Contact Sales
Solutions API Platform About Compliance Client Login Contact Sales

Privacy Policy

Your privacy matters. Learn how EchoComm collects, uses, and protects your information.

Effective Date: January 1, 2026  |  Last Updated: March 1, 2026

This Privacy Policy ("Policy") explains how ECHOTEXT LTD ("EchoComm," "we," "us," or "our"), a company incorporated in England and Wales under company number 15890472, collects, uses, stores, and protects information when you visit our website at cloud.echotext.net or use our cloud communications services (collectively, the "Services").

We are committed to protecting the privacy of our clients, website visitors, and the end consumers whose communications may be routed through our platform. This Policy is designed to comply with the UK Data Protection Act 2018, the General Data Protection Regulation (EU GDPR / UK GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

1.1 Business Contact Information

When you register for an account, submit a contact form, or communicate with our sales team, we collect:

  • Full name, job title, and work email address
  • Company name, business registration details, and address
  • Phone number
  • Billing information (processed by secure third-party payment processors)

1.2 KYB Verification Data

As part of our Know Your Business (KYB) compliance process, we may collect:

  • Government-issued identification of authorized representatives
  • Business registration certificates and articles of incorporation
  • Proof of address documentation
  • Descriptions of intended service use cases

1.3 Service Usage Data

When you use our platform, we automatically collect:

  • API access logs including request timestamps, endpoints accessed, and response codes
  • Number provisioning and release records
  • Call detail records (CDRs) including call duration, source number, and destination number
  • SMS metadata including timestamps, message counts, and delivery status (message content is not stored beyond delivery)
  • Webhook delivery logs

1.4 Website Analytics

When you visit our website, we may collect:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time spent, and referral sources
  • Cookie identifiers (see Section 7 below)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Provisioning numbers, routing communications, and delivering the Services as contracted
  • Account Management: Managing your account, processing payments, and providing customer support
  • Compliance: Fulfilling our KYC/KYB obligations and complying with applicable telecommunications regulations
  • Security: Detecting and preventing fraud, abuse, and unauthorized access to our platform
  • Platform Improvement: Analyzing usage patterns to improve service reliability, performance, and features
  • Communication: Sending service notifications, billing alerts, and important updates about the platform

We do not use your information for unsolicited marketing purposes, nor do we sell your personal data to third parties.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to perform our contract with you (service delivery, billing)
  • Legal Obligation: Processing required to comply with applicable laws and regulations (KYB verification, fraud prevention, telecommunications compliance)
  • Legitimate Interests: Processing necessary for our legitimate business interests (platform security, service improvement), balanced against your privacy rights
  • Consent: Where you have given explicit consent (e.g., for website cookies)

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Service Providers: With trusted third-party vendors who assist in delivering our Services (e.g., payment processors, hosting providers), bound by strict data protection agreements
  • Carrier Partners: With upstream telecommunications carriers to the extent necessary for number provisioning and call/SMS routing
  • Legal Requirements: When required by law, regulation, subpoena, court order, or governmental request
  • Fraud Prevention: When necessary to investigate, prevent, or take action regarding suspected fraud, AUP violations, or threats to network security
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to applicable privacy commitments

5. Data Retention

We retain data only as long as necessary for the purposes described in this Policy:

  • Account Data: Retained for the duration of your account plus 2 years after termination
  • KYB Verification Data: Retained for 5 years after account closure as required by anti-money laundering regulations
  • Call Detail Records: Retained for 90 days, then automatically deleted
  • SMS Metadata: Retained for 90 days, then automatically deleted (SMS message content is not stored)
  • API Access Logs: Retained for 12 months for security and debugging purposes
  • Website Analytics: Aggregated analytics data is retained indefinitely; individual-level data is deleted after 26 months

6. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) with multi-factor authentication for all internal systems
  • Audit Logging: Comprehensive logging of all data access and system operations
  • Infrastructure Security: Hosted on industry-leading cloud infrastructure with security practices aligned to SOC 2 principles and regular penetration testing
  • Incident Response: Documented incident response procedures with mandatory breach notification within 72 hours as required by GDPR

7. Cookies

Our website uses the following types of cookies:

  • Strictly Necessary Cookies: Essential for website functionality (e.g., session management, cookie consent preferences). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website. We use these to improve site performance and user experience.

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to access the website, but may limit certain analytics functionality.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1 GDPR Rights (EEA/UK Residents)

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests

8.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected and how it is used
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to opt out of the sale of personal information (note: we do not sell personal information)

To exercise any of these rights, please contact our Data Protection Officer at privacy@echotext.net. We will respond to verified requests within 30 days.

9. International Data Transfers

Your data may be processed in the United Kingdom, European Economic Area, and the United States. When transferring personal data outside of the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where available.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to registered clients via email and posted on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically.

12. Contact Information

For privacy-related inquiries, data subject requests, or complaints, please contact:

Data Protection Officer
ECHOTEXT LTD
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Email: privacy@echotext.net

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.