Privacy Policy
Last updated: April 18, 2026 · Applies to all users of EchoMods software and services.
Overview
1. Introduction
EchoMenu ("we," "us," or "our") operates a software licensing and distribution service. This Privacy Policy explains what data we collect from you, how we collect it, how we use it, and under what circumstances we may share or disclose it. This policy is incorporated by reference into our Terms of Service.
By using the Software, you explicitly consent to the data practices described in this Privacy Policy. If you do not consent, you must immediately cease use of the Software.
Section 2
2. Data We Collect
We collect the following categories of information, automatically and by necessity of the Software's operation:
| Category | Specific Data | Purpose |
|---|---|---|
| Hardware Identifiers | CPU ID, motherboard serial, disk identifiers, MAC address, GPU identifier, system UUID | License binding, hardware fingerprinting, fraud prevention |
| Account Data | Discord user ID, Discord username, email address | License assignment, role management, support |
| Network Data | IP address, connection timestamp, geographic region | License validation, abuse detection, session logging |
| Session Data | Launch timestamps, session duration, license validation results | Usage analytics, abuse prevention, enforcement |
| System Data | Operating system version, running process list, installed software indicators | Integrity verification, anti-circumvention, compatibility |
| Payment Data | Transaction ID, purchase tier, payment timestamp | License activation, billing, dispute resolution |
| Error & Diagnostic Data | Crash reports, error logs, debug information | Software stability, bug resolution |
We do not collect or store payment card numbers. All payment processing is handled by Stripe, Inc. under their own privacy policy.
Section 3
3. How We Use Your Data
All data collected is used for the following purposes:
- License Validation: Verifying your license is valid, active, and bound to your authorized hardware on every launch;
- Fraud & Abuse Prevention: Detecting and preventing license sharing, hardware spoofing, circumvention attempts, and other violations of our Terms of Service;
- License Enforcement: Suspending or revoking licenses where violations are detected, using hardware fingerprint data to enforce bans across devices;
- Service Operation: Delivering updates, managing Discord role assignments, and operating our authentication infrastructure;
- Security: Monitoring for unauthorized access attempts, integrity breaches, and reverse engineering activity;
- Support: Resolving technical issues, responding to inquiries, and managing your account;
- Legal Compliance: Retaining records as required by applicable law and responding to lawful requests from authorities.
Section 4
4. Data Storage & Security
All collected data is stored securely on Google Firebase infrastructure (Firestore Database, Firebase Authentication, Firebase Hosting), operated by Google LLC, subject to Google's security standards and data processing agreements. Data is stored in secure, access-controlled databases with restricted administrative access.
While we implement commercially reasonable security measures, no system is completely secure. You acknowledge that you provide your data at your own risk. We are not responsible for unauthorized access to data resulting from circumstances beyond our reasonable control.
Section 5
5. Data Sharing & Disclosure
We do not sell your personal data. We may share or disclose data in the following circumstances:
- Service Providers: Third-party providers necessary to operate our services (Google Firebase, Stripe), each bound by appropriate data processing agreements;
- Legal Obligations: When required by law, regulation, court order, or governmental authority, we will disclose data as legally compelled;
- Rights Enforcement: To protect the rights, property, or safety of EchoMenu, our users, or the public, including sharing data with law enforcement in cases of fraud, intellectual property theft, or criminal activity;
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.
Section 6
6. Data Retention
We retain your data for as long as your license is active and for a minimum period of two (2) years following license termination, expiration, or account deletion. Hardware fingerprint data used for ban enforcement may be retained indefinitely. Transactional records may be retained for up to seven (7) years as required for financial record-keeping compliance.
After the applicable retention period, data will be deleted or anonymized. Anonymized, aggregated data may be retained indefinitely for analytical purposes.
Section 7
7. Legal Basis & Legitimate Interests
Where the EU General Data Protection Regulation (GDPR), the UK GDPR, or equivalent legislation applies to you, we process your personal data on the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR): license validation, delivery of the Software, billing, and provision of support are necessary to perform the contract you enter into when purchasing or using the Software;
- Legitimate interests (Art. 6(1)(f) GDPR): we have a legitimate interest in (i) preventing license sharing, fraud, and abuse, (ii) enforcing our Terms of Service including hardware- and account-level bans, (iii) securing our infrastructure, (iv) detecting and responding to reverse engineering, circumvention, and unauthorized distribution, and (v) defending legal claims. These interests are not overridden by your rights and freedoms, particularly because the Software cannot operate without processing this data;
- Consent (Art. 6(1)(a) GDPR): where required, we rely on the consent you provide by accepting these Terms and the Privacy Policy before installing or using the Software;
- Legal obligation (Art. 6(1)(c) GDPR): retention of transactional records and responses to lawful requests from authorities.
Section 8
8. Your Rights & How to Exercise Them
Depending on your jurisdiction, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate or incomplete data; (c) request deletion of your data ("right to be forgotten"); (d) request restriction or object to processing; (e) data portability; and (f) lodge a complaint with your local data protection authority (for EU users, see edpb.europa.eu).
To exercise your rights, contact us at maximbozek1@gmail.com. We will respond within thirty (30) days. We may require you to verify your identity before acting on a request and may extend the response period by up to sixty (60) additional days where the request is complex or we have received a high volume of requests.
Please note that certain categories of data — in particular hardware fingerprint data, ban records, fraud signals, and records necessary for abuse prevention and Terms enforcement — may be retained and are exempt from deletion, erasure, or anonymization requests on the basis of our overriding legitimate interests and compliance with legal obligations, as permitted under Art. 17(3) GDPR. We will deny requests that would compromise our ability to enforce bans, prevent fraud, investigate ongoing violations, or defend legal claims. Manifestly unfounded, excessive, or repetitive requests may be refused or subjected to a reasonable administrative fee.
Browser storage
8a. Cookies & Local Storage
EchoMods does not set tracking cookies, advertising cookies, or third-party cookies. The Site uses a small amount of HTML5 localStorage on your device, strictly for functional purposes:
echomods_cart_v1— items currently in your shopping cart, until checkout completes.echomods_discord_user_v1— your Discord ID, username, avatar hash, and acceptance timestamp, stored only after you complete the Discord OAuth flow on the Site so the navbar can show "signed in" state.echomods_consent_v1/echomods_last_tos— record that you accepted the Terms of Service and the version + timestamp at which you did so. Used as audit evidence in the event of a chargeback or dispute.echomods_shop_nudge_v1— a one-time flag so the "more add-ons below" hint on the shop page only auto-scrolls on first visit.echomods_cookie_consent_v1— records that you have seen and accepted this notice; without it the consent banner re-appears on every visit.
None of these values leave your browser unless you explicitly take an action that submits them to our server (e.g. clicking Checkout sends the cart contents and the ToS acceptance timestamp). They are not used for cross-site tracking, profile-building, or advertising.
You can clear all of these at any time by clearing site data for echomods.space in your browser's settings, or by using your browser's developer tools (Application → Storage → Clear). Doing so signs you out of the Discord login state on this device and empties your cart; it does not affect your account, license, server membership, or any data on our servers.
Stripe Checkout may set its own cookies on the Stripe-hosted checkout page when you proceed to payment. Those cookies are governed by Stripe's privacy policy, not ours.
Section 9
9. International Data Transfers
Our primary infrastructure is operated by Google LLC (Firebase/Firestore) and Stripe, Inc. Personal data may be transferred to, processed in, and stored in the United States and other countries outside your home jurisdiction. Such transfers are made pursuant to the Standard Contractual Clauses approved by the European Commission, or equivalent transfer mechanisms, and subject to Google's and Stripe's own data processing agreements and safeguards. By using the Software, you acknowledge and agree to these transfers.
Section 10
10. Children's Privacy
The Software is intended for individuals aged 18 or older. We do not knowingly direct the Software to, or knowingly collect personal data from, individuals under the age of 13 (or the equivalent minimum age in your jurisdiction). If you are under 18, you must not purchase or use the Software without the supervision and explicit consent of a parent or legal guardian. If we become aware that we have collected personal data from a child in violation of this section, we will take reasonable steps to delete such data, provided such deletion does not conflict with our legal obligations or legitimate interests in preserving records of abuse, fraud, or breach of Terms.
Section 11
11. Changes to This Policy
We reserve the right to update this Privacy Policy at any time at our sole discretion. Changes are effective immediately upon posting to our website, unless a later effective date is specified. For material changes that affect your rights, we will make commercially reasonable efforts to notify you via Discord, email, or in-Software notification. Your continued use of the Software following any changes constitutes your acceptance of the updated policy. If you do not agree to the updated policy you must immediately cease use of the Software; continued use waives any objection.
Contact
12. Contact
For privacy-related inquiries: maximbozek1@gmail.com
For general support: join our Discord server.