Privacy Policy
TrueEcho · Effective: March 1, 2026 · Last updated: April 28, 2026
TrueEcho ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and what choices you have. By using TrueEcho, you agree to the practices described below.
We will never sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes. Your data is used solely to operate and improve TrueEcho for you.
1. Information We Collect
Account and Sign-In Information
When you create or use a TrueEcho account, we may process account identifiers and credentials such as your Firebase UID, email address, phone number, display name, sign-in provider, and account metadata. Depending on the login method you choose, this may include email/password, email OTP, phone OTP, phone password, or Google sign-in information.
Reading Content and History
We process the questions you submit, divination inputs, generated hexagrams, AI-generated interpretations, and related history records. This information may be stored locally on your device and, when you are signed in, in our backend systems including Firebase Firestore so it can appear in your account history.
Purchase and Membership Data
If you purchase or restore a subscription or other paid entitlement, we and our payment service providers may process your Firebase UID, app user identifier, entitlement status, transaction or receipt data, and subscription state. We do not receive or store your full payment card details.
Support, Feedback, and Operational Communications
If you contact us, send feedback, request help, or receive one-time verification messages, we may process the information you provide, including your email address, phone number, message content, and related support metadata.
Analytics and Device Data
If you consent to analytics, we use Mixpanel to collect product usage events such as app opens, screen views, feature usage, and interaction events, along with technical context like app language, device/browser type, and app version. We also process standard device and technical metadata needed for service reliability, fraud prevention, and debugging.
Local Device Storage
TrueEcho uses browser or app storage such as localStorage, sessionStorage, and IndexedDB to store app state, cached history, onboarding progress, consent state, temporary auth/session artifacts, and free-tier usage counters on your device.
2. How We Use Your Information
- To provide, operate, secure, and maintain the TrueEcho service
- To authenticate you and support account login, recovery, and account-linking flows
- To generate readings, save and display your history, and sync relevant account data
- To verify subscriptions, restore purchases, and unlock premium features
- To send verification codes, support replies, and service communications
- To analyze product usage where consent has been given and improve the app
- To detect, prevent, investigate, or respond to fraud, abuse, misuse, or security incidents
- To comply with legal obligations and enforce our terms and policies
3. Third-Party Service Providers
We use the following third-party services to operate TrueEcho. Each acts as a data processor and is bound by its own privacy policies and applicable data protection law. We do not permit any provider to use your data for their own independent purposes.
| Provider | Purpose | Data Processed |
|---|---|---|
| Google Firebase | Authentication, account identity, and cloud data storage | Firebase UID, email, phone number, display name, account metadata, reading history, and related account records |
| RevenueCat | Subscription management and in-app purchase validation | App user identifier, Firebase UID linkage, purchase receipts, transaction metadata, and subscription status |
| Mixpanel | Product analytics, only after analytics consent is granted | Event data, technical usage metadata, device/browser type, app language, and app version |
| AI Service Provider | Generating I Ching interpretations from your divination input | Your question text, divination inputs, and derived analysis context needed to generate a response |
| Twilio | Phone verification and OTP delivery | Phone number, verification status, and OTP delivery metadata |
| Resend / Mailgun / Brevo | Email verification and support email delivery | Email address, message content, delivery metadata, and verification email content |
| Apple App Store / Google Play | Storefront billing and in-app purchase processing | Store transaction data and subscription state; payment credentials are handled by Apple or Google, not by us |
4. Data Retention
We keep account, reading, purchase, and support data for as long as it is reasonably necessary to operate the service, maintain your account, provide history and purchase functionality, prevent abuse, resolve disputes, and comply with legal obligations.
Local device data remains on your device until it is cleared by the app, by you, or by your browser or operating system. In the current product flow, the in-app "Delete Account" action deletes your Firebase authentication account, clears local session data on the device, and removes core backend account records tied to that account such as cloud reading history, usage state, saved phone-password login profile, and related account-operation profile data.
Some records may still be retained where reasonably necessary, including purchase, billing, anti-fraud, security, audit, support, or legal-compliance records. If you want additional deletion review for remaining support-side or operational records, contact us at [email protected]. We will review and handle requests subject to technical, fraud-prevention, accounting, and legal retention needs.
5. Children's Privacy
TrueEcho is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
6. International Data Transfers
Your data may be processed in countries other than your own (including the United States) by our service providers. We ensure that appropriate safeguards are in place in accordance with applicable data protection laws.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
- Access — request information about the personal data we hold about you
- Deletion — delete your authentication account in-app and request additional record deletion from us where applicable
- Correction — request correction of inaccurate account data
- Analytics choice — decline or withdraw analytics consent where available in the app experience
- Data portability — request an export where technically feasible
- No sale / no sharing for others' marketing — we do not sell, rent, or trade your personal data to third parties for their own marketing purposes
California residents and other users with local privacy rights may contact us to exercise applicable rights. We may need to verify your identity before acting on a request.
To exercise any right, contact us at [email protected].
8. Security
We use reasonable administrative, technical, and organizational safeguards, including encrypted transport (such as HTTPS/TLS), access controls, and backend-managed cloud storage rules. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via an in-app notice or by updating the "Last updated" date at the top of this page. Continued use of TrueEcho after changes take effect constitutes your acceptance of the revised policy.
10. Contact Us
For privacy questions, requests, or concerns:
[email protected]