◈ EchoDeck

Privacy Policy

Last updated: 1 July 2026

Who we are

EchoDeck (the “Service”) is operated by MadLabs (“we”, “us”). For any privacy question or request, email gabriele.olivari@outlook.com. Postal address: 30 Hawkswood Drive, Hailsham, East Sussex, BN27 1UR, United Kingdom.

What we collect

  • Account data: your email address and a securely hashed password (we never store your password in plain text).
  • Your content: transcripts and subtitle files, audio you upload or link, translations, decks, tags, notes and your review history.
  • AI-generated content: translations and grammar/study notes generated at your request.
  • Pronunciation practice: when you use “Shadow & score”, speech recognition runs in your browser. Only the resulting text and a match score are sent to us — we do not receive or store your voice audio for scoring.
  • Billing data: handled by Stripe. We store your plan and Stripe customer/subscription identifiers — not your card number.
  • Technical data: basic request and log information needed to operate and secure the Service.

How we use it

To provide the Service (build, review, share, export decks; reminders; stats), process subscriptions, secure accounts and communicate about your account. We do not sell your personal data, and we do not use your content to train AI models.

AI, transcription & sub-processors

We rely on a small set of service providers who process data only to run the Service:

  • Anthropic — powers AI card-back fill. When you generate a card back, the card text is sent to Anthropic’s API. Anthropic does not train its models on data submitted through its API.
  • Speech-to-text provider — if auto-transcription is enabled, audio you submit for transcription is sent to the configured provider to return a transcript.
  • Stripe — payment processing (a separate data controller under its own policy).
  • Render — application hosting and storage.
  • Any reminder/email webhook you configure, used only to deliver the notifications you set up.

These providers may process data outside your country; where they do, appropriate safeguards apply.

Uploaded audio & public decks

Audio you upload is stored so the Service can play shadowing loops. Your decks are private to your workspace unless you publish them to a public link or the marketplace — published content (and its cards) is then publicly accessible until you unpublish it. You’re responsible for having the rights to any content you upload or publish.

Cookies & analytics

We use essential browser storage (e.g. localStorage) to keep you signed in to your workspace. We do not run third-party advertising trackers.

Retention & your rights

We keep your data while your account is active. You can edit or delete decks at any time and request deletion of your account and associated data by emailing gabriele.olivari@outlook.com. Depending on where you live (including under UK/EU GDPR), you may have rights to access, correct, export, delete or object to processing of your personal data. Our legal bases are performance of our contract with you (to provide the Service), your consent (for optional features), and our legitimate interests (to secure and improve the Service).

Security

Passwords are hashed (scrypt), sessions are token-based, workspace access requires a member key with a role, and the Service is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect your data.

Children

EchoDeck is not intended for children under 16, and we do not knowingly collect their data.

Changes

We may update this policy; we’ll revise the “Last updated” date above and, for material changes, take reasonable steps to notify you.

This policy reflects how EchoDeck currently works. Requirements vary by jurisdiction — we recommend an independent legal review before relying on it commercially.

← Back to EchoDeck · Terms of Service