Security & Compliance

1. Encryption from End to End

All communication between you, WhatsApp, and EchoLynk is encrypted in transit using industry-standard TLS 1.2+ protocols.

When a call is placed, the audio is transmitted securely via Twilio's encrypted voice channels.

Stored recordings and transcripts are encrypted at rest (AES-256) and automatically deleted after the retention window expires (typically 48 hours).

2. Data Retention & Deletion

• Recordings: Stored for up to 48 hours by default.
• Transcripts & Metadata: Retained longer only if needed for support, fraud prevention, or service optimization.
• Deletion: You can request deletion anytime via WhatsApp or email (support@echolynk.ai). Once deleted, data cannot be recovered — ever.

3. Minimal Data, Maximum Privacy

We collect only what's required to execute your calls and keep the system running smoothly.

Personal identifiers (names, numbers, voices) are stripped or anonymized wherever technically possible before being used for optimization or diagnostics.

EchoLynk will never sell or trade your data — period.

4. Trusted Infrastructure

EchoLynk runs on a hardened infrastructure stack using leading providers:

• OpenAI – secure natural language processing
• Twilio – encrypted telephony and voice routing
• Stripe – PCI-DSS-compliant payments
• DigitalOcean / AWS (US-East) – secure hosting with 99.9% uptime

Each provider undergoes regular SOC 2 or ISO 27001-compliant audits.

5. Access Control

Access to customer data is restricted to a limited number of authorized engineers under strict need-to-know rules.

All access is logged, monitored, and automatically revoked after inactivity.

No human reviews your calls or messages unless you specifically contact support or report an issue.

6. Incident Response

In the unlikely event of a security incident:

1. We investigate immediately.
2. Contain and isolate affected systems.
3. Notify users if their data could be at risk.
4. Take preventive measures to avoid recurrence.

You'll never be left guessing.

7. Compliance & Legal Alignment

EchoLynk follows principles from:

• GDPR (EU) – lawful processing, right to be forgotten
• CCPA (California) – user transparency and opt-out
• TCPA (US) – automated call compliance (users remain responsible for consent)
• HIPAA (when applicable) – data handling best practices for sensitive conversations

While EchoLynk isn't formally certified under each, it operates under their core standards of transparency, consent, and data minimization.

8. Ethical AI Policy

EchoLynk is built to amplify your voice — not impersonate others.

It never lies, manipulates, or misrepresents identity without your clear consent.

We monitor intents to prevent fraud, harassment, and misinformation.

If misuse is detected, the call will not be executed, and the account may be suspended.

9. User Responsibilities

You play a role in keeping communication secure:

• Protect access to your WhatsApp account.
• Avoid sharing passwords or sensitive data via chat.
• Obtain consent if your jurisdiction requires two-party call recording.
• Use EchoLynk responsibly and within legal boundaries.

10. No 100% Guarantee

Even with strong security, no system is completely immune.

By using EchoLynk, you understand that no digital platform can promise absolute protection, and you agree to use the service at your discretion.

We continuously monitor, improve, and patch — but transparency remains our strongest defense.

11. Report a Security Issue

If you believe you've found a security vulnerability, please let us know responsibly.

📩 security@echolynk.ai

We'll acknowledge receipt within 24 hours and provide an update as soon as we verify and address it.