Last updated: 19 March 2026

This Privacy Policy explains how Ecko collects, uses and protects personal data when you visit the Ecko website, contact us, or use the Ecko platform.

Ecko is operated in the United Kingdom by Andrew Viney. If you have any questions about this Privacy Policy or want to exercise your data protection rights, please contact [email protected].

Who this policy applies to

This policy applies to:

• visitors to the Ecko website
• people who contact us by form or email
• registered Ecko users
• representatives of organisations that use or enquire about Ecko

Who controls personal data

For personal data collected through the Ecko website for our own business purposes, such as website enquiries, account administration, support, service communications, analytics and platform security, Andrew Viney trading as Ecko is the data controller.

Where an Ecko user or their organisation uploads, creates, manages or publishes content through Ecko, that organisation will usually be the data controller for the personal data contained in that content, and Ecko acts as a service provider or processor hosting and publishing that content on the organisation’s instructions.

If you are an individual whose personal data appears in content published by an Ecko customer, you should usually contact the relevant organisation directly in the first instance.

What personal data we collect

Information you provide directly

We may collect personal data that you provide directly to us, including:

• your name
• your email address
• your organisation name
• your role or job title
• the contents of any message, enquiry or support request you send us
• for registered users, account details such as name and email address
• files and media uploaded to Ecko, such as images, PDFs and similar materials

Information collected automatically

When you use the website or platform, we may also collect certain technical and usage information automatically, including:

• IP address
• browser type and device information
• pages viewed and actions taken on the site
• referring website or source
• date and time of requests
• cookie and consent preferences
• server and security log information

How we use personal data

We use personal data for the following purposes:

• to respond to enquiries and other messages
• to provide and manage Ecko user accounts
• to authenticate users and maintain platform security
• to provide customer support
• to send service-related emails and administrative communications
• to operate, host, maintain and improve the website and platform
• to monitor usage and performance through analytics, where applicable
• to prevent spam, abuse, fraud and other misuse
• to create backups and support business continuity and disaster recovery
• to comply with legal, regulatory and accounting obligations
• to establish, exercise or defend legal claims where necessary

Lawful bases

Depending on the context, we rely on one or more of the following lawful bases under UK data protection law:

• Consent, for example where optional analytics cookies are used after you have accepted them
• Contract, where processing is necessary to provide Ecko services or manage user accounts
• Legitimate interests, such as operating and improving the service, responding to enquiries, securing the platform, preventing abuse and maintaining records
• Legal obligation, where we need to retain or disclose information to comply with applicable law

Where we rely on legitimate interests, we do so only where we believe those interests are not overridden by your rights and freedoms.

Contact forms and enquiries

If you contact us through the website or by email, we will use your information to respond to your enquiry, keep a record of correspondence, and manage any resulting business relationship.

We do not currently run an automated marketing mailing list. If you contact us, we may follow up in relation to your enquiry, but we do not add people to a general marketing list simply because they have made contact.

User accounts

For registered Ecko users, we collect and use account information such as name and email address so that we can create and manage accounts, authenticate access, provide support, send service messages, and operate the platform.

Ecko is intended for use by adults acting on behalf of an organisation. Children cannot create accounts.

Uploads, newsletters and public content

Anything uploaded to Ecko should be treated as public.

Ecko is a publishing platform. We do not provide private file storage in the way that a service such as cloud drive or private document storage might. We make no promise that uploaded files, media or newsletter content will remain private, confidential or inaccessible to others.

Although Ecko may discourage search engines from indexing newsletter pages, that does not guarantee that content will not be indexed, discovered, shared or accessed by others. For that reason, all content uploaded to Ecko, including files, images, PDFs and newsletter content, should be treated as public for all practical purposes.

Users are responsible for the content they upload and publish. Before uploading or publishing any content through Ecko, users must ensure that:

• they have the right to upload and publish it
• they have any permissions, consents or other lawful basis required to use any personal data it contains
• personal data that should not be made public has been removed or redacted
• images, videos or other media showing identifiable individuals, including children, are only published where the user or their organisation has an appropriate lawful basis and any permissions required by law or policy

Ecko does not routinely review, scan or verify whether uploaded files contain personal data. Responsibility for the lawfulness and appropriateness of uploaded and published content remains with the user and, where applicable, their organisation.

Cookies, local storage and similar technologies

Ecko uses cookies, local browser storage and similar technologies for a few different purposes.

Strictly necessary cookies

We use essential cookies and similar technologies that are necessary for the website or platform to function properly. These may include login and session cookies, security-related cookies, and technologies used to remember essential user settings.

Preference storage

We may use local browser storage to remember user preferences and improve usability. This can include storing settings locally on your device, including where a reader has not created an account or signed in.

Analytics cookies

We use Google Analytics to help us understand how people use the website. These analytics technologies are optional and are only used where you have given the relevant consent through our cookie banner.

You can update your cookie choices at any time using the cookie controls made available on the website, if present, or through your browser settings.

Embedded content

Some pages may include embedded content, such as videos or media from third-party platforms. These third parties may set their own cookies or collect information when the content is loaded or interacted with.

Analytics and server logs

We use Google Analytics, subject to user consent where required, to better understand website usage and improve the service.

We also keep server logs and may use standard hosting and infrastructure analytics made available by our providers. These may include technical information such as IP address, request details, timestamps, user agent data, security events and similar information used for performance monitoring, troubleshooting and protecting the service.

Spam prevention and abuse protection

We may use anti-spam and abuse-prevention tools on website forms and other parts of the service. This may include services such as Google reCAPTCHA or Cloudflare Turnstile. These services may process technical and behavioural data in order to distinguish genuine users from bots or abusive traffic.

If and when such tools are enabled, your use of protected forms or pages may also be subject to the relevant third party’s privacy terms.

Who we share personal data with

We may share personal data where necessary with:

• our hosting, infrastructure, security, storage and backup providers
• service providers that help us run the platform, process media, manage email or analyse usage
• the organisation that an Ecko user represents, where relevant to the provision of the service
• professional advisers such as accountants, solicitors, auditors or insurers
• law enforcement, regulators, courts or other authorities where required by law or where necessary to protect our rights or the rights of others
• a prospective buyer, seller or successor in connection with a business sale, transfer, merger, investment or reorganisation

We do not sell personal data.

Third-party services we use

Ecko uses a number of third-party providers to operate the website and platform. Depending on how you interact with Ecko, these may include:

• Krystal for UK web hosting and backups
  https://krystal.io/legal/privacy-policy
• Cloudflare for content delivery, DNS, security, bot protection, firewall and related infrastructure services
  https://www.cloudflare.com/privacypolicy/
• Google Analytics for website analytics, where consent has been provided
  https://policies.google.com/privacy
• Google Workspace for business email communications
  https://policies.google.com/privacy
• Cloudinary for media and file processing, including generating preview images from uploaded PDFs
  https://cloudinary.com/privacy
• Fluent Forms as the website form software used to collect enquiries submitted on the site
  https://fluentforms.com/privacy-policy/
• YouTube where embedded YouTube media is used
  https://policies.google.com/privacy
• Vimeo where embedded Vimeo media is used
  https://vimeo.com/legal/privacy/policy
• Google reCAPTCHA if enabled for spam prevention
  https://policies.google.com/privacy
• Cloudflare Turnstile if enabled for spam prevention or abuse protection
  https://www.cloudflare.com/privacypolicy/

These providers may change from time to time as the service develops.

International transfers

Although Ecko is operated from the United Kingdom and uses UK-hosted web hosting for the main website, some of the third-party services we use may process or store personal data outside the UK.

Where personal data is transferred internationally, we take reasonable steps to ensure that appropriate safeguards are in place, such as using providers that offer recognised transfer mechanisms, contractual protections or other lawful safeguards as required by applicable data protection law.

Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, and as otherwise required or permitted by law.

Retention periods may vary depending on the type of data and the reason we hold it. In general:

• enquiry and correspondence records are kept for as long as needed to deal with the enquiry and maintain appropriate business records
• registered user account information is kept for the duration of the account and a reasonable period afterwards where necessary for support, security, legal or administrative reasons
• newsletters, uploads and related user content are generally retained for up to 6 months after the end of the relevant service, unless a longer period is needed for legal, technical or backup reasons
• automated backups may continue to exist for longer until they are overwritten or rotated out in the normal backup cycle
• analytics and log data may be retained for varying periods depending on system settings, security requirements and provider defaults

We may retain information for longer where necessary to comply with legal obligations, resolve disputes, enforce agreements, or protect the integrity and security of the service.

Security

We take reasonable technical and organisational measures to help protect personal data. These may include HTTPS and encrypted connections, password-protected user accounts, access controls, backups, limited administrative access, firewalling, bot protection and related security measures.

No website or online service can guarantee absolute security. You should also take care to use strong passwords, keep login details confidential and avoid uploading information that should not be made public.

Your rights

Depending on the circumstances, you may have the right to:

• request access to your personal data
• request correction of inaccurate or incomplete personal data
• request deletion of your personal data
• request restriction of processing
• object to certain processing
• request transfer of your personal data where applicable
• withdraw consent where processing is based on consent
• complain to the Information Commissioner’s Office if you believe your data has been handled unlawfully

To make a request relating to your personal data, please email [email protected]. We will handle requests in accordance with applicable UK data protection law.

If your request relates to content published by an organisation using Ecko, we may direct you to that organisation where it is the relevant data controller.

Complaints

If you have concerns about how personal data has been handled, please contact us first at [email protected] and we will try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk/

Automated decision-making

Ecko does not carry out automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to Ecko, legal requirements, or the third-party services we use. The latest version will always be published on this page, together with the date it was last updated.

Contact

If you have any questions about this Privacy Policy or about how personal data is handled in relation to Ecko, please contact [email protected].