Echo logo Echo

Privacy Policy

Last updated: March 2026

1. Who We Are

Echo is an AI-assisted IT support ticket management platform ("the Service"). This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it when you use Echo. Echo is developed and operated by its "team"("we", "us", "our").

We are committed to protecting your privacy and complying with applicable data protection law, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

  • Account information — your name, email address, and hashed password when you register.
  • Organisation membership — the organisation you belong to, your role (end user, IT agent, IT manager, admin), and your membership status.
  • Ticket content — the title, description, category, priority, and form responses you submit when raising a support ticket.
  • Resolution content — replies and resolutions submitted by IT agents.
  • Usage data — timestamps (created, updated, resolved) associated with tickets and resolutions.
  • Session data — a signed session token stored in a browser cookie to keep you logged in.

We do not collect payment information, precise device location, or any special category personal data.

3. How We Use Your Data

We use your personal data to:

  • Create and manage your account and authenticate your sessions.
  • Route and track your IT support tickets within your organisation.
  • Generate AI-assisted resolution suggestions based on your ticket content and your organisation's knowledge base.
  • Enable IT Managers to monitor team performance and ticket metrics.
  • Maintain an audit trail of ticket activity for transparency and accountability.
  • Improve and maintain the reliability and security of the Service.

4. Legal Basis for Processing

Under the GDPR we process your personal data on the following legal bases:

  • Contract — processing your account and ticket data is necessary to provide the Service you have signed up for.
  • Legitimate interests — we have a legitimate interest in operating a secure, functional platform and in understanding aggregate usage patterns to improve the Service.
  • Consent — where we rely on consent (e.g. optional cookies), you may withdraw consent at any time.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with:

  • Your organisation's IT staff — IT agents and managers within your organisation can see your ticket content and account display name in order to resolve your requests.
  • Infrastructure providers — the database and hosting services that store and serve the application. These providers act as data processors under appropriate agreements.
  • Law enforcement — where required by law or to protect the safety of users or third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Ticket data is retained for the lifetime of the organisation account for audit and knowledge base purposes. If you delete your account, your personal profile information will be removed; ticket and resolution content may be retained in anonymised form within the knowledge base.

7. Your Rights

Under the GDPR you have the following rights regarding your personal data:

  • Access — you may request a copy of the personal data we hold about you.
  • Rectification — you may ask us to correct inaccurate or incomplete data.
  • Erasure — you may request deletion of your personal data where there is no legitimate reason for us to continue holding it.
  • Restriction — you may ask us to restrict how we use your data in certain circumstances.
  • Portability — you may request your data in a structured, machine-readable format.
  • Objection — you may object to processing based on legitimate interests.

You also have the right to lodge a complaint with the Data Protection Commission (DPC) at www.dataprotection.ie if you believe your rights have been infringed.

8. Cookies

Echo uses a single, strictly-necessary session cookie to maintain your authenticated session. This cookie is signed and expires when you log out or your session times out. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Security

We take reasonable technical and organisational measures to protect your data, including password hashing, signed session tokens, and role-based access controls that limit data visibility to authorised users within your organisation. No system is completely secure, and we cannot guarantee the absolute security of your data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated to users where practicable. Your continued use of the Service after any update constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us through the support channels available within your organisation's Echo instance.