Echo Health
Privacy Policy
Back to Home

Privacy Policy

Last updated: January 2026

Overview

Echo Health (“Echo”, “we”, “us”) provides wellness support and care coordination tools. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

Echo operates in two modes: Self-Care Mode (personal wellness, no provider connection) and Patient-Care Mode (connected to a licensed healthcare provider with your consent). Your data handling depends on your operating mode and consent choices.

Data We Collect

Account Information

Email address, name, and authentication credentials to identify you and secure your account.

Engagement Data

Journal entries, mood logs, care plan interactions, and app usage patterns you choose to record.

Consent Records

Your consent decisions (granted, revoked, or pending) for each data purpose, including timestamps and your explicit choices.

Audit Events

System logs of data access, consent changes, and feature usage for security, compliance, and your own transparency.

Consent Enforcement and Revocation

Echo uses purpose-based consent. You choose what data is shared and for what purpose:

  • Care coordination: sharing with your care team (Patient-Care Mode only)
  • AI wellness support: personalized guidance based on your data
  • Research: de-identified contribution to health research (optional)

You can revoke consent at any time from Settings in the mobile app (or partner portal for authorized pilot participants). Revocation takes effect immediately. Previously shared data under valid consent remains part of the care record where clinically necessary.

Data Export and Deletion Rights

You have the right to:

  • Export your data: request a copy of your account data, journal entries, and consent history
  • Delete your account: request permanent deletion of your account and associated data
  • Correct inaccuracies: update or correct your personal information

To exercise these rights, contact us at [email protected]. We respond to requests within 30 days.

For detailed instructions on account deletion, see our Account Deletion page.

Tenant Isolation (Multi-Organization Security)

Echo serves multiple healthcare organizations (“tenants”). Your data is strictly isolated to your tenant:

  • Data from one organization cannot be accessed by another
  • Each tenant has separate encryption keys and access controls
  • Cross-tenant data sharing is technically prevented at the infrastructure level

Self-Care Mode vs Patient-Care Mode

Self-Care Mode

Personal wellness tools. Your data stays private to you. No provider access. Features: journaling, mood tracking, AI reflections.

Patient-Care Mode

Connected to a licensed provider with your consent. Additional features: telehealth, secure messaging, medication management.

Security

We protect your data with:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls
  • Audit logging for all data access
  • Regular security assessments

Contact Us

For privacy questions, data requests, or concerns:

Email: [email protected]

General support: [email protected]

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via the app or email. Continued use after changes constitutes acceptance.