← Back to Home
Home For Businesses Support Community Guidelines Terms of Service Merchant Terms
Your Data
“What we collect and why.”
Your Data

Privacy Policy.

Last Updated · April 19, 2026

We are committed to protecting your privacy. This policy explains how EchoPulse collects, uses, stores, shares, and protects your personal information when you use our app. By creating an account or using EchoPulse, you agree to the practices described here.

01

Information We Collect.

1.1Information You Provide Directly

Account Information

When you create an EchoPulse account, we collect your email address, display name, username (your unique @handle), and password (stored securely by Firebase Authentication).

Profile Information

You may choose to provide additional profile details, including bio text, location (city or region), profile photo, and custom profile banner image.

Content You Create

When you use the App, you may create and share photos and images, videos (including edited video content), text posts and review captions, Whisper ratings, business and freelancer tags, comments, replies, group chat messages, direct messages, and emoji reactions.

Merchant Account Information

If you apply to become a Verified Merchant (Verified Business or Verified Freelancer), we collect two categories of information:

Public Merchant Profile Information — the details displayed on your public merchant profile: business or service provider name, category, description, city and state or service area, business phone number, business email, website, and linked social media profiles. You control which of these are made public during the Merchant onboarding process.

Verification Information — collected solely to verify your identity and the legitimacy of your business:

  • Full legal name
  • Business type (Business or Freelancer / Individual)
  • Your role with the business (owner, officer, authorized employee, or independent professional)
  • Photo of a government-issued photo ID (driver's license, passport, or national ID card)
  • Photo of a business verification document (one of: business license or permit, tax filing, utility bill showing the business name and address, articles of incorporation, or professional certification such as a contractor or realtor license)
  • Attestation that the information provided is accurate and that you are authorized to represent the business

Verification Information is handled according to the rules described in Section 6.

1.2Information Collected Automatically

Device Information

We collect your push notification token (Expo Push Token), used solely to deliver push notifications, and device type, used to determine push notification compatibility.

Usage and Behavioral Data

We collect data about how you interact with the App, including likes, saves, and reactions; follow actions; search queries; post view counts and feed scroll behavior; category selections and browsing patterns; session frequency and session length; conversation activity (message timestamps, read receipts); and feature interactions such as screens visited and posting frequency. This behavioral data is used for analytics and product improvement as described in Section 4.

1.3Information Collected with Your Permission

Location Data

GPS coordinates are collected only when you explicitly grant location permission. Location data is used for the Nearby discovery feature and for tagging a location on your posts. You can revoke location permission at any time through your device settings.

Camera and Photo Library

Access to your camera and photo library is requested only when you choose to create a post, send a photo in a message, or update your profile photo. We do not access your camera or photo library without your action.

02

How We Use Your Information.

We use the information we collect for the following purposes:

  • Providing the Service: to operate EchoPulse, display your profile, show your content in feeds, enable messaging, and power search and discovery features
  • Authentication: to verify your identity, manage your account, and maintain session security
  • Push Notifications: to send you notifications about activity relevant to your account
  • Location-Based Features: to show you nearby content and display location tags on posts, only when you have granted location permission
  • Analytics and Product Improvement: to understand how users interact with features, measure retention, and understand usage patterns
  • Content Delivery and Processing: to upload, store, process, and serve your photos and videos through our media hosting provider
  • Safety and Security: to detect and prevent fraud, abuse, and violations of our Terms, including accessing message content where necessary for abuse investigation
  • Merchant Features: to power Merchant profiles, verified badges, review response functionality, and sponsored content placement
  • Monetization and Advertising: to deliver sponsored posts in the feed and to support current and future monetization features as described in Section 7

We do not sell your personal information to third parties. We do not use your data for third-party advertising outside of the EchoPulse platform.

03

How We Store & Protect.

3.1Data Storage

Your data is stored using the following services:

  • Firebase (by Google): account information, profile data, posts, comments, messages, follows, likes, saves, merchant profiles, and all other app data are stored in Google Cloud Firestore. Authentication credentials are managed by Firebase Authentication.
  • Cloudinary: photos, videos, profile images, and banner images you upload are stored and processed by Cloudinary.

3.2Data Security

We take reasonable measures to protect your data, including HTTPS encryption in transit, Firebase Authentication for credential management, and Firestore security rules configured to control data access. While we strive to protect your information, no method of electronic transmission or storage is completely secure.

04

Analytics & Tracking.

4.1Firebase Analytics

We use Firebase Analytics (by Google) to collect data about how users interact with the App. Firebase Analytics automatically tracks events such as app opens, session length, and screen views. We also log custom events specific to EchoPulse, including post creation details, category selections, search queries, reactions, merchant profile views, onboarding completion, and first post creation. Firebase Analytics data is subject to Google's Privacy Policy.

4.2Additional Analytics Tools

We may use additional third-party analytics tools, such as Mixpanel, to analyze user behavior, measure retention, and understand user segments. Any such tools receive only usage and behavioral data and do not receive your name, email address, or other directly identifying information beyond an anonymized user identifier.

4.3Automated Systems and Feed Ranking

EchoPulse uses automated systems, including algorithmic ranking and recommendation technology, to determine which content appears in your feed and which posts and businesses are surfaced in search results. These systems use your activity data, location, and category preferences to personalize your experience. You acknowledge that content ranking is determined algorithmically and that EchoPulse does not guarantee the visibility of any specific content.

4.4User Segments

We may classify users into behavioral segments (for example, new users, active users, or users who have not returned after signing up) for the purpose of improving the App experience, sending relevant notifications, and understanding platform health. This classification is based on your usage patterns and is used internally only.

4.5Internal Reporting

We generate internal reports summarizing platform activity such as weekly summaries of new sign-ups, post volume, and user retention. These reports use aggregated and anonymized data and do not identify individual users.

05

Third-Party Services.

EchoPulse uses the following third-party services to operate. Each service receives only the data necessary for its function:

ServicePurpose
Firebase (Google)User authentication, database storage, server-side Cloud Functions, analytics, and encrypted storage of merchant verification documents (with access restricted to authorized EchoPulse administrators only)
CloudinaryMedia storage, processing, and delivery
ExpoPush notification delivery and app build services
Google OAuthOptional sign-in using your Google account. When you sign in with Google, we receive your name, email address, and profile photo. We do not receive your Google password.
Analytics ProvidersUsage analytics and behavioral data analysis — these providers receive anonymized usage event data only

5.1Other Sharing

We do not share your personal information with any other third parties except: for legal compliance (if required by law, regulation, or governmental request); for safety and abuse investigation (if we believe disclosure is necessary to protect the rights, safety, or property of EchoPulse, our users, or the public); or in connection with a business transfer (merger, acquisition, or sale of assets).

06

Merchant Data & Verification.

6.1Public Merchant Profile Information

The information you submit for your public Merchant profile — business name, category, description, service area, and any contact information you choose to make public — will be visible to other users of the App. You control which contact details are made public during the Merchant onboarding process. Merchant responses to reviews are permanently associated with your Merchant account and visible on the relevant review.

6.2Verification Documents

When you apply to become a Verified Merchant, we collect and review sensitive information: a photo of your government-issued ID, a selfie taken at the time of application for identity matching, and a photo of a business verification document. We handle this information as follows:

Purpose limitation. Verification Information is used solely to verify your identity and the legitimacy of your business. We do not use it for advertising, profiling, or any purpose unrelated to verification.

Storage. Documents are uploaded directly to Firebase Storage and encrypted at rest. Access is restricted through Firebase Storage security rules to authorized EchoPulse administrative personnel only.

Access. Only designated EchoPulse administrators with a verified business need can access verification documents. We maintain an access log of document review activity.

Retention. We retain verification documents for no longer than 30 days after we have completed our review and communicated a decision to you. After this period, verification documents are permanently deleted from our systems. The fact that your account was verified (or rejected) is retained as long as your account is active, but the underlying documents are not.

If your application is rejected. Documents submitted with a rejected application are deleted within 30 days of the rejection decision.

If you later lose Verified Merchant status or delete your account. Any verification documents still held at the time (for example, during an active re-review) are deleted within 30 days. Your verification status is removed from your profile immediately.

No sharing. We do not share your Verification Information with other users, advertisers, or any third party, except where required by law or where disclosure is necessary to investigate suspected fraud.

Legal basis. We process this information to fulfill our obligation to operate a trustworthy platform, to prevent fraudulent business claims, and to protect our users. By submitting verification documents, you consent to this processing.

6.3Review Timeline and Status

When you submit a verification application, your account will display an "Under Review" status visible only to you. We aim to complete reviews within 7 business days, though some applications may take longer.

If your application is approved, your profile will display the Verified Merchant badge and gain associated merchant privileges. If your application is rejected, we will notify you by email and in-app, typically including the reason to help you understand how to address the issue. You may re-apply after a 30-day cooldown period.

6.4Maintaining Verified Status

Once approved, Verified Merchant status does not expire automatically. However, we may revoke verified status based on the following signals:

User reports. If users report your business as permanently closed, fraudulent, or misrepresenting the actual business, and the volume of reports crosses a threshold, your account will be flagged for administrator review.

Material changes to your business. If you edit core business information — business name, primary address, or business category — the change requires administrator re-review before it appears on your public profile. Your existing Verified Merchant badge remains active during this re-review.

Violations. We may revoke verified status for violations of our Terms of Service, Community Guidelines, or other material misconduct.

Account closure. Verified status is removed immediately if you delete your account.

6.5Mutual Exclusivity with EchoPro

A single account cannot hold both Verified Merchant status and EchoPro (Trusted Community Reviewer) status simultaneously. If you are approved as a Verified Merchant, any existing EchoPro status on your account will be automatically revoked. If you are an EchoPro member and later become a Verified Merchant, your EchoPro privileges will end on the date of merchant approval. This prevents conflicts of interest between reviewers and business representatives.

6.6Reports You Submit About Merchants

When you submit a report about a Verified Merchant (e.g., reporting a business as permanently closed), we collect the report reason, any details you provide, your user ID, and the timestamp. This information is used to review the reported merchant. Your identity as a reporter is visible to EchoPulse administrators but is not disclosed to the reported merchant. We may rate-limit reports to prevent abuse.

08

Push Notifications.

Push notifications are enabled by default when you create an account and grant notification permission. You can turn push notifications on or off at any time using the toggle in the App's Settings screen. Push notification payloads may include the sender's name and a preview of the relevant content.

09

Location Data.

EchoPulse requests access to your device's GPS location only for the Nearby discovery feature and for tagging a location on posts. Your live location is not continuously tracked or stored on our servers. When you tag a location on a post, the place name and coordinates are stored as part of that post. You can revoke location permission at any time through your device's system settings.

10

Your Rights & Choices.

  • Access: You can view your profile information, posts, messages, and activity at any time within the App.
  • Edit: You can edit your profile information, posts, and Merchant profile through the App at any time.
  • Delete Account: You can delete your account through the Settings screen. If you wish to ensure all associated content and media is fully removed, please contact us at privacy@echopulseapp.com. Messages you have sent in conversations will remain visible to other participants after your account is deleted.
  • Data Portability: If you would like a copy of your personal data in a portable format, please contact us at privacy@echopulseapp.com.
  • Notifications: You can opt out of push notifications at any time via the Settings screen.
  • Location: You can revoke location access at any time through your device settings.
  • Post Visibility: You can set each post to public, followers-only, or private visibility and change this setting at any time by editing the post.
  • Verification Document Access: If you have submitted verification documents, you have the right to request a copy of the documents we hold, or to request their early deletion before the 30-day retention period expires. Contact privacy@echopulseapp.com.
  • Report Your Concerns: If you believe a Verified Merchant is misrepresenting themselves, is no longer operating, or is violating our community standards, you can report them through the in-app report feature. See Section 6.6 for how we handle these reports.
11

Children's Privacy & COPPA.

EchoPulse is not directed to children under the age of 13 and does not knowingly collect personal information from children under 13. If we discover or are notified that an account belongs to a child under 13, we will immediately delete that account and all associated data without notice. If you are a parent or guardian and believe that your child under 13 has created an account or provided personal information to EchoPulse, please contact us immediately at privacy@echopulseapp.com.

12

Data Retention.

  • Account Data: retained for as long as your account is active
  • Content: posts, comments, and media files are retained until you delete them or your account
  • Usage and Behavioral Data: retained for as long as your account is active and for a limited period thereafter for analytical purposes
  • Merchant Data: retained for as long as your Merchant account is active
  • After Account Deletion: authentication credentials and user profile will be deleted. Some data may persist in backups or in aggregated/anonymized form for a limited period. Media files stored on Cloudinary will be deleted upon request.
  • Messages: messages you have sent will remain visible to other conversation participants after your account is deleted, as they are part of shared conversation records
  • Verification Documents: retained no longer than 30 days after a verification decision has been communicated, then permanently deleted. Verification status itself (approved or rejected) is retained in account records as long as your account is active.
  • Merchant Reports: retained for 12 months from submission, then archived in anonymized form for platform-integrity purposes.
  • Admin Access Logs for Verification: retained for 24 months for audit and compliance purposes, then deleted.
13

Cookies & Tracking.

EchoPulse is a native mobile application. We do not use cookies or browser-based tracking technologies. Within the App, we use Firebase Analytics and may use additional analytics SDKs as described in Section 4. We do not use third-party advertising trackers.

14

Changes to This Policy.

We may update this Privacy Policy from time to time. When we make changes, the "Last Updated" date at the top of this document will be revised. For significant changes, we will make reasonable efforts to notify you through the App. Your continued use of EchoPulse after changes are posted constitutes your acceptance of the updated policy.

15

Contact Us.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at privacy@echopulseapp.com.

This Privacy Policy applies to the EchoPulse mobile application available on iOS and Android.

See also: Merchant Terms of Service · Terms of Service