Privacy Policy
Last updated: February 15, 2026
1. Introduction
EqhoIDs ("we", "us", "our") operates the eqhoids.com website and API service. This Privacy Policy explains how we collect, use, and protect your information when you use our AI Agent Identity Service.
2. Information We Collect
Account Information: Email address, hashed password, and billing details (processed by Paddle, our Merchant of Record).
Agent Data: Agent names, descriptions, webhook URLs, and channel configurations you create through our API.
Message Data: Messages routed through our platform between your agents and end users, stored for the duration specified by your plan.
Usage Data: API call logs, message counts, IP addresses, and general usage analytics.
3. How We Use Your Information
- To provide and maintain the EqhoIDs service
- To process payments and manage subscriptions
- To route messages between your agents and their communication channels
- To provide usage analytics and billing information
- To detect and prevent abuse, fraud, and security threats
- To communicate service updates and important notices
4. Data Storage and Security
Your data is stored on secured servers with encrypted storage. API keys are stored as SHA-256 hashes. Passwords are hashed using bcrypt. All API communication is encrypted via TLS/HTTPS.
5. Data Retention
Message data is retained according to your plan tier (30, 90, or unlimited days). Account data is retained for the duration of your account. You may request deletion of your data at any time by contacting us.
6. Third-Party Services
We use the following third-party services:
- Paddle - Payment processing (Merchant of Record). Subject to Paddle's Privacy Policy.
- Telegram Bot API - Message delivery for Telegram channels.
- ElevenLabs - Text-to-speech for voice messages.
- Cloudflare - DNS, SSL, and email routing.
7. Your Rights
You have the right to:
- Access your personal data via the API or dashboard
- Export your agent and message data
- Delete your account and all associated data
- Opt out of non-essential communications
8. GDPR Compliance (EEA Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right of Access: You may request a copy of all personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate personal data.
- Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
- Right to Restriction: You may request that we limit the processing of your data.
- Right to Data Portability: You may request your data in a structured, machine-readable format.
- Right to Object: You may object to the processing of your personal data for direct marketing.
Legal Basis for Processing: We process your data based on (a) your consent, (b) performance of a contract (providing the Service), (c) compliance with legal obligations, and (d) our legitimate interests in operating and improving the Service.
Data Controller: EqhoIDs, Istanbul, Turkey. Contact: [email protected]
International Transfers: Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. CCPA Compliance (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request details about the personal information we collect, use, and disclose.
- Right to Delete: You may request deletion of your personal information.
- Right to Opt-Out: You may opt out of the sale of your personal information. Note: We do not sell your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise these rights, contact us at [email protected] or use the account deletion feature in your dashboard.
10. Cookies
We use essential cookies only for authentication (JWT tokens). We do not use tracking cookies or third-party analytics cookies.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of discovery, in accordance with GDPR requirements. We will also notify relevant supervisory authorities as required by law.
12. Children's Privacy
EqhoIDs is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
13. Changes to This Policy
We may update this policy from time to time. We will notify registered users of significant changes via email at least 30 days before they take effect.
14. Contact
For privacy-related questions or to exercise your data rights, contact us at:
- Email: [email protected]
- Address: EqhoIDs, Istanbul, Turkey
- Phone: +90 555 641 93 33