Privacy Policy

When you sign up for a free sample report or become a subscriber, we collect the following:

• Your name and email address — so we can send you your report and communicate with you about your account.
• Your business financial data — specifically the P&L statements and supporting documents you choose to send us. We never request or require direct access to your accounting software, bank accounts, or any third-party system. You send us what you want us to see.
• Basic usage information — standard analytics data about how you interact with this website, such as pages visited, time on site, approximate location, and device or browser type. Some of this (for example, your IP address) may be considered personal information. We use it only in aggregate to understand and improve the site, and we do not use it to build advertising profiles or track you across other websites.

We do not knowingly collect more than this. We do not request or require access to your accounting software, bank accounts, or any third-party system — you decide exactly which documents to send us. Please do not send us information about other people unless you have the right to share it.

We use your information for one purpose: to produce your monthly Clarity Report and communicate with you about it.

Specifically:

• Your financial data is used only to generate your report and the benchmarks and recommendations inside it. We never sell your data, and we never share it for advertising, marketing, or any unrelated purpose. To actually produce your report and run the service, your data is processed by a small set of vetted technology providers acting on our instructions — these are listed in the "Service providers we use" section below.
• Your email address is used to deliver your report and send occasional service-related updates. We do not send marketing emails to non-subscribers without your consent.
• Your name is used to personalize your report. That's it.

Inside EchoFrame, your financial data is accessed only by EchoFrame personnel involved in producing your report. We do not sell your information, and we do not share it with advertisers, data brokers, or any partner for their own marketing purposes.

To deliver the service, your information is processed by a small number of trusted technology providers (our "service providers" or subprocessors) that operate parts of EchoFrame on our behalf — for example, the tools that generate the written analysis, take payment, and email your report to you. They may only use your data to perform those functions for us, and they are bound by their own confidentiality and data-protection commitments. These providers are listed in the next section.

The only other exception: if we are required to disclose information by law or valid legal process, we will comply with that requirement and notify you where legally permitted to do so.

We use the following third-party service providers (subprocessors) to operate EchoFrame. Each is bound by a written agreement (including data-protection or confidentiality terms) that requires it to process your data only on our instructions, only to provide its function to us, and not for its own purposes. Each processes only the data needed for its specific function:

• Anthropic (AI processing) — generates the written analysis in your report. The financial figures you provide are sent to Anthropic's API to produce the report text. EchoFrame uses Anthropic's commercial API under its commercial terms, under which your inputs and outputs are not used to train Anthropic's models and are not retained beyond what is needed to provide and secure the service.
• Stripe (payments) — securely processes subscription and one-time payments. Stripe collects your payment and billing details directly as its own processor; EchoFrame never receives or stores your full card number.
• Resend (email delivery) — delivers your report and service emails to your inbox.
• Formspree (web forms) — receives the information you submit through the free-sample request form on our website.

If we add, remove, or change a service provider that handles your data, we will update this page. We do not authorize any of these providers to use your financial information for their own purposes, and we do not sell or rent your information to anyone.

Your financial documents are stored securely and are retained only as long as needed to produce your reports and maintain your account history. Our retention rules are specific, so you are never left guessing:

• While you are a customer, we keep your documents to produce your reports and your account history.
• After your account closes (you cancel, or we stop providing the Services), we permanently delete your financial documents within 90 days — automatically, whether or not you ask us to.
• On request, sooner. If you ask us to delete your data, we permanently delete your financial documents within 30 days of your request.

We may retain a minimal record needed to meet legal, tax, or accounting obligations, or to resolve a dispute, but only for as long as the law requires and never for marketing. Where we have shared data with a subprocessor to provide the service, that provider retains it only as long as needed for its function and under its agreement with us.

We use industry-standard security practices to protect your information, including encryption of financial documents in transit and at rest and access limited to personnel who need it. No system is 100% secure, and we cannot guarantee absolute security — but we treat your financial data with the same care we would want applied to our own.

If we ever experience a data breach affecting your personal information, we will notify you and any authorities required by law without unreasonable delay, and in any event consistent with Georgia's breach-notification statute (O.C.G.A. § 10-1-910 et seq.) and any other law that applies to you. Our notice will describe, to the extent known, what happened, what information was involved, and the steps you can take.

• You can request a copy of the data we hold about you at any time.
• You can ask us to correct inaccurate information about you.
• You can request deletion of your data at any time.
• You can unsubscribe from communications at any time.
• You can cancel your subscription at any time with no penalty.

To exercise any of these rights, email us at jacob.starling@echoframe.net. We will acknowledge your request within 2 business days and complete it within 30 days (we will tell you if we need more time). We will not charge you or treat you differently for exercising these rights, and we will verify your identity before acting on a request.

Residents of states with privacy laws. If your state gives you specific privacy rights (for example, the right to access, correct, delete, or opt out of "sale" or "sharing" of personal information), you may exercise them using the same email above. To be clear: we do not sell or share your personal information, and we do not use it for cross-context behavioral advertising.

Children. The Services are for businesses and are not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

This website uses basic, privacy-respecting analytics to understand how visitors interact with the page. We do not use advertising cookies, retargeting pixels, or any tracking technology that follows you across other websites, and we do not sell or share what we collect.

You can disable cookies in your browser settings, or use your browser's "Do Not Track" or global privacy control signals, at any time. Doing so will not affect your ability to use any EchoFrame service.

Email us at jacob.starling@echoframe.net. We aim to respond quickly, usually within one business day.