Terms of Service

1. Acceptance of Terms

By accessing or using EchoWithin ("the Platform"), you agree to be bound by these Terms of Service. If you do not agree to these terms, you must not use our services.

2. Service Overview

EchoWithin provides a hybrid platform for digital expression, including:

• Public Blogs: Shared community content, discussions, and comments.
• Personal Space: Private, encrypted note-taking for personal thoughts with search, tags, and references.
• Shared Notes: Secure, temporary content sharing with optional surprise themes, access controls, and collaboration features.
• Direct Messaging: Real-time private conversations between users, including text and image sharing.
• Mobile App & PWA: Installable progressive web app and native Android app with offline support.

3. Account & Authentication

You may create an account using an email/password or by signing in with Google OAuth. By using Google sign-in, you authorize us to access your basic profile information (name, email, profile picture) as provided by Google. We do not access your Google contacts, files, or any other data beyond what is needed for authentication.

You are solely responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

4. Privacy & Data Sovereignty

We prioritize your privacy:

• Note Encryption: Personal notes are encrypted at rest using industry-standard protocols. Our team cannot read the contents of your private personal notes.
• PIN-Locked Notes: You may add an additional PIN lock to sensitive notes. The PIN is hashed and stored securely. We cannot recover lost PINs.
• Security Headers: All traffic is served over HTTPS with HSTS, Content Security Policy, and XSS protection headers enforced.
• No Data Sales: We do not sell, trade, or rent your personal information to third parties.

5. Shared Content & Collaboration

When sharing notes via links:

• Revocation: You may revoke shared links manually, or set them to expire automatically. We do not guarantee access to shared links after expiration.
• Access Codes: If you protect a note with an access code, you are responsible for distributing that code only to intended recipients.
• Collaboration & Proposals: Shared notes with edit permission allow collaborators to propose changes. Depending on your approval settings, changes are either auto-applied or queued for your review. You may accept or reject proposals at any time.
• Version History: Edits to notes are tracked with version snapshots (up to 50 per note). You can compare and restore any previous version. Older versions beyond the 50-version limit are automatically pruned.
• Media Ethics: Any media (photos/audio) uploaded for "Surprise Themes" must be owned by you or used with permission and must comply with our safety guidelines.
• Data Persistence (Total Purge): When a recipient "Saves" a shared note, they create a personal copy. However, all copies remain linked to the original. If the original owner chooses to "Delete for Everyone", all cloned copies will be permanently purged.

6. Direct Messaging

EchoWithin provides real-time direct messaging between users. By using this feature:

• You agree not to send spam, harassment, or unsolicited commercial messages.
• Messages may include text and images. All uploaded media must comply with our community guidelines.
• We reserve the right to moderate or remove messages that violate our terms and to suspend accounts that engage in abusive messaging.
• Message history is stored on our servers and is subject to the same deletion policies as other user data.

7. Community Guidelines & Moderation

To maintain a safe and productive community, you agree NOT to:

• Post or share illegal, abusive, harassing, or defamatory content.
• Infringe upon the intellectual property rights of others.
• Engage in automated scraping or systematic data collection without permission.
• Impersonate other users or create misleading accounts.
• Use the platform to distribute malware or phishing content.

EchoWithin reserves the right to remove any content (including blog posts, comments, messages, and shared notes) and suspend or terminate accounts that violate these guidelines.

8. Communications & Notifications

By creating an account, you may receive:

• Push Notifications: Browser and mobile push notifications for new comments, replies, messages, and collaboration activity. You can enable/disable these in your browser settings or Profile Settings.
• Email Notifications: Automated service emails (notifications, newsletters). We comply with RFC 8058 "One-Click Unsubscribe" standards. You may opt out of non-essential communications at any time via the unsubscribe links provided.

9. Data Export & Backup

You have the right to a portable copy of your data at any time:

• Full Export: From your Account Settings you can download a JSON file containing your profile information, blog posts, comments, and decrypted personal notes.
• Your Data, Your Control: We encourage regular backups. Exported data is provided as-is and is your responsibility once downloaded.

10. Account Deletion

You may permanently delete your account from Account Settings. Deletion triggers the following:

• Full Data Purge: Your profile, blog posts, comments, personal notes, shared links, note versions, discussion threads, messages, push subscriptions, and notification tokens are permanently removed from our databases.
• Media Cleanup: Your profile picture and any images attached to your posts are permanently destroyed from our cloud storage.
• Search Index Removal: Your posts and notes are removed from our search indexes.
• Irreversibility: Account deletion cannot be undone by our team. We strongly recommend exporting your data before deleting your account.

11. Data Removal & "Hard Delete" Policy

At EchoWithin, "Delete" means delete. When you choose to remove a blog post, a comment, a message, or a personal note, the following occurs:

• Permanent Removal: The record is immediately purged from our active databases. We do not use "soft-deletes" or keep hidden copies of your deleted content.
• Cascading Media Cleanup: Any associated media (images/audio) stored in our cloud storage is permanently destroyed if not linked to other active content.
• Irreversibility: Once data is deleted, it cannot be recovered by our team. You are encouraged to maintain your own backups of important personal notes.

12. Limitation of Liability

EchoWithin is provided "as is." While we strive for 100% uptime and data integrity (including background sync for offline notes), we are not liable for data loss, service interruptions, or damages arising from your use of the platform.

13. Changes to Terms

We may update these terms to reflect new features or legal requirements. We will notify you of significant changes, and continued use of the Platform constitutes acceptance of the updated terms.

14. Premium Subscriptions

EchoWithin offers an optional Premium plan at KSH 50 per month. Premium features include:

• Unlimited notes and higher character limits per note.
• Note Locking — additional PIN-based privacy for sensitive notes.
• Blog Space — customisable profile with taglines, pinned posts, and social links.
• Scheduled Messages — send direct messages at a specified future time.
• Unlimited share links and surprise notes.
• Extended version history (365-day retention vs 7-day on Free).
• Auto-approve collaboration on shared notes.

Subscriptions are billed monthly via Paystack. By subscribing, you authorise recurring charges to your chosen payment method. You may cancel at any time from your Profile Settings; your Premium access will remain active until the end of the current billing period.

15. Free Trial

New accounts receive a 1-day free trial of Premium features. No payment information is required to start the trial. When the trial expires, your account automatically reverts to the Free plan. No data is lost when transitioning between plans — your notes, messages, and shared content remain intact.

16. Refund Policy

Due to the digital nature of the service, Premium subscription fees are generally non-refundable. If you experience a technical issue preventing access to paid features, please contact us within 7 days of the charge and we will work to resolve the issue or provide a refund at our discretion.