EchoIQ

Privacy Policy

Effective: July 11, 2026Version 1.2
1

Introduction

This policy explains how EchoIQ handles your data and describes your responsibilities and rights, including region-specific rights under the EU/UK GDPR, the India Digital Personal Data Protection Act 2023 (DPDP), and applicable United States laws.
2

Data Controller

Verdeshell Technologies Private Limited (Pleisys) is the data controller for account, billing and analytics data. For meeting content that you record and upload, you (or your organisation) are the controller and EchoIQ acts as your processor. Contact privacy@pleisys.com.
3

Data We Collect

  • Account info
  • Conversation data (audio, transcripts, summaries)
  • Usage data
  • Payment and tax data
4

How We Use Data

  • Service delivery
  • Security
  • Communication
5

Recording Consent and Your Responsibilities

EchoIQ lets you record conversations in two ways: Mic mode (your device microphone) and Meeting Mode (your microphone plus the audio of an online meeting, which includes remote participants). You are responsible for recording lawfully. Recording laws differ by region: many jurisdictions require you to notify everyone and obtain their consent before recording. In several United States states (for example California, Florida, Illinois, Maryland, Massachusetts, Pennsylvania and Washington) all parties must consent to the recording of a private conversation, and similar all-party rules apply in parts of the European Union. Before you record, EchoIQ asks you to confirm that you have notified everyone and obtained any consent required in your region; for Meeting Mode this confirmation is requested for each session.
  • You must notify participants and obtain any consent required by law before recording
  • Meeting Mode captures remote participants - take extra care in all-party-consent regions
  • We record your in-app consent confirmation for accountability
  • You are responsible for how you use recordings and their outputs
6

Third Parties and Sub-processors

We share the minimum data necessary with vetted sub-processors who act only on our instructions under data processing agreements. Our current sub-processors are:
  • AssemblyAI (USA) - speech-to-text transcription of your audio
  • Anthropic / Claude (USA) - AI summaries, action items and topics from transcripts
  • Amazon Web Services (AWS) - encrypted audio and file storage (Mumbai, ap-south-1), transactional email (SES) and SMS (SNS)
  • Google Firebase Cloud Messaging (USA) and Apple APNs (USA) - mobile push notifications
  • Stripe (USA) - international card payments
  • Razorpay (India) - payments in Indian Rupees
  • Sentry (USA) - error monitoring, with request bodies and personal data scrubbed before transmission
  • Contabo (Germany) - infrastructure hosting for the application and database
7

Automated Processing and AI

EchoIQ uses automated processing and third-party AI to deliver its core features. Your audio is transcribed by AssemblyAI and the resulting text is summarised by Anthropic Claude. These providers process the data solely to return results to you and do not use it to train their models. We also derive product usage insights to improve the service.
  • Transcription includes speaker separation, sentiment and language detection
  • Speaker separation labels who spoke (Speaker A, Speaker B) and lets you rename speakers manually; it does NOT create voiceprints or biometric identifiers, and we do not identify individuals from their voice
  • AI summaries include key points, action items and topics
  • Providers do not train their models on data sent through their APIs
  • Analytics processing can be limited by disabling analytics consent in settings
8

Automated Decision-Making and Your Right to Object

The AI features above are automated processing but do not make decisions that produce legal or similarly significant effects about you. We do not use them for solely automated decisions such as credit, employment or eligibility outcomes. You may object to automated processing and request human review.
  • No solely automated decisions with legal or significant effect
  • You can object to profiling and automated processing (Article 21)
  • You can request restriction of processing (Article 18)
  • Contact privacy@pleisys.com to exercise these rights
9

International Data Transfers

Your data is primarily stored in India (AWS Mumbai) and hosted in the European Union (Germany). Where data is transferred to processors in the United States, those transfers are governed by Standard Contractual Clauses and equivalent safeguards under Article 46 of the GDPR.
  • Primary storage: AWS Mumbai (ap-south-1)
  • Hosting: European Union (Germany)
  • US transfers covered by Standard Contractual Clauses
10

Security

  • AES-256-GCM encryption at rest
  • TLS 1.2+ in transit
  • Role-based access control
  • Audit logging
11

Retention

We keep your recordings, transcripts and summaries while your account is active so you can access them. You can delete any conversation at any time, which removes its audio from storage, and you can delete your account to remove all of your data after a 30-day grace period.
  • Recordings, transcripts and summaries: while your account is active or until you delete them
  • Account deletion removes all of your data after a 30-day grace period
  • Audit logs for 1 year
  • Invoices for 7 years (statutory)
12

Region-Specific Rights

Depending on where you live, you have additional rights.
  • EU and UK (GDPR): access, rectification, erasure, restriction, portability, and objection; you may complain to your supervisory authority
  • India (DPDP Act 2023): the right to access, correct, update and erase your data, the right to grievance redressal, and the right to nominate another person to exercise your rights; contact our Grievance Officer at dpo@pleisys.com
  • United States (including California CCPA/CPRA): the right to know, access, delete and correct your personal information, and to opt out of sale or sharing - we do not sell your personal information
  • US recording laws: some states require all-party consent to record a conversation - see the Recording Consent section above
13

Your Rights

  • Access and export your data (Articles 15 and 20)
  • Correct or delete your data (Articles 16 and 17)
  • Restrict or object to processing (Articles 18 and 21)
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority
14

Contact

privacy@pleisys.com
  • Data Protection Officer: dpo@pleisys.com
  • Grievance Officer (India, DPDP Act 2023): dpo@pleisys.com
Was this policy easy to understand?