Last updated: June 26, 2026
We collect the following information:
[Access data] When you consent, we collect access logs (IP address, browser information, pages visited, time on site, etc.) via Google Analytics.
[Account data] For registered members, we collect your email address, display name (optional), profile image URL (optional), and bio (optional). If you sign in with Google, we use the public profile information provided by Google.
[Connection data] We store the celebrities and organizations you register as acquaintances, along with any memos you attach to those connections. This data is essential to the core service (six degrees of separation routing).
[Authentication data] We store session IDs in a database to maintain your login state.
[Service delivery] Account data, connection data, and memos are processed to provide the service (network route exploration). Legal basis: performance of a contract (Art. 6(1)(b)).
[Analytics] Access logs are collected via Google Analytics only when you give consent. Legal basis: consent (Art. 6(1)(a)). You may withdraw consent at any time.
[Transactional email] We send service-related emails such as login magic links and account deletion confirmations. Legal basis: performance of a contract (Art. 6(1)(b)).
We use the following cookies:
[Functional cookies — no consent required] · echo_lang: Stores your chosen display language (Japanese/English). Expires after 1 year. · Authentication session cookie: Maintains your logged-in state.
[Analytics cookies — consent required] · echo_analytics_consent: Stores your analytics cookie consent choice. Expires after 1 year. · Google Analytics cookies (_ga, etc.): Used for access analysis. Only activated when you consent.
You can change your cookie preferences at any time via the "Cookie Settings" link in the footer.
We share data with the following services, each under appropriate Data Processing Agreements (DPAs):
· Google LLC (Google Analytics & Google Sign-In): Used for access analysis and authentication. Google's Privacy Policy applies.
· Resend, Inc.: Used to send login and notification emails. Only your email address is shared.
We do not sell or share personal data with third parties except as required by law.
· Access logs: Retained per Google Analytics' standard retention period (up to 26 months). · Account data, connection data, and memos: Permanently deleted immediately upon account deletion. · Authentication sessions: Retained for 30 days after last login. · Email delivery logs: Retained per Resend's standard retention period.
If you are located in the EEA or Japan, you have the following rights:
· Right of access (Art. 15): Request a copy of the personal data we hold about you. · Right to rectification (Art. 16): Request correction of inaccurate data. · Right to erasure (Art. 17): Delete all your data directly from your Account page using the "Delete account" option. · Right to restriction (Art. 18): Request that we restrict processing of your data. · Right to data portability (Art. 20): Request your data in a machine-readable format by contacting us. · Right to withdraw consent: Withdraw analytics cookie consent at any time via "Cookie Settings" in the footer.
To exercise any of these rights, please contact us at the address below.
The data controller for this service is the echooo operator, based in Japan.
This policy may be updated to reflect changes in law or the service. We will notify you of significant changes via the service.
For privacy-related inquiries, please contact us at info@echooo.me.