EchoFelix

Privacy Policy

For our operator terms, see Annexure A: Data Processing Agreement.

ECHOELIX

Effective Date: January 1, 2025

1. INTRODUCTION

1.1 EchoFelix ("we", "us", "our") respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).

1.2 This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI transcription service.

1.3 By using our Service, you consent to the collection and use of your personal information as described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly:

  • Account Information: Name, email address, phone number, law firm name, physical address
  • Billing Information: Credit card details, banking information, VAT number
  • Profile Information: Job title, practice areas, preferences

2.2 Information Generated Through Service Use:

  • Audio Files: Recordings you upload for transcription
  • Transcripts: AI-generated transcripts of your audio files
  • Usage Data: Log files, IP addresses, browser type, pages viewed, time spent on pages
  • Device Information: Device type, operating system, unique device identifiers

2.3 Information from Third Parties:

  • Payment Processors: Transaction confirmation and payment status
  • Authentication Providers: If you use Google/Microsoft login

3. HOW WE USE YOUR INFORMATION

3.1 We use your personal information to:

  • Provide the Service: Process transcriptions, store your data, enable account access
  • Billing and Payment: Issue invoices and accept EFT payments only (no debit/credit cards)
  • Customer Support: Respond to inquiries, troubleshoot issues, provide technical assistance
  • Service Improvement: Analyze usage patterns to improve Service (using anonymized, aggregated data only)
  • Communications: Send service updates, security alerts, billing notifications
  • Legal Compliance: Comply with legal obligations, respond to lawful requests

3.2 What We DO NOT Do:

  • ❌ We do NOT use your audio files or transcripts to train our AI models
  • ❌ We do NOT sell your personal information to third parties
  • ❌ We do NOT share your Client Data with anyone except as described in Section 4
  • ❌ We do NOT read or access your transcripts except for technical support (with your permission) or legal compliance

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers (Sub-Processors):

We share limited information with trusted third-party service providers who assist us in operating the Service:

  • Cloud Hosting: South Africa–based data centers (data storage and processing)
  • Email Services: Transactional email for service communications

All service providers are contractually bound to protect your information and use it only for specified purposes.

4.2 Legal Requirements:

We may disclose your information if required by law, including:

  • Court orders or subpoenas
  • Legal processes or government requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues
  • Compliance with POPIA, Cybercrimes Act, or other applicable laws

4.3 Business Transfers:

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.

4.4 With Your Consent:

We may share your information with other parties if you provide explicit consent.

5. DATA SECURITY

5.1 Technical Measures:

  • Encryption in Transit: TLS 1.3 for all data transmission
  • Encryption at Rest: AES-256 encryption for stored data
  • Access Controls: Role-based access, multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Audits: Annual security audits and penetration testing

5.2 Organizational Measures:

  • Background checks for employees with data access
  • Confidentiality agreements for all staff and contractors
  • Regular security training
  • Incident response procedures
  • Data breach notification protocols

5.3 Your Responsibility:

  • Use strong, unique passwords
  • Enable multi-factor authentication
  • Keep login credentials confidential
  • Log out on shared devices
  • Report suspicious activity immediately

6. DATA RETENTION

6.1 Active Subscriptions:

  • Account information: Retained while your subscription is active
  • Client Data (audio files and transcripts): Retained until you delete them or terminate your subscription

6.2 After Termination:

  • Client Data: Retained for 30 days for recovery, then permanently deleted
  • Account Information: Retained for 7 years for tax and legal compliance
  • Billing Records: Retained for 5 years as required by tax law

6.3 Backups:

  • Deleted data may remain in backups for up to 90 days
  • Backups are securely encrypted and eventually overwritten

7. YOUR RIGHTS UNDER POPIA

7.1 You have the right to:

  • Access: Request a copy of your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances
  • Data Portability: Receive your data in a structured, machine-readable format
  • Withdraw Consent: Withdraw consent for processing (may affect Service availability)

7.2 How to Exercise Your Rights:

Contact our Information Officer via our contact page. We will respond within 30 days.

7.3 Complaints:

If you believe we have violated your privacy rights, you may lodge a complaint with:

  • Our Information Officer: Please use our contact page
  • Information Regulator of South Africa: complaints.IR@justice.gov.za or 012 406 4818

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Location: All Client Data is stored on servers located in South Africa.

8.2 No Automatic Transfers: We do not routinely transfer personal information outside South Africa.

8.3 If Transfer Required: If we must transfer data internationally (e.g., for technical support), we will:

  • Obtain your explicit consent
  • Ensure the receiving country has adequate data protection laws
  • Use Standard Contractual Clauses or other approved mechanisms
  • Maintain the same level of protection as required by POPIA

9. COOKIES AND TRACKING

9.1 What We Use:

  • Essential Cookies: Required for Service functionality (login, session management)
  • Analytics Cookies: To understand how users interact with our Service (Google Analytics)
  • Preference Cookies: To remember your settings and preferences

9.2 What We Don't Use:

  • Third-party advertising cookies
  • Cross-site tracking
  • Social media tracking pixels

9.3 Your Control: You can disable cookies through your browser settings, but this may affect Service functionality.

10. CHILDREN'S PRIVACY

10.1 Our Service is not intended for children under 18.

10.2 We do not knowingly collect personal information from children.

10.3 If we discover we have collected information from a child, we will delete it immediately.

10.4 If you believe a child has provided us with personal information, contact us via our contact page.

11. CHANGES TO THIS PRIVACY POLICY

11.1 We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

11.2 We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification

11.3 Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11.4 Last Updated: January 1, 2025

12. CONTACT INFORMATION

General Inquiries:

EchoFelix

Contact: Please use our contact page

Phone: [To be provided]

Address: [To be provided]

Information Officer (POPIA Compliance):

Name: [Information Officer Name]

Contact: Contact page

Phone: [To be provided]

Deputy Information Officer:

Name: [Deputy IO Name]

Contact: Contact page