PRIVACY POLICYLast updated
May 4, 2026
May 4, 2026
Your data, plainly.
Echo translates captions and live audio for YouTube, Twitch, Kick, and Crunchyroll. This page explains what data is processed, where it goes, and what we do not do with it.
We don't sell dataNo selling, renting, or ad profiles. Ever.
Your keys stay localBYOK keys live in Chrome storage — never on Echo servers.
Translate-only processingAudio, captions, transcripts — used only to make subtitles.
DATA
What Echo collects
Audio from the active video tabLIVE
Only after you click Echo on YouTube, Twitch, Kick, or Crunchyroll. Audio is streamed in short chunks to the speech-to-text provider you selected and is not stored on servers we control.YouTube caption track dataVOD
When a video has captions, Echo reads the caption track from the page so it can display and translate it without re-transcribing the video.User preferencesLOCAL
Target language, subtitle style, theme, prompt settings, provider choices, and similar settings are stored with chrome.storage.BYOK API keysLOCAL
OpenRouter, AssemblyAI, Groq, and DeepInfra keys are stored in Chrome storage and are used only for direct requests to the provider you chose.Account dataAUTH
If you sign in, Supabase stores your email, auth state, and plan/subscription state. Echo uses this to authorize the extension and enforce plan access.Usage metricsMANAGED
For Pro, Pro Plus, and Pro Max managed requests, Echo records request timestamps, plan tier, mode, target language, and token counts. We do not store source transcripts, translations, or video IDs.PROVIDERS
Third parties that receive data
Echo shares data only with providers required to make subtitles, translation, account access, and billing work.
SupabaseAuthentication and database — receives account email and stores subscription state.
AssemblyAISpeech-to-text — receives live audio chunks when AssemblyAI transcription is used.
OpenRouterTranslation routing — receives transcript text and translation prompts for managed translation requests.
GoogleOptional OAuth sign-in — receives and returns Google account identity data only when you choose Google sign-in.
PaddlePayments when paid plans launch — Paddle is the Merchant of Record (seller of record) and handles checkout, billing, and tax. Echo receives billing status, not raw payment card data.
LIMITS
What Echo does not do
✓We do not sell or rent user data.
✓We do not use your data to train models.
✓We do not use user data for personalized advertising or ad targeting.
✓We do not use user data to determine creditworthiness or for lending.
✓We do not track which videos or streams you watch.
✓We do not inject ads, affiliate links, or unrelated content into pages.
CONTROL
Retention and deletion
Audio, transcripts, and translations
Audio is transit-only. Transcripts and translations are not stored on Echo servers; they live in your browser while the page is open.Account data
Account and subscription data stays while your account exists. You can delete your account from echolocalize.xyz/account.Usage metrics
Managed-plan usage aggregates are kept for billing, abuse prevention, and quota reconciliation, then deleted when no longer needed.Local extension data
Local settings and BYOK keys are removed when you uninstall Echo or clear extension storage in Chrome.SECURITY
Security
✓All network traffic uses HTTPS or WSS.
✓Auth cookies are HTTP-only, Secure, and SameSite=Lax.
✓BYOK API keys do not transit Echo servers.
✓Subscription and usage writes are performed only by trusted server-side code.
LEGAL
Children, international users, and changes
Children
Echo is not directed at children under 13. If you believe a child provided data, contact us and we will delete it.International rights
Users in the EU/EEA, UK, California, and similar jurisdictions can request access, correction, export, or deletion.Policy changes
If we make material changes, we update this page and notify signed-in users when appropriate.Questions or deletion requests:support@echolocalize.xyzThis policy is provided for Chrome Web Store review and for Echo users. It reflects the current behavior of the extension and website.