
6. Data retention
We retain account data while your account is active and for a reasonable period afterward to meet legal, tax, and audit obligations. You may delete sessions, clients, and your account at any time; deletion removes the underlying records, although backups are purged on our normal rotation cycle. Billing records held by Paddle are retained per Paddle's policies.
7. Security
We use industry-standard technical and organizational measures including encryption in transit, encryption at rest, role-based access controls, and audit logging. No system is perfectly secure; you are responsible for safeguarding your credentials.
8. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to or withdraw consent for certain processing. EU/UK residents also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us at the support address in your account; we respond within 30 days.
9. International transfers
We may transfer data to service providers located outside your country, including the United States. Where required, transfers are protected by Standard Contractual Clauses or equivalent safeguards.
10. Cookies
We use only cookies essential to authenticate your session and operate the service. We do not use third-party advertising or marketing cookies.
11. Children
The service is not directed to children under 16 and we do not knowingly collect their data.
12. Changes
We may update this notice from time to time. Material changes will be communicated in-app or by email.