CustomerEcho — Terms of Service

These Terms of Service ("Terms") govern your access to and use of CustomerEcho (the "Service") provided by CustomerEcho, registered at Sepapaja tn 6, 15551 Tallinn, Estonia ("CustomerEcho", "we", "us", or "our").

By creating an account, accessing, or using the Service, you ("Customer", "you", or "your") agree to be bound by these Terms. If you are using the Service on behalf of an organisation, you represent that you have authority to bind that organisation, and "Customer" refers to that organisation.

If you do not agree to these Terms, do not use the Service.

1. The Service

CustomerEcho is a customer experience management platform that allows businesses to collect, analyse, and act on feedback from their customers, members, visitors, and other audiences. The Service includes feedback collection points (such as QR codes), AI-powered analysis (sentiment, themes, categorisation), dashboards, alerts, and reporting.

We may modify, add to, or remove features of the Service from time to time. We will not materially reduce the core functionality of any paid plan during your active billing period without notice.

2. Accounts and Eligibility

You must be at least 18 years old and capable of forming a binding contract to use the Service. You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account. Notify us promptly at security@customerecho.com if you suspect unauthorised access.

We strongly recommend enabling multi-factor authentication on all accounts.

3. Acceptable Use

You agree not to use the Service to:

• Violate any applicable law, regulation, or third-party rights;
• Infringe intellectual property, privacy, or publicity rights;
• Transmit malware, conduct security attacks, or attempt to disrupt the Service;
• Reverse engineer, decompile, or attempt to extract source code, except as permitted by law;
• Resell, sublicense, or white-label the Service without our written agreement;
• Use the Service to harass, defame, or discriminate against any person;
• Submit false, misleading, or fraudulent information;
• Send unsolicited communications using data collected through the Service;
• Use automated means (scrapers, bots) to access the Service except via our documented APIs;
• Submit categories of data prohibited under Section 4.

4. Data You May Not Submit ("Prohibited Data")

The Service is not designed for, and must not be used to collect, process, or store, the following categories of data:

• Protected Health Information (PHI) as defined under the U.S. Health Insurance Portability and Accountability Act (HIPAA), including any individually identifiable health information from patients or members;
• Payment card data subject to PCI DSS, including full card numbers, CVV codes, or magnetic stripe data;
• Government-issued identifiers such as social security numbers, national insurance numbers, passport numbers, or tax identification numbers;
• Biometric identifiers such as fingerprints or facial recognition data;
• Children's personal data where the child is under 16, unless lawful parental consent has been obtained and you have notified us in writing;
• Special category data under UK/EU GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, data concerning sex life or sexual orientation), except where genuinely incidental to general experience feedback and where you have a lawful basis;
• Any other data the submission of which would require a Business Associate Agreement, Data Processing Agreement with specific terms beyond Section 9, or other industry-specific compliance instrument we have not agreed to in writing.

CustomerEcho is not a HIPAA-covered service and does not sign Business Associate Agreements at this time. Healthcare customers may use the Service for operational and experience feedback (for example on service delivery, communication, environment, and process) but must not collect or submit PHI through the Service.

If you become aware that Prohibited Data has been submitted to the Service, notify us immediately at security@customerecho.com. We may, at our discretion, automatically detect, redact, or delete suspected Prohibited Data. Repeated submission of Prohibited Data is a material breach of these Terms.

5. Customer Content and Ownership

Your data is yours. You retain all rights, title, and interest in the feedback, responses, and other content submitted to or through the Service ("Customer Content").

You grant us a limited, worldwide, non-exclusive licence to host, process, transmit, display, and analyse Customer Content solely as necessary to provide the Service to you. This licence ends when the relevant Customer Content is deleted, except for backup copies retained per our retention schedule.

We may use aggregated, de-identified data derived from Customer Content to operate, improve, and benchmark the Service, provided such data cannot reasonably be used to identify you, your customers, or any individual.

We will not use Customer Content to train general-purpose machine learning models offered to other customers without your written consent.

6. Our Intellectual Property

The Service, including all software, designs, text, graphics, and trademarks, is owned by CustomerEcho or our licensors and is protected by intellectual property laws. We grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service in accordance with these Terms during your subscription term. No other rights are granted.

7. Fees and Payment

Fees are listed on our pricing page or in your Order Form. Subscriptions are billed monthly or annually in advance. Fees are non-refundable except as expressly stated.

If payment is not received within seven (7) days of the due date, we may suspend the Service. If unpaid for thirty (30) days, we may terminate your account and delete your data per Section 8.4.

We may change pricing with at least thirty (30) days' notice; price changes take effect at your next renewal.

All fees are exclusive of taxes; you are responsible for applicable taxes.

8. Term, Cancellation, and Termination

8.1 Term

Your subscription begins on the date you first sign up and continues for the term selected (monthly or annual). It auto-renews for successive periods of the same length unless cancelled.

8.2 Cancellation by You

You may cancel your subscription at any time through your account settings. Cancellation takes effect at the end of your current billing period; you retain access to the Service until then, and you are not refunded for the unused portion of a paid period (except where required by law).

8.3 Termination by Us

We may suspend or terminate your account if you materially breach these Terms (including Sections 3 or 4), fail to pay fees, or if continued provision of the Service would be unlawful. Where reasonable, we will give you notice and an opportunity to cure.

8.4 Effect of Termination

On termination, your right to use the Service ends immediately. We will retain your Customer Content for thirty (30) days post-termination, during which you may export it, after which we will delete it (subject to backups rolling off per our retention schedule and any legal hold requirements).

9. Data Protection and Security

9.1 Roles

You are the data controller of personal data submitted through the Service. We are a data processor acting on your instructions, except for limited operational data (account, billing, support) where we may act as a controller.

9.2 GDPR Compliance

We comply with the UK GDPR and EU GDPR with respect to personal data we process. Our data protection commitments include:

• Processing personal data only as instructed by you and as necessary to provide the Service;
• Implementing appropriate technical and organisational measures to protect personal data (see our Security Page at customerecho.com/security);
• Ensuring personnel with access to personal data are bound by confidentiality;
• Engaging subprocessors only under written agreements containing equivalent data protection obligations (see customerecho.com/subprocessors for current list);
• Notifying you without undue delay (and within seventy-two (72) hours where feasible) of any personal data breach affecting your data;
• Assisting you with data subject requests, data protection impact assessments, and regulator consultations, at reasonable cost;
• Returning or deleting personal data on termination, as set out in Section 8.4.

These commitments form our Data Processing Addendum and are incorporated into these Terms. They apply to all customers as part of our standard service. We do not negotiate separate DPAs.

9.3 International Transfers

Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

9.4 Security

We maintain a documented information security programme including encryption at rest (AES-256) and in transit (TLS 1.2+), access controls, audit logging, regular security testing, and incident response procedures. See our Security Page for current details.

9.5 Customer Responsibilities

You are responsible for: configuring the Service appropriately for your use, training your users, ensuring you have lawful basis to collect feedback from your customers, providing required notices and obtaining required consents from individuals whose data is collected, and complying with Section 4 (Prohibited Data).

10. Confidentiality

Each party will protect the other's confidential information with the same care it uses for its own (and at minimum, reasonable care). Confidential information may be used only to perform under these Terms and disclosed only to personnel who need it and are bound by confidentiality. Customer Content is your confidential information.

11. Warranties and Disclaimers

We warrant that the Service will perform materially in accordance with our published documentation. Your sole remedy for breach of this warranty is for us to use commercially reasonable efforts to correct the defect, or, if we cannot, to terminate your subscription and refund any prepaid unused fees.

Except as expressly stated, the Service is provided "as is" and "as available." To the maximum extent permitted by law, we disclaim all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not warrant that the Service will be uninterrupted, error-free, or that AI-generated insights will be accurate. AI outputs are probabilistic and should be reviewed by humans before relied upon for material decisions.

12. Limitation of Liability

To the maximum extent permitted by law:

(a) Cap. Each party's total cumulative liability arising out of or related to these Terms will not exceed the fees paid by you to us in the twelve (12) months preceding the event giving rise to the claim.

(b) Excluded damages. Neither party is liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, lost revenue, lost data, or business interruption.

(c) Exceptions. The cap and exclusions do not apply to: (i) your obligation to pay fees; (ii) breach of Section 4 (Prohibited Data) by you; (iii) breach of confidentiality; (iv) gross negligence or wilful misconduct; (v) liabilities that cannot be limited under applicable law.

13. Indemnification

13.1 By You

You will indemnify us against third-party claims arising from: (a) your breach of Section 4 (Prohibited Data); (b) your Customer Content infringing third-party rights; (c) your use of the Service in violation of law; (d) your breach of Section 3 (Acceptable Use).

13.2 By Us

We will indemnify you against third-party claims that the Service, as provided by us and used in accordance with these Terms, infringes a third party's intellectual property rights. This is your sole remedy for IP infringement claims against the Service.

13.3 Procedure

The indemnified party will: (a) promptly notify the indemnifying party in writing; (b) give the indemnifying party sole control of defence and settlement; (c) provide reasonable cooperation at the indemnifying party's expense.

14. Modifications to These Terms

We may update these Terms from time to time. For material changes, we will give at least thirty (30) days' notice by email or in-product notification before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance. If you do not accept the changes, you may cancel under Section 8.2.

15. Governing Law and Disputes

These Terms are governed by the laws of Estonia, without regard to conflict-of-laws principles. The courts of Tallinn have exclusive jurisdiction, except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information.

Nothing in this section affects consumer rights that cannot be waived under applicable law.

16. General

Entire agreement. These Terms (together with our Privacy Policy and any Order Form) constitute the entire agreement between the parties on the subject matter and supersede prior agreements.

Order of precedence. If there is a conflict between these Terms and an Order Form signed by both parties, the Order Form prevails for the specific subject matter addressed.

Assignment. You may not assign these Terms without our prior written consent. We may assign to an affiliate or in connection with a merger, acquisition, or sale of substantially all our assets.

Force majeure. Neither party is liable for delays or failures caused by events beyond reasonable control (natural disasters, war, internet outages, third-party infrastructure failures).

No waiver. Failure to enforce any provision is not a waiver of future enforcement.

Severability. If any provision is held unenforceable, the remaining provisions remain in effect.

Notices. Notices to us go to legal@customerecho.com. Notices to you go to your account email.

Independent contractors. The parties are independent contractors. No agency, partnership, or employment relationship is created.

17. Contact