Privacy Policy
Last updated: February 2026
1. Introduction
EcoMatter ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and mobile application at ecomatter.ai (the "Service").
EcoMatter is the data controller for personal data processed through the Service. We are based in Scotland, United Kingdom.
2. Information we collect
Account information
When you create an account, we collect:
- Email address
- Company/brand name
- Website URL (for Brand DNA extraction)
- Password (stored securely via Supabase Auth)
Brand & product data
To provide our content generation services, we process:
- Brand information (colours, fonts, tone of voice, values) extracted from your website
- Product catalogue data (names, descriptions, images, pricing)
- Content you generate using Eco
- Ideas, notes, and scheduled actions you create
- Conversation history with Eco (stored to provide context and memory)
Third-party integration data
When you connect external services (e.g. Shopify), we access product catalogue and store data. We only access data necessary to provide our services and use read-only access where possible.
Usage data
We automatically collect standard usage data including IP addresses, browser type, and interaction patterns to improve the Service.
3. Lawful basis for processing
We process your data under the following lawful bases:
- Contract performance — processing necessary to provide the EcoMatter service you've signed up for.
- Consent — where you've explicitly agreed (e.g. connecting third-party integrations like Shopify).
- Legitimate interest — for improving the service and resolving technical issues, balanced against your privacy rights.
4. How we use your information
We use collected information to:
- Provide and maintain the Service
- Generate content tailored to your brand voice
- Sync and display your product data
- Remember context across conversations (Eco Memory)
- Send service-related communications
- Ensure security and prevent fraud
5. AI & data processing
Our content generation uses third-party AI providers (via OpenRouter) to process your prompts and brand context. Your prompts and brand data are sent to these providers solely to generate content for you. We do not use your data to train AI models.
6. Data sharing
We do not sell your personal information. We may share data with:
- Service providers: Hosting (Netlify, Railway), database (Supabase), AI providers (OpenRouter), payment processing (Stripe, RevenueCat).
- Connected services: When you authorise integrations (e.g. Shopify), data flows between EcoMatter and the connected service as described during the connection process.
- Legal requirements: When required by law or to protect our rights.
7. Data security
We implement industry-standard security measures including encryption in transit (TLS), secure authentication (Supabase Auth with JWT), and row-level security policies to isolate company data. However, no method of electronic transmission is 100% secure.
8. Data retention
We retain your personal data for as long as your account is active. If you delete your account, we remove your data within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently deleted. Product data synced from third-party services is removed when you disconnect the integration.
9. International transfers
Our infrastructure is hosted on cloud services that may process data outside the UK/EU. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data.
10. Your rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
Access
Request a copy of all personal data we hold about you.
Rectification
Ask us to correct any inaccurate or incomplete data.
Erasure
Request that we delete your personal data.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interest.
Restriction
Ask us to restrict processing in certain circumstances.
You can exercise your right to erasure and data download directly in the EcoMatter app via Profile → Account Settings.
To exercise any other right, contact us at privacy@ecomatter.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
11. Cookies
We keep things simple. EcoMatter uses essential cookies only — the ones strictly necessary for the website to function. We do not use tracking cookies, analytics cookies, or advertising cookies.
Essential cookies
| Cookie | Purpose | Duration |
|---|---|---|
| Authentication | Keeps you signed in to your account (via Supabase) | Session |
| Security | Protects against cross-site request forgery | Session |
You can control cookies through your browser settings. Since we only use essential cookies, blocking them may prevent the site from working properly.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.
13. Contact
If you have questions about this Privacy Policy, please contact us:
- General enquiries: hello@ecomatter.ai
- Privacy & data requests: privacy@ecomatter.ai