Privacy Policy

XECHO ("we," "us," or "our"), operated by XDRIP Digital Management LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using XECHO, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

1. Information We Collect

Information You Provide

• Account Information: Email address, username, password, date of birth, profile picture
• Profile Information: Display name, bio, social links, artist/creator details
• Payment Information: Billing address, payment method details (processed by Stripe)
• Identity Verification: For creators - name, address, tax ID, government ID (KYC)
• Content: Music, podcasts, audiobooks, and other audio you upload
• Communications: Messages, support requests, feedback

Information Collected Automatically

• Usage Data: Streaming history, listening preferences, search queries, playlists
• Device Information: Device type, OS, browser type, unique identifiers
• Location Data: Country and region based on IP address
• Log Data: IP address, access times, pages viewed, referring URLs

Blockchain & Wallet Data

• Wallet Address: Public wallet addresses you connect to XECHO
• Transaction Data: Blockchain transactions related to your activity
• Note: We never have access to your private keys or wallet passwords

2. How We Use Your Information

To Provide Our Services

• Create and manage your account
• Process streaming, purchases, and subscriptions
• Distribute creator content and process payouts
• Personalize your listening experience and recommendations
• Enable social features (following, playlists, sharing)

To Improve Our Platform

• Analyze usage patterns and trends
• Develop new features and services
• Fix bugs and optimize performance

To Protect Our Platform

• Detect, prevent, and address fraud and abuse
• Enforce our Terms of Service
• Verify identity for KYC/AML compliance

3. Information Sharing

We may share your information with:

• Service Providers: Payment processors (Stripe), cloud hosting, analytics, email services
• Creators: Aggregated listener analytics, subscriber info for fan subscriptions
• Legal & Safety: In response to valid legal requests, to protect rights and safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales

4. Cookies & Tracking

Types of Cookies

• Essential: Required for basic functionality, authentication, security
• Functional: Remember preferences (volume, language, theme)
• Analytics: Understand usage, measure performance, identify issues

Managing Cookies

Most browsers allow you to refuse or delete cookies. Disabling cookies may affect platform functionality. You can adjust preferences in your browser settings.

5. Data Storage & Security

Where We Store Data

• User account data on secure servers in the United States
• Content on IPFS decentralized storage
• Payment data processed and stored by Stripe (PCI-DSS compliant)

Security Measures

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication with hashed passwords
• Regular security audits and monitoring
• Access controls limiting employee access

No method of transmission over the internet is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.

6. Your Rights & Choices

• Access: Request a copy of personal data we hold about you
• Correct: Update your account information at any time
• Delete: Delete your account through settings or by contacting support
• Control Marketing: Opt out via unsubscribe link or notification settings
• Data Portability: Request your data in a machine-readable format

To exercise these rights, contact us at privacy@xecho.pro

7. International Data Transfers

XECHO is based in the United States. If you access our platform from outside the US, your information will be transferred to, stored, and processed in the United States.

• EU/EEA Users: We rely on Standard Contractual Clauses for data transfers
• UK Users: We comply with UK GDPR requirements

8. Children's Privacy

• XECHO is not intended for children under 13
• Users aged 13-17 may use XECHO with parental consent
• Users must be 18+ to make purchases, connect wallets, or receive payouts
• We do not knowingly collect personal information from children under 13

Contact us at privacy@xecho.pro if you have concerns about a child's data.

9. Third-Party Services

XECHO uses the following third-party services:

• Stripe: Payment processing
• Google: Authentication (if you use Google Sign-In)
• IPFS: Decentralized content storage
• Supabase: Database and authentication

Our platform may contain links to external websites. We are not responsible for the privacy practices of other sites.

10. Data Retention

• Account Data: Retained while active, plus 30 days after deletion
• Transaction Records: Retained for 7 years for tax/legal compliance
• Usage Logs: Retained for up to 2 years
• Creator Content: Retained until removed by creator
• Support Communications: Retained for 3 years

11. California Privacy Rights (CCPA)

California residents have specific rights under CCPA:

• Right to Know: Request what personal information we collect and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sales (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate for exercising rights

Submit requests to privacy@xecho.pro. We respond within 45 days.

12. European Privacy Rights (GDPR)

Legal Bases for Processing

• Contract: To provide our services to you
• Consent: For marketing and optional features
• Legitimate Interests: For security, fraud prevention, improvement
• Legal Obligation: To comply with laws

Your GDPR Rights

• Access: Obtain a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit processing of your data
• Portability: Receive data in a portable format
• Object: Object to processing based on legitimate interests

Data Controller: XDRIP Digital Management LLC, Colorado Springs, CO, USA

You have the right to lodge a complaint with your local data protection authority.