Privacy Policy

Effective March 28, 2026

Gus ("we," "us," or "our") is an AI-powered college companion that helps students record lectures, organize notes, manage schedules, and study more effectively. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service at meetgus.app.

By using Gus, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and school affiliation. If you sign up using Google or Facebook, we receive your name and email from that provider.

Content You Provide

This includes lecture recordings and transcriptions, notes, course information, schedule data, flashcards, study group messages, shared files, and task lists. You control what content you upload and share.

AI Interaction Data

When you use AI-powered features (study assistant, flashcard generation, quiz generation, lecture summarization), the content you submit is processed by third-party AI services to generate responses. We store the generated outputs (summaries, flashcards, quiz questions) as part of your account.

Usage & Session Data

We use a session cookie to keep you signed in. This cookie is stored on your device and expires after 7 days of activity or 24 hours of inactivity. We do not use tracking cookies or third-party analytics.

2. How We Use Your Information

  • Provide and operate the Gus service, including all study tools
  • Process your content through AI services to generate study materials
  • Transcribe and summarize your lecture recordings
  • Enable study group communication and file sharing
  • Send transactional emails (password resets, study group invitations)
  • Maintain and improve the service

3. Third-Party Services

We use the following third-party services to operate Gus. Your data is shared with them only as needed to provide specific features:

  • Anthropic (Claude API) — processes your content for AI study assistance, flashcard generation, quiz generation, and lecture summarization. Anthropic does not use your data to train their models.
  • Rev.ai — transcribes lecture audio recordings into text. Audio is transmitted for processing and not retained by Rev.ai after transcription.
  • OpenAI — generates text embeddings used for content search and relevance. OpenAI does not use API inputs to train their models.
  • Google & Facebook — if you use social login, these providers share your name and email with us to authenticate your account. We do not access any other data from your Google or Facebook accounts.
  • Resend — delivers transactional emails (password resets, invitations) on our behalf.

4. Data Sharing

We do not sell your personal information. We do not share your data with advertisers or data brokers.

Your data is shared only in these circumstances:

  • With the third-party service providers listed above, solely to operate Gus
  • With other members of study groups you join (messages, files, and tasks you share within a group are visible to group members)
  • If required by law, such as in response to a valid legal process

5. Cookies & Sessions

Gus uses a single session cookie to keep you signed in. This cookie is:

  • HttpOnly (not accessible to JavaScript)
  • Secure in production (transmitted only over HTTPS)
  • Valid for 7 days, with a 24-hour idle timeout
  • Stored server-side in our database — the cookie itself contains only a session identifier

We also store a theme preference (light/dark mode) in your browser's local storage. We do not use advertising cookies, tracking pixels, or third-party analytics.

6. Data Retention

  • Account data (name, email, school) is retained while your account is active.
  • Content (notes, lectures, recordings, flashcards) is retained while your account is active. You can delete individual items at any time.
  • Study group content (messages, files, tasks) remains in the group even if you leave. Group owners can delete group content.
  • Deleted accounts — when you delete your account, your personal data is removed within 30 days. Encrypted backups may retain data for up to 90 days for disaster recovery before being purged.

7. Your Rights

You have the right to:

  • Access your personal data — you can view and download your content within the app
  • Correct your personal data — you can update your name, email, school, and timezone in settings
  • Delete your personal data — you can delete individual content items or your entire account
  • Request data export — contact us to receive a copy of your data

To exercise these rights or if you have questions, email us at privacy@meetgus.app.

8. FERPA Notice

Gus is a student-facing tool. We are not an agent of your school or university, and we do not receive education records directly from educational institutions. The content you upload to Gus (notes, recordings, etc.) is provided by you and managed by you. Your school's FERPA obligations do not extend to content you voluntarily store in Gus.

If your institution integrates with Gus in the future, we will enter into appropriate data protection agreements and update this policy accordingly.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know — you can request details about the personal information we collect and how it is used
  • Right to Delete — you can request deletion of your personal information
  • Right to Correct — you can request correction of inaccurate personal information
  • Right to Opt-Out — we do not sell or share your personal information for targeted advertising, so there is nothing to opt out of
  • Right to Non-Discrimination — we will not treat you differently for exercising your privacy rights

To submit a CCPA request, email privacy@meetgus.app. We will respond within 45 days.

10. Children's Privacy

Gus is designed for college and university students. You must be at least 13 years old to create an account. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. Data Security

We take reasonable measures to protect your data:

  • Passwords are hashed using bcrypt with a high work factor
  • All traffic is encrypted with HTTPS in production
  • Session cookies are HttpOnly and Secure
  • Sessions are stored server-side in an encrypted database
  • OAuth login uses industry-standard CSRF protection

No system is perfectly secure. If we discover a breach affecting your data, we will notify you promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the app. The "Effective" date at the top of this page indicates when the policy was last revised. Continued use of Gus after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@meetgus.app.