Legal

Privacy Policy for Echoes

Last updated: July 2, 2026

Introduction

Echoes ("we", "us", "the Extension") is a browser extension that helps you search, organize, summarize, and manage your conversations across AI chat platforms (ChatGPT, Claude, Gemini, DeepSeek, Grok, Perplexity, and Google AI Studio).

This Privacy Policy explains, in plain language, exactly what data Echoes handles, where it is stored, what leaves your device, and who we share it with. Our core design principle is local-first: your conversation content stays on your own device and is never uploaded to our servers — with one clearly-labeled exception described in the "AI Features" section below, which only ever runs when you deliberately trigger it.

1. Summary — What You Should Know First

  • Your conversations are stored only on your own device, inside your browser's local database (IndexedDB). We do not upload, copy, or retain the text of your conversations on our servers.
  • Echoes reads your conversations using your own logged-in sessions on each AI platform. It calls those platforms directly from your browser using the credentials you are already signed in with. Your conversation data does not pass through Echoes' servers to be fetched.
  • Conversation text only leaves your device if you personally use an AI feature — the "Summarize" action or the built-in "AI Assistant." In those cases, only the content needed for that specific request is sent to an AI provider to generate the result. See Section 6.
  • We do not sell your data. We do not use your conversation content for advertising or to train AI models.
  • We never collect payment card details. All payments are handled by our payment processors (Gumroad and Stripe).

2. Personal Data We Collect

Beyond the local-first and metadata handling described elsewhere in this policy, there are specific moments where you actively provide personal information to us, or where limited technical data is collected automatically.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. The primary example is:

  • Email address — collected when you create an Echoes account, sign up for our beta program or waitlist, or contact us for support. We use it to operate your account, send you beta-related communications and any product updates you have requested, and respond to your support enquiries. You can ask us to remove your email at any time (see Section 16).

Usage Data

Usage Data is collected automatically when you use the Service. It may include your browser type and version, the pages of our website you visit, and the time, date, and duration of those visits, along with anonymous feature-usage events within the Extension (for example, that a search or export occurred).

This data is handled as described in Section 10 (Analytics and Error Reporting): it is tied to a random, anonymous identifier — not your name, email, or account ID — ad personalization is disabled, and your IP address is excluded from our error reports. Echoes is a browser extension and does not operate a mobile app, so we do not collect mobile device identifiers.

3. Data Stored Only on Your Device

The following data is stored locally in your browser (IndexedDB and your browser's extension storage) and is not uploaded to our servers:

  • Full conversation content — the complete text of messages fetched from the AI platforms you connect, so you can search and browse them offline.
  • Conversation summaries — any summaries you generate (see Section 6) are stored locally.
  • Search history — your recent search queries (kept locally so you can reuse them).
  • Local caches and preferences — extension settings and temporary caches.

You can delete this data at any time by removing conversations from within Echoes, clearing the extension's data, or uninstalling the Extension.

4. How Echoes Reads Your Conversations

To let you search your chats, Echoes retrieves them from each AI platform directly from your browser, using the session you are already logged into on that platform (for example, your existing ChatGPT or Claude login). Echoes does not ask you for the passwords to those platforms, and it does not route this content through Echoes' servers.

Echoes can only access the AI platforms you choose to connect and only while you are signed in to them. You can revoke this access at any time by signing out of the platform or uninstalling the Extension.

5. Data We Store on Our Backend (Metadata Only)

When you sign in to an Echoes account, a limited set of metadata is synced to our backend (Google Firebase) so your organization carries across devices. This does not include the content of your conversations. It includes:

  • Account identifiers — your account's unique ID (Firebase UID) and, for signed-in users, your email address (used to identify your account and subscription).
  • Organization metadata — the labels/tags you create, which conversations you have favorited, and which tags are applied to which conversations (referenced by ID, without the conversation text).
  • Search history queries — the search terms you have entered (not the conversations they matched).
  • Usage counters — monthly counts of how many times you have used features such as search, export, and summarize, so we can enforce plan limits (see Section 9).
  • Settings and preferences.

This metadata is retained while your account is active and is removed or disassociated when you delete your account.

6. AI Features (When Conversation Content Is Processed)

Echoes includes optional AI features. These are the only situations in which your conversation content leaves your device, and they only run when you personally trigger them.

6a. Summarize a Conversation

When you choose "Summarize" on a conversation, Echoes sends the text of that conversation to an AI model to produce a summary. Depending on the platform the conversation belongs to:

  • For ChatGPT conversations, the text is sent to OpenAI (model: GPT-4o-mini) using your own OpenAI API key that you configure in settings. OpenAI's handling of that request is governed by OpenAI's terms and privacy policy.
  • For Claude and Gemini conversations, Echoes uses your own logged-in session with that provider to generate the summary, then deletes the temporary summary request from that provider afterward.

To keep requests small, long conversations may be trimmed (for example, only the first and last few messages) or split into chunks before summarizing. The resulting summary is stored only on your device.

6b. AI Assistant (Chat)

Echoes offers a built-in AI Assistant that lets you interact with your library using natural language. When you send a message to the Assistant, the following is transmitted to our backend and then to the AI model:

  • The messages you type to the Assistant.
  • The names of your labels and projects/folders, so the Assistant can understand which of your labels or projects you are referring to.

This data is sent to our backend service (hosted on Vercel), which forwards it to Google's Gemini model (via Vercel AI Gateway) to generate a response. Our backend is pass-through: it does not store your Assistant messages or the AI's responses. The only thing our backend records for this feature is your usage count, to enforce plan limits.

Third-party AI observability (LangSmith): To monitor reliability and debug problems with the AI Assistant, requests to the Assistant are processed through LangSmith, an LLM observability service operated by LangChain, Inc. This tracing may include the messages, responses, and tool actions involved in an Assistant request. LangSmith processes this data on our behalf under its own terms and retention policies.

The AI Assistant can perform in-app actions on your behalf (such as running a search, opening a conversation, toggling a favorite, or resetting filters). These actions execute locally in your browser; the AI model receives only the minimal instruction needed (for example, the search term or the conversation's ID), not your conversation content.

We do not use your data to train AI models. The AI providers process your requests to return a result; their own use of the data is governed by their respective policies.

7. Authentication

Echoes uses Google Firebase Authentication to manage accounts. Depending on how you sign in, we may process:

  • Your email address and password (password handled by Firebase, never stored by us in readable form), or a magic sign-in link.
  • Your account ID (Firebase UID) and subscription/entitlement details (e.g., plan tier and expiry).
  • An anonymous account ID if you use Echoes without signing in (used to track free-tier usage limits).

If you choose "remember me," your sign-in credentials may be stored locally on your device for convenience. Authentication state is stored locally in your browser.

8. Payments and Subscriptions

Echoes offers paid plans processed by third-party payment providers:

  • Gumroad — for membership/lifetime plans.
  • Stripe — for AI add-on plans.

Echoes never receives or stores your credit card or payment details. Those are handled entirely by Gumroad and Stripe under their own privacy policies. We only store the resulting subscription status (for example, plan tier, active/canceled status, and renewal date) so we can grant you the features you paid for.

9. Usage Limits and Quotas

Free plans include monthly limits on certain actions (such as searches, exports, and summaries) and fixed caps on others (such as the number of labels and favorites). To enforce these, Echoes keeps counters of how many times you use each feature. These counters are stored locally and, for signed-in users, synced to our backend. They do not contain your conversation content. If you prefer, quota tracking can be associated with a hashed version of your email rather than your account ID.

10. Analytics and Error Reporting

We use limited, privacy-conscious analytics and error reporting to keep Echoes working reliably. Neither includes your conversation content.

Google Analytics 4 (usage analytics)

  • We record anonymous usage events (for example, that a search or export occurred, and roughly how long it took or how many results were returned, grouped into ranges).
  • These events use a random, anonymous identifier — not your name, email, or account ID.
  • Ad personalization is disabled. Analytics can be turned off remotely and is subject to a kill-switch.

Sentry (error reporting)

  • When enabled, Sentry captures error messages and stack traces to help us diagnose crashes and bugs.
  • Error reports may include your account ID (UID), your subscription tier, and — if applicable — a Discord handle you have associated for support purposes.
  • Error reports do not include your email address, and your IP address is explicitly excluded.
  • Error reporting is off by default and is only enabled for specific users (for example, opted-in beta testers), controlled by a remote setting.

11. Browser Permissions and Domains

Echoes requests the following browser permissions, each used for a specific purpose:

  • storage — to save your data locally and your preferences.
  • cookies — to use your existing logged-in sessions on the AI platforms so it can read your conversations.
  • activeTab — to interact with the AI platform page you are currently using.
  • notifications — to alert you (for example, when local storage is full).
  • alarms — to run periodic background syncs (such as syncing metadata and quotas).
  • declarativeNetRequest — to set required request headers when communicating with certain platform APIs.

Echoes operates on and communicates with the following domains: the AI chat platforms you connect (ChatGPT/OpenAI, Claude, Gemini, DeepSeek, Grok, Perplexity, Google AI Studio), our authentication and backend services (Firebase and Vercel), and Google Analytics. Echoes does not inject into or read arbitrary websites — it is limited to the listed platforms and its own service endpoints.

12. Data Sharing

We share data only as necessary to provide the service:

  • AI providers (OpenAI, Anthropic/Claude, Google/Gemini) — only when you use an AI feature, as described in Section 6.
  • Infrastructure and processors — Google Firebase (accounts, metadata sync), Vercel (AI Assistant backend), LangSmith/LangChain (AI observability), Google Analytics (anonymous analytics), and Sentry (error reporting).
  • Payment processors — Gumroad and Stripe.

We do not sell your personal data, and we do not share your conversation content for advertising or model-training purposes.

13. Data Retention and Deletion

  • On your device: You control this data. Delete conversations within Echoes, clear the extension's storage, or uninstall the Extension to remove it.
  • On our backend: Account metadata and quota counters are retained while your account is active and are removed or disassociated when you delete your account. Soft-deleted items (such as removed tags) are purged after a short cleanup period.
  • Third-party processors: Analytics, error, and AI-observability data are retained according to each provider's retention policies.

To request deletion of your account and associated backend data, contact us using the details in Section 16.

14. Children's Privacy

Echoes is not directed to children under the age of 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you within the Extension.

16. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at:

© 2026 R2Bits LLC. All rights reserved.

← Back to home