Privacy Notice

Last Updated: June 2025

Guru Apps (“we,” “us,” or “our”) operates the website at https://guruappsai.com (“Site”) and the associated web‐based applications (“Apps,” including Menu Guru and Event Guru), collectively referred to as the “Services.” This Privacy Notice explains how we collect, use, disclose, and protect personal information when you access or use our Services, whether via the Site, Progressive Web Apps (PWAs) on your mobile device, or through integrations (e.g., Google authentication).

By using our Services, you agree to the collection and processing of your information as described below. If you reside in a jurisdiction with enhanced data‐protection laws (for example, the European Union under GDPR), additional provisions apply, which are noted where relevant.

1. Who We Are

• Company Name: Guru Apps
• Headquarters: New Jersey, USA
• Contact Email: support@guruappsai.com

Guru Apps is not yet formally incorporated, but operates under the trade name “Guru Apps.” Our principal place of business is located in New Jersey, USA. If you have questions about this notice or our data practices, please contact us at support@guruappsai.com.

2. Types of Information We Collect

2.1 Information You Provide Directly

Google Account Information (Email Address):
When you register for Menu Guru or Event Guru, you must sign in with a Google account (OAuth). We receive and store the email address associated with your Google sign-in solely to authenticate your account. We do not collect your Google password or any other Google profile fields.

User‐Generated Images:
When you capture or upload an image (for example, a restaurant menu) to our Apps for analysis, we store a copy of that image in our database. These images are retained indefinitely (unless you delete your account or remove them manually) and are not shared with third parties.

2.2 Information Collected Automatically

Cookies and Similar Technologies:
We do not set our own cookies or tracking scripts. All cookies and session management on our Site and Apps are handled by Base44 (the hosting platform). Base44’s cookie usage (for authentication, essential functionality, and analytics) is governed by their privacy policy: https://app.base44.com/privacy-policy. We do not deploy any additional analytics (e.g., Google Analytics), advertising pixels, or marketing cookies.

Device Permissions:
With your explicit consent, the Apps request access to your device camera and photo gallery solely for the purpose of capturing or selecting an image to be parsed by our LLM (OpenAI). We do not collect or store metadata (e.g., geolocation) from your device beyond the image file itself.

Server Logs:
Our servers (hosted by Base44) may automatically log standard information such as IP address, browser type, and device type for security, maintenance, and troubleshooting. These logs are also retained indefinitely unless you delete your account.

3. How We Use Your Information

1. Account Creation & Authentication (Contract Performance):
   We use your Google-authenticated email address to create and manage your account, allow you to sign into our Services, and prevent unauthorized access.
2. Core Functionality & Image Parsing (Contract Performance):
   When you upload an image (e.g., a menu photo), we transmit it to an LLM (OpenAI) to extract textual information and return results. Storing your uploaded images in our database enables you to revisit past scans at any time (Legitimate Interest).
3. User Support & Notifications (Legitimate Interest):
   We may use your email address to send you service-related messages (e.g., password resets, critical service updates). We will not send marketing emails unless you explicitly opt in.
4. Improving & Securing the Services (Legitimate Interest):
   Server logs and error reports help us monitor performance, troubleshoot issues, and protect against fraud, abuse, or security breaches.
5. Legal Compliance (Legal Obligation):
   We may use and retain your data if required to comply with a court order, subpoena, or other legal process, or to respond to lawful requests from law enforcement.
6. User History & Convenience (Legitimate Interest):
   Storing your images and account history ensures you can access your past scans and preferences. You may delete your data at any time by deleting your account.

4. Third-Party Service Providers (Subprocessors)

• Base44 (Hosting Platform & Infrastructure):
  Data Processed: User records (email, account metadata), uploaded images, server logs, and backups.
  Location of Processing: Base44’s infrastructure may span multiple regions (including the United States and potentially other global data centers). Consult Base44’s privacy policy for details on cross-border transfers and safeguards: https://app.base44.com/privacy-policy.
• Google (Authentication):
  Data Processed: User’s email address and basic profile data used to authenticate via OAuth.
  Location of Processing: Globally distributed; subject to Google’s data centers and privacy commitments: https://policies.google.com/privacy.
• OpenAI (LLM Provider):
  Data Processed: Transient copies of user-uploaded images (sent to the model for text extraction). We do not retain any analysis results outside our own systems; however, OpenAI’s usage policy may log incoming requests (images) for quality and safety monitoring.
  Location of Processing: Primarily U.S. data centers (subject to change based on OpenAI’s infrastructure).
• Stripe (Payment Processing & Billing):
  Data Processed: For users who subscribe to paid features, we collect billing information (e.g., credit card data) via Stripe’s secure checkout. We do not store payment card details on our servers; Stripe handles all payment processing.
  Location of Processing: Stripe’s data centers, primarily in the United States. See https://stripe.com/privacy for details.

No other third-party libraries, SDKs, analytics services, or advertising/tracking pixels are used.

5. Data Sharing & Disclosures

We do not share your personal data with any parties except as described below:

• Service Providers & Subprocessors:
  We share data with Base44, Google, OpenAI, and Stripe solely to the extent necessary for them to perform their services (hosting, authentication, image parsing, and payment processing). Each subprocess- sor is contractually bound to confidentiality and is only permitted to process data per our instructions.
• Legal & Compliance Disclosures:
  We may disclose personal data (e.g., email address, stored images) if required by law—such as in response to a subpoena, court order, or lawful request from law enforcement.
  In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred to the acquiring entity. We will notify users via email and/or a prominent notice on the Site at least 30 days before such a transfer occurs.
• Cross-Border Data Transfers:
  Because Base44 and OpenAI may process data outside the United States, your personal data could be transferred internationally. For users in the European Economic Area (EEA) or other regions with data-protection laws, we rely on Standard Contractual Clauses (SCCs) or other approved mechanisms as provided by Base44 and OpenAI to ensure appropriate safeguards for cross-border transfers.

6. Data Retention & Deletion

1. Account Information (Email):
   We retain your email address and associated account data indefinitely, or until you delete your account.
2. Uploaded Images:
   All images you upload for LLM processing are stored in our database indefinitely. There is currently no automatic purge schedule. Users may delete images manually or delete their account (see below).
3. Server Logs & Error Reports:
   We retain server logs, analytics summaries, and error reports indefinitely to aid in troubleshooting, security, and continuous improvement.
4. Account Deletion & Data Erasure:
   You may delete your account at any time through the app’s account settings. Upon deletion, all your personal data (including uploaded images) is permanently erased from our production database. We do not keep backups of deleted user data, except as required by law.
   If you wish to request a copy of all data we hold about you (for example, a copy of all uploaded images or your registered email), please email support@guruappsai.com with the subject line “Data Export Request.” We will compile and send your data within 30 days in a structured, machine-readable format (e.g., ZIP file containing images and a CSV of your account details).

7. User Rights & Choices

1. Access & Correction:
   You can view and update your email address within the App (by logging out and re-authenticating via Google if you need to change accounts).
   You can view and download any images you have uploaded.
2. Deletion (“Right to Be Forgotten”):
   You can delete your account and associated data at any time via the App’s settings. All your stored images and email will be removed immediately upon confirmation.
3. Data Portability:
   If you request a copy of your data, we will provide it in a standard format (images in their original form, account data in CSV).
4. Consent & Opt-Out:
   You explicitly grant permission for camera and photo-gallery access when prompted. You may revoke these permissions at any time via your device’s settings, but revoking permission will prevent you from uploading new images for parsing.
   You may unsubscribe from any marketing communications by following the “Unsubscribe” link at the bottom of those emails. We do not send marketing emails unless you opt in explicitly.
5. Cookies & Tracking:
   We do not deploy non-essential cookies or track you beyond Base44’s session cookies and functionality cookies. For any cookie-consent management, refer to Base44’s privacy policy: https://app.base44.com/privacy-policy.

8. Security Measures

1. Encryption in Transit & At Rest:
   All data transmissions between your device and our servers are encrypted using HTTPS/TLS.
   User-uploaded images and account information are stored on Base44’s infrastructure; Base44 employs encryption at rest for stored data.
2. Access Controls:
   We follow the principle of least privilege: only authorized personnel at Guru Apps and the subprocessors (Base44, OpenAI, Stripe) can access user data on a need-to-know basis.
   Access to administrative systems is protected by multifactor authentication (MFA) and strong password policies.
3. Ongoing Security Practices:
   We rely on Base44’s security protocols (regular penetration testing, vulnerability assessments, and incident response).
   We continuously monitor for anomalies, unauthorized access attempts, and data integrity issues.
4. Breach Notification:
   In the event of a data breach that affects your personal information, we will notify affected users via email and a prominent notice on our Site within 72 hours, if required by law (e.g., GDPR). We will work with Base44 and other subprocessors to investigate, contain, and remediate the breach.

9. Children’s Privacy

Our Services are not intended for children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children under that age:

• If we learn we have inadvertently collected personal data from a child under 13, we will delete that information immediately.
• If you believe a child under 13 has provided us personal data, please contact us at support@guruappsai.com.

10. International Considerations

1. GDPR (European Union):
   If you are an EU resident, you have the right to access, correct, or delete your personal data. You may also object to or restrict data processing. To exercise these rights, please email support@guruappsai.com.
   We rely on the following legal bases for processing EU users’ data:
   • Consent: For camera/gallery permissions and any potential future marketing communications.
   • Contract Performance: To authenticate (Google OAuth) and provide the core functionality (image parsing via LLM).
   • Legitimate Interests: Retaining uploaded images so you can access your history; improving and securing our Services.
   Any cross-border transfer of data (e.g., to Base44 or OpenAI outside the EU) is governed by Standard Contractual Clauses or other approved mechanisms.
2. CCPA/CPRA (California, USA):
   If you are a California resident, you have the right to request disclosure of personal information we collect, the categories of sources, purposes, and third-party recipients. You also have the right to request deletion of your personal information.
   To submit a request under CCPA, email support@guruappsai.com with subject “CCPA Request.” We will verify your identity and respond within 45 days.
   We do not “sell” your personal information; however, if you believe otherwise, you may submit a “Do Not Sell My Personal Information” request to the same email address.
3. Other Jurisdictions:
   If you reside in a region with additional privacy rights (e.g., Canada’s PIPEDA, Brazil’s LGPD), you may have the right to access, correct, or delete your data. Please contact us at support@guruappsai.com to understand your rights and how to exercise them.

11. Changes to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in our data practices or legal requirements:

• The “Last Updated” timestamp at the top indicates when this notice was last revised.
• If we make material changes that affect your privacy rights (for example, introducing new data uses or new third-party disclosures), we will notify you by sending an email to the address on file or by displaying a prominent notice on the Site prior to the change taking effect.
• Continued use of the Services after such changes constitute your acceptance of the revised Privacy Notice.

12. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our data practices, please contact:

• Email: support@guruappsai.com
• Mailing Address (optional): Guru Apps, [Street Address], New Jersey, USA

We strive to respond to all inquiries within 30 days.