Privacy Policy

EchoNative (the "App") is built by an independent developer for upper-intermediate to advanced English learners. This policy explains, in plain language, what happens to your data when you use the App and the website at echonative.com.

1. Plain-language summary

• We require an account (email + password, or Sign in with Apple).
• We do not run analytics, ads, or behavioral tracking inside the App. (The marketing website uses Plausible Analytics, which is cookie-less — see §8.)
• Your shadowing recordings stay on your device — only audio you ask the App to transcribe is sent to OpenAI.
• Your subscription status is tracked by Apple, RevenueCat, and our backend (Supabase + Cloudflare Worker), so the App can unlock paid features across your devices.
• We do not sell or share your data with advertising or data broker third parties.

2. Account data

When you sign up, we collect:

• Email address (or, if you use Sign in with Apple, the Apple-relayed email address — which may be a private relay address).
• Account identifier (a UUID generated by Supabase when your account is created).
• Authentication metadata (sign-in timestamps, device class) needed to keep your session alive.

This data is stored in Supabase's managed Postgres database, hosted in the Singapore region (ap-southeast-1). Supabase processes it on our behalf as our authentication provider; their privacy policy applies in addition to ours.

We do not collect your name, profile picture, location, or contact list.

3. Subscription data

When you start a free trial or subscribe to EchoNative Pro:

• Apple In-App Purchase processes the actual payment. Apple sends us a receipt token. We never see your credit card number, billing address, or full name.
• RevenueCat validates the receipt with Apple and tracks your subscription state on our behalf. RevenueCat receives the receipt token and your account identifier (the UUID from §2).
• Our backend (Cloudflare Worker + Supabase) receives a webhook from RevenueCat each time your subscription state changes (trial started, renewed, cancelled, expired). We store:
  • whether your subscription is active (is_pro);
  • the product ID you purchased (Monthly or Yearly);
  • the current period's expiration date;
  • whether you've opted into auto-renewal;
  • an audit trail of subscription events (each webhook is logged for support and dispute purposes).

This is the minimum state needed to gate paid features correctly across devices and across re-installs.

4. What stays on your device

• Shadowing recordings are written to the App sandbox on your iPhone and never uploaded.
• Vocabulary, dictation history, sentence drills, and listening history live in on-device storage (SwiftData). Deleting the App deletes them.
• Podcast subscriptions and downloaded episodes are stored locally.

5. What we send to OpenAI

The App uses OpenAI's API to power three optional features. The only data ever leaving your device for these features is what they need:

• Transcription (Whisper): the episode audio file you choose to transcribe is sent to OpenAI in 10-minute slices. Returned text + word-level timestamps are stored locally.
• Sentence breakdown / idiom mining / Q&A grading (GPT-4o): the relevant subtitle text — and, for grading, the transcription of your spoken answer — is sent as text. Your raw recording is not sent.
• Ad detection (GPT-4o-mini): the subtitle text of the episode is sent.

These OpenAI calls are routed through our Cloudflare Worker backend (so we can attach our own API key + apply rate limits), not directly from your device. Per OpenAI's published API policy at the time of writing, API data is not used to train their models. We do not retain a server-side copy of the audio or text content of these requests — the Worker is a transparent proxy.

6. What we send to Apple

• Sign in with Apple (if you use it): Apple receives the fact that you signed in. We receive an Apple-issued user identifier and (if you allow) a relayed email.
• In-App Purchase (when you subscribe): Apple processes the payment. We do not see card details.

Apple's privacy policy applies to that data: apple.com/privacy.

7. Third-party podcast hosts

When you import an RSS feed or Apple Podcasts link, the App fetches the episode list and audio directly from the podcast's hosting provider. Those providers may log standard request metadata (IP, user agent). EchoNative does not proxy or log those requests.

8. Website analytics

This marketing site (echonative.com) uses Plausible Analytics, a privacy-friendly tool that does not set cookies, does not track you across sites, and reports only aggregated traffic data (page views, referrer, country, device class). No personal information is collected, and no data is shared with advertising or data-broker third parties. We do not run Google Analytics or any other cookie-based tracker on this site.

9. Children

EchoNative is intended for users 13 years and older. We do not knowingly collect data from children under 13.

10. Data retention and your rights

You can:

• Export your on-device data via the App's "Export to Anki" feature for vocabulary.
• Delete all on-device data by deleting the App.
• Delete your Supabase account (email, profile, subscription history) by emailing hello@echonative.com. We process account-deletion requests within 30 days. Cancelling your subscription via iOS Settings does not delete your account — please email us if you want both.

If you're an EU/UK resident, you also have the right to access, rectify, restrict processing of, or port your personal data. To exercise any of these, email hello@echonative.com.

11. Changes

We may update this policy. Material changes will be reflected by updating the date at the top. For changes that affect what data we collect or how we use it, we'll attempt to notify active subscribers by email.

12. Contact

Questions, deletion requests, or concerns: hello@echonative.com