Skip to content
Echo

Privacy & Trust

Proof of control without invading privacy.

Workers get private coaching. Management sees anonymised cohorts. You choose the privacy profile, escalation rules, retention window, and sharing posture.

Explore privacy profiles Request PIA pack

Private to worker

Personal support stays personal.

  • Personal coaching and nudges
  • Opt in, mute, or reschedule any time
  • Self-service export/delete request
  • Clear privacy contact

Visible to management

Evidence stays cohort-first.

  • Team/site cohorts and trends
  • Time-to-intervention and control coverage
  • ISO 45003 readiness indicators
  • Never raw voice or private coaching content

Who Sees What

Access boundaries by role.

Worker

Can see

Own insights, coaching, participation history, export/delete requests, mute or reschedule controls.

Cannot see

Teammates’ data or management cohort views.

Supervisor & HSE

Can see

Cohort heatmaps, leading indicators, time-to-intervention, control coverage, exception alerts.

Cannot see

Raw voice, private coaching content, personality labels.

Board & Risk

Can see

ISO 45003 readiness, participation coverage, control evidence, trendlines vs baseline.

Cannot see

Individual-level data.

Broker / Insurer

Can see

Aggregated control evidence only when released by the employer.

Cannot see

Person-level data; sharing is off by default.

Privacy Dials

Start strict, standard, or high-hazard.

Every setting is transparent and auditable. Tighten or relax controls to fit workforce trust, regulation, and risk appetite.

Union-strict

Anonymous cohorts only, crew/site aggregates, named escalation only for predefined urgent-safety exceptions, opt-in participation, monthly cadence, six-month retention, insurer sharing off.

Apply Union-strict

Standard

Managers see cohorts, privacy admins can support named follow-up with worker confirmation, team/site thresholding, fortnightly cadence, twelve-month retention, aggregate sharing only.

Apply Standard

High-hazard

Explicit consent for named safety coaching, shift-time windows, imminent-harm escalation, weekly or shift-based cadence, twenty-four-month retention, full audit logging.

Apply High-hazard

Predefined urgent safety exceptions: threats of self-harm, violence, intoxication at work, and imminent critical fatigue. All exceptions are predeclared, narrowly scoped, and audited.

Security & Governance

Risk stratification, not surveillance.

Echo converts weak signals into low, medium, and high risk cohorts. Supervisors fix hotspots at the cohort level first. Only narrow, predefined safety exceptions trigger named escalation.

Encryption in transit and at rest
Regional data residency available
Auditable admin access logs
Annual pen test and red-team exercises
ISO 27001 program in progress
Responsible disclosure program

FAQ

Will supervisors hear raw conversations?

No. Supervisors see cohort trends and alerts. Personal coaching stays private to the worker.

Can we prevent named data entirely?

Yes. Choose the Union-strict profile and keep named disclosure limited to predefined urgent safety exceptions.

When can an individual be named?

Only for predefined urgent safety exceptions or with explicit consent in high-hazard contexts. Every case is logged and reviewable.

Do workers control their data?

Yes. Opt-in, mute or reschedule, export, delete requests, and a privacy contact are built into the operating model.

How do we prove control to the board or insurer?

Echo produces cohort-level readiness, participation coverage, time-to-intervention, trendlines, and control evidence with an audit trail.

Does Echo profile personalities for managers?

No. Managers get cohort risk signals and control coverage, not private coaching content or personality labels.

Bottom line: Echo gives organisations actionable cohort insights and quarterly evidence while workers keep privacy and agency. Start strict, adapt as trust grows, and audit every change.