Echo Privacy Policy


Last Updated: June 2026


Welcome to Echo, a platform dedicated to protecting the security of your personal information. This Privacy Policy outlines the principles and practices we follow to ensure the security and privacy of your information. By using Echo, you agree to the terms of this policy.


1. Introduction


Echo (“we”, “us”, or “our app”) takes your privacy very seriously. We adhere to the principles of accountability, purpose specification, choice and consent, minimal collection, security, user participation, and transparency. This Privacy Policy applies to all products and services of Echo, including those provided by our affiliates (unless they have their own privacy policy). This policy does not cover services provided by third parties or products governed by separate policies. Please read and understand this policy before using our services. By using our services, you agree to the terms set forth herein. If you have any questions, please contact us through the channels provided.


2. Definitions


We / Our App – refers to the iOS application [Echo] that provides location-based check-in services and its operator.


You / User – refers to any natural person who uses our application’s services.


Personal Information – refers to any information recorded electronically or by other means that can be used, alone or in combination with other information, to identify a specific natural person.


3. Information We Collect and the Principle of Minimization


We adhere to the principle of data minimization, collecting only the information necessary to perform the core location check-in functionality, and we do not retain raw location information that could identify a specific individual.


a. User Registration and Login


You can log in to Echo using your Apple ID. We will obtain the nickname and email address provided by your Apple ID (if you choose to share them). This information is used to create an account and identify your check-in records. The information you provide will be retained during your use of the service. If you cancel your account, we will delete or anonymize your information in accordance with applicable laws.


b. Information Temporarily Processed for Check-in Functionality


Location Information (obtained only at the moment of check-in): When you actively click the “Check-in” button, our app will request your device’s location information once, used to verify whether you are near the attraction. This location information is used only for real-time verification, deleted immediately after verification, not uploaded to our servers for long-term storage, and not persistently stored on your device locally. You may turn off location permissions at any time in iOS Settings → Privacy & Security → Location Services. If you do so, the check-in function will not work, but other browsing functions will not be affected.

Device Information (anonymous and non-identifiable):We may use technical identifiers provided by iOS, such as Identifier for Vendor (IDFV), DeviceCheck, or App Attest services, solely for fraud prevention and service security. We may receive anonymous device identifiers provided by Apple to distinguish different user accounts and prevent check-in cheating. Such identifiers cannot be reverse-engineered to identify your real identity.


c. Content You Actively Post


You may choose to upload check-in photos, ratings, and other content to the “Moments” area (or similar functional area). Such content is voluntarily posted by you and is subject to our automated + manual review before publication. Users can report inappropriate content through the in-app reporting function. Reported content will be reviewed and deleted if necessary. Your uploaded content must not include others’ private information, unauthorized geolocation information (such as interior photos of others’ homes), or content that infringes intellectual property rights.


4. User Information Retention Rules


Location Data:Deleted immediately from the server after check-in verification is completed. The server retains only a de- identified record such as “An anonymous user checked in at a certain attraction,” without retaining original data such as latitude/longitude coordinates or specific check-in time. Location information may be used only for real-time check-in verification and may be transmitted to our servers. After verification, the original coordinate data will not be retained; it will be deleted or anonymized in accordance with our data retention policy.

Personal Identifiers:   If you log in anonymously with Apple, we do not retain your real name, phone number, national ID number, or other identifiable information. or other identifiable information.

Account Cancellation:  You may request cancellation via “Settings → Account & Security → Cancel Account” within the app. We will delete or anonymize all your data within 7 business days.Unless a longer retention period is required by applicable law, deletion or anonymization of all your data will be completed within 7 business days. After cancellation, your check in records, posted content, etc., will be deleted and cannot be recovered.

Backup Note: To prevent operational errors, some data may be temporarily retained in our server backup systems, but will be automatically purged within the backup update cycle (typically no more than 30 days).


5. No Map Tracking


Our app does not have any map tracking function. This application may display map content to facilitate your check-in, but it does not continuously track your movement trajectory or save location history. We do not obtain your location in the background, do not record your movement from one place to another, and do not map your route. Location permission is called only once when you actively initiate a check-in request, and is released immediately after verification. We do not perform background location tracking, geofencing, or real-time location tracing. This app does not provide navigation, route planning, or continuous location sharing functions.


6. How We Use Information


a. We use the information only for the following purposes:


Verifying whether you are within the location check-in range (real-time verification, deleted after use);

Displaying your check-in achievements and posted content (only content you actively post and that passes review);

Preventing cheating behaviors such as fraudulent multiple check-ins; Ensuring the security and stable operation of the application.


b. We will not use your information for:


Personalized advertising;

User behavioral profiling;

Selling or providing identifiable data to third parties.


7. Embedded Web Pages and WebView Usage


a. Scope of WebView FunctionsSome parts of this application (e.g., attraction details, help center, activity announcements) may load embedded web content using the iOS native WKWebView component to provide richer information and interaction experiences. This embedded web content is provided directly by us or our authorized partners, not by arbitrary third-party websites.


b. Data Isolation and Permission Control


Data Isolation Principle: Embedded WebView content runs in a sandbox environment isolated from the application’s native code; by default, it cannot directly access sensitive data on your device (including but not limited to contacts, photo library, local file system, camera, microphone).

Independent Permission Management: If an embedded web page requires access to sensitive permissions such as location, camera, or photo library for functional needs, the request will be presented to you via iOS’s standard permission pop-up, with the principle of minimal collection applied. You may withdraw granted permissions at any time in iOS Settings. After withdrawal, related WebView functions may be limited, but other core functions of the application will not be affected.

No Background Tracking: We do not enable background location, cross-site cookie tracking, or device fingerprinting in WebView. WebView loads content only when you actively browse the relevant page; data interaction stops when you close the page.


c. Cookies and Local Storage


Cookie Usage: Embedded web pages may use necessary session cookies to maintain page state (e.g., login status, form progress). These cookies are valid only for the current WebView session and are not used for cross-app tracking or advertising profiling.

Local Storage Restrictions:  Local storage of WebView (e.g., HTML5 LocalStorage) is used only to cache static resources for faster loading. We do not persistently store any personally identifiable information through local storage.


d. Third-Party Content and Outbound Links


Controlled Domain Whitelist:We enforce a strict whitelist of domains that WebView can load, allowing only our designated official domains and subdomains, preventing loading of unverified third-party content.

External Link Handling:  If an embedded web page contains a link to a third-party website, clicking it will prompt you with “You are about to leave Echo and open an external browser,” and the link will be opened in Safari instead of staying within the WebView. Before redirecting, we will clearly show you the target URL, and you may choose to cancel.

Third-Party Responsibility Boundary:For third-party websites accessed through an external browser, we cannot control their content, privacy policies, or data practices, nor assume any responsibility. We recommend that you read the third-party’s privacy policy carefully before providing any personal information.


e. Security Measures


Encryption in Transit: All content loaded through WebView is forced to use the HTTPS protocol to ensure confidentiality and integrity during transmission.

Safe Browsing:We enable iOS’s safe browsing mechanism to check loaded WebView content against malicious websites, blocking access to known unsafe pages.

Input Security:If an embedded web page contains a form input function (e.g., feedback submission), user input is strictly validated and filtered to prevent injection attacks.


f. User Control and Transparency


Exit Anytime: You may exit embedded web browsing at any time via the close button inside the WebView or the system back gesture. After exit, the WebView instance will be destroyed and associated session data immediately cleared.

Content Review: All web content loaded into WebView has undergone our security review to ensure there are no malicious scripts, covert data collection, or non-compliant information collection clauses.


8. Information Security


We use transport-layer encryption (TLS/SSL) to protect data transmission. Although we take security measures that meet industry standards, please understand that no method of transmission over the Internet is 100% secure. In the event of a security incident, we will notify you in a timely manner as required by law.


9. Children’s Privacy


Our services are not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under 18 without verification of parental consent, we will take steps to remove that information from our servers. If we rely on consent as the legal basis for processing your information and your country requires parental consent, we may request parental consent before collecting and using that information.


10. Links to Other Websites


Our services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.


11. Changes to This Privacy Policy


We may revise the terms of this Privacy Policy from time to time, and such revisions will form part of this Privacy Policy. If such changes result in a material reduction of your rights under this Privacy Policy, we will notify you before the revision takes effect via a prompt, email, or a notice on the home page. In such case, if you continue to use our services, you agree to be bound by the revised Privacy Policy.


12. Contact Us


The copyright of this Privacy Policy belongs to us, and we reserve the right to interpret and modify it within the scope permitted by law. If you have any questions, you may contact us at: Echo@outlook.com