EchoSlam logoechoslam← Home

Privacy Policy

Last updated: 21 April 2026

EchoSlam (“EchoSlam”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains what personal data we collect when you use our website builder and booking platform at echoslam.io (the “Service”), how we use it, who we share it with, and the rights you have.

This Policy applies to two groups of people: business owners who sign up for an EchoSlam account (“Pros”) and visitors or clients who view a Pro’s public page or make a booking through it (“Clients”).

1. Who is responsible

EchoSlam is the data controller for the personal data we collect from Pros when they sign up and use the dashboard. For data that Clients submit to a Pro (for example, their name and WhatsApp number when making a booking), the Pro is the data controller and EchoSlam acts as a processor that hosts the data on the Pro’s behalf.

2. What we collect

From Pros

  • Account details: name, business name, email address, password (stored hashed), chosen username and the URL slug for your public page.
  • Profile content you publish: bio, services and prices, store address, business hours, links (Instagram, Maps, etc.), photos and any other content you add to your page.
  • Contact details: WhatsApp number used as the call-to-action on your page.
  • Billing information: plan, subscription status, billing interval, customer and subscription IDs from our payment processor (Stripe). Card details are processed by Stripe; we do not store full card numbers.
  • Usage and technical data: log records, IP address, device and browser information, pages viewed, basic analytics (such as profile-view counts, day and country) and cookies (see section 8).
  • Support communications: messages you send us via WhatsApp or email.

From Clients

  • Information needed to make or manage a booking with a Pro: name, WhatsApp number, optional email, the service or product chosen, the requested time, and any notes you write.
  • If a Pro takes online payment for a booking, the payment is processed by Stripe and we store a reference to it (we do not store full card numbers).
  • Basic technical data when you visit a Pro’s page (such as IP address, country, device type and approximate visit time).

3. How we use your data

We use personal data to:

  • create and manage Pro accounts and public pages;
  • show Pro pages to Clients and let Clients make and manage bookings;
  • process subscription payments and bookings via our payment processor;
  • send essential service emails (sign-up confirmation, password reset, billing receipts, important account changes);
  • provide customer support and respond to your questions;
  • monitor, secure and improve the Service, including fraud prevention and basic product analytics;
  • comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data and we do not send marketing emails unless you have opted in.

4. Legal bases (where applicable)

Where data-protection law (such as the Malaysian PDPA or the EU GDPR) requires a legal basis, we rely on:

  • Contract — to deliver the Service to Pros and to enable bookings between Pros and Clients;
  • Legitimate interests — to keep the Service secure, prevent abuse, and improve our product;
  • Legal obligation — to keep tax, accounting and other legally required records;
  • Consent — for any optional cookies or marketing communications, which you can withdraw at any time.

5. Who we share data with

We share personal data only with trusted service providers that help us run the Service, and only what they need to do their job:

  • Lovable Cloud / Supabase — hosting, database and authentication.
  • Stripe — subscription billing and online booking payments.
  • Email and messaging providers — for transactional emails and WhatsApp links.
  • Analytics providers — for aggregated product and page analytics.

We may also share data with law enforcement or regulators where we are legally required to, and with a buyer or successor entity if EchoSlam is sold or reorganised. In that case we will notify affected users.

6. International transfers

Some of our service providers operate outside Malaysia (for example, in the United States or the European Union). When personal data is transferred outside your country, we rely on appropriate safeguards such as standard contractual clauses or the providers’ certified transfer mechanisms.

7. How long we keep data

  • Pro account data is kept while your account is active and for a reasonable period after closure to comply with legal, tax and audit obligations (typically up to 7 years for billing records).
  • Client booking data is kept for as long as the relevant Pro account is active, plus a short retention window so we can respond to disputes.
  • Logs and analytics data are typically kept for up to 24 months, after which they are deleted or aggregated.

8. Cookies

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences, and measure how the Service is used. Strictly necessary cookies (for example, your session cookie) are always set; other cookies are used only with your consent where required.

9. Security

We use industry-standard measures to protect your data, including HTTPS encryption in transit, encryption at rest at our hosting provider, hashed passwords, role-based access controls and audit logging. No system is 100% secure; please use a strong, unique password and tell us right away if you suspect any unauthorised access to your account.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete or export your personal data, to object to or restrict certain processing, and to lodge a complaint with your local data-protection authority. To exercise these rights, contact us using the details below. Clients should contact the relevant Pro first for booking-related data, since the Pro is the controller of that data.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has given us personal data, please contact us so we can delete it.

12. Changes to this Policy

We may update this Policy from time to time. If the changes are material, we will notify you by email or in the Service before the changes take effect. The “Last updated” date at the top tells you when this Policy was last revised.

13. Contact us

For privacy questions or to exercise your rights, contact us at support@echoslam.io or via WhatsApp from the support link in your dashboard.