Echo

Privacy Policy

How Echo handles your data

Last updated: 19 May 2026

Echo ("we", "the app") is operated by Lumarion Technologies Sdn. Bhd. (Malaysia company registration 202601001066). This policy explains, in plain terms, what data Echo collects, how it is collected, every use of that data, and the third parties it is shared with — including a third-party AI service (Google Gemini).

1. Data Echo collects, how, and why

The table below lists every category of data Echo handles, how it is collected, what it is used for, and which third parties (if any) receive it.

DataHow it is collectedHow it is usedShared with
Business card imageYou capture it with the in-app camera, or pick a photo from your photo library(a) On-device OCR using Apple Vision to extract text; (b) Sent to Google Gemini to parse contact fields and draft a follow-up message; (c) Stored locally on your device (Apple SwiftData) and, if you are signed in, synced to your private iCloud databaseGoogle Gemini (third-party AI) — see §2
OCR text extracted on-deviceGenerated locally by Apple Vision from the card imageSent to Google Gemini together with the card image to improve parsing accuracyGoogle Gemini (third-party AI) — see §2
Parsed contact fields (name, title, company, phone, email, website)Returned by Google Gemini from the card image and OCR textDisplayed to you, stored locally, optionally written to iOS Contacts if you tap “Save to Contacts”None (stays on your device / your iCloud)
AI-drafted follow-up messageReturned by Google Gemini, personalised with your profile and eventDisplayed to you for editing and sending via your own WhatsApp/email — Echo never sends messages on your behalfNone (stays on your device / your iCloud)
Your profile (name, role, company) and the event nameYou enter it in Settings / onboardingSent to Google Gemini alongside each scan so the follow-up message is personalised in your voice and contextGoogle Gemini (third-party AI) — see §2
Apple user identifier + email (Sign in with Apple)Provided by Apple if you sign in with AppleAssociates your subscription entitlement with your account so it works across your devicesApple (provides the identifier); not sold or shared with anyone else
Subscription receiptApple StoreKit when you subscribeVerify an active Echo Pro entitlementApple StoreKit — Echo never sees your payment method, card number, or billing address
Anonymous crash reports & performance metricsAuto-collected by Apple if you opted in at iOS setupDiagnose crashes and improve stability — no card content, messages, or profile data is includedApple (per your iOS Analytics setting)

2. Third-party AI service — Google Gemini

Echo uses Google Gemini, an AI service operated by Google LLC, to parse business cards and to draft follow-up messages. The following data is transmitted to Google Gemini on every scan:

Requests are routed through Lumarion's Cloud Run proxy (echo-api-300830381418.asia-southeast1.run.app) so that Google API keys are never shipped inside the app. The proxy does not retain request bodies; it forwards each request to Gemini and returns the response.

Google's handling of this data — including any retention by Google — is governed by the Gemini API Terms and Google's Privacy Policy. Echo does not use this data to train any model, and Lumarion does not retain copies of the requests on its own servers.

3. Where the rest of your data lives

Everything that is not sent to Google Gemini (scans, parsed contacts, drafted messages, your profile and event) is stored locally on your iPhone using Apple SwiftData. If you are signed into iCloud, Echo also syncs this data to your private iCloud database (the iCloud.co.lumarion.cardconnect container) so it is available across your iPhone, iPad, and Mac, and so a phone replacement does not lose your contacts. iCloud data is end-to-end encrypted by Apple — Lumarion cannot read it; only the user with their Apple ID can. If you sign out of iCloud or never sign in, Echo falls back to local-only storage automatically.

This data never reaches Lumarion-controlled servers. It does not leave Apple's ecosystem unless you explicitly send it somewhere — for example, via WhatsApp, email, or by saving a contact to your iOS Contacts.

4. Permissions Echo requests

Each permission is requested only when needed and can be revoked at any time in iOS Settings.

5. Your rights and how to delete your data

You can delete all your data at any time:

For account-related questions or to exercise rights under PDPA 2010 (Malaysia) or GDPR, email support@lumarion.co. We respond within 30 days.

6. Children

Echo is not directed at children under 13 and we do not knowingly collect data from them.

7. Changes to this policy

We may update this policy as the app evolves. Material changes will be announced in-app before they take effect.

8. Contact

Lumarion Technologies Sdn. Bhd. (202601001066)
Email: support@lumarion.co