Privacy Policy
Effective April 17, 2026
1. Who We Are
Eccolo is operated from Los Angeles, California, USA. Contact us at hello@eccolo.app with any privacy questions.
2. What Data We Collect
Maker accounts: name, studio name, email address, password (hashed), billing information (processed by Stripe — we never see your full card number), plan status, notification preferences, and any content you create or upload (projects, photos, documents, cost breakdowns, inventory).
Client portal access: Clients access portals via a password shared by the maker. We do not require clients to create accounts. We may store a client's name and email if entered by the maker, and we log when a portal is first accessed.
Communications: If you contact us, we retain your messages.
3. How We Use Your Data
- To provide and operate the Service
- To process payments and manage your subscription
- To send transactional emails (password resets, billing notifications, project activity alerts you've opted into)
- To respond to support requests
- To comply with legal obligations
We do not sell your data. We do not use your data for advertising.
4. Legal Basis (GDPR / UK GDPR)
If you are in the European Economic Area or United Kingdom, our legal bases for processing are:
- Contract performance — to provide the Service you've signed up for
- Legitimate interests — to operate and improve the platform, prevent fraud, and send transactional communications
- Consent — where you have opted in to specific communications
- Legal obligation — where required by law
5. Third-Party Processors
We share data with the following sub-processors only as needed to provide the Service:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and file storage | USA (AWS) |
| Stripe | Payment processing | USA |
| Resend | Transactional email delivery | USA |
| Vercel | Hosting and infrastructure | USA |
Each processor is bound by a data processing agreement and implements appropriate safeguards.
6. International Data Transfers
If you are in the EU or UK, your data may be transferred to and processed in the United States. Such transfers are made under Standard Contractual Clauses or other appropriate safeguards as required by applicable law.
7. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g. billing records).
8. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing
- Receive a portable copy of your data
- Withdraw consent at any time
EU/UK residents may also lodge a complaint with your local data protection authority.
California residents have rights under the CCPA, including the right to know what data we collect and the right to request deletion. We do not sell personal information.
To exercise any of these rights, email hello@eccolo.app.
9. Children
The Service is not directed to children under 13. We do not knowingly collect data from children.
10. Changes
We'll notify you by email if we make material changes to this policy.