Privacy Policy

Effective May 9, 2026

Gus is an AI-powered college companion that helps students record lectures, organize notes, manage schedules, and study more effectively. Gus is operated by TenBid Ventures LLC ("TenBid", "we", "us", or "our"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our service at meetgus.app.

By using Gus, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and school affiliation. If you sign up using Google or Facebook, we receive your name and email from that provider.

Content You Provide

This includes lecture recordings and transcriptions, notes, course information, schedule data, flashcards, study group messages, shared files, and task lists. You control what content you upload and share.

AI Interaction Data

When you use AI-powered features (study assistant, flashcard generation, quiz generation, lecture summarization), the content you submit is processed by third-party AI services to generate responses. We store the generated outputs (summaries, flashcards, quiz questions) as part of your account.

Usage & Session Data

We use a session cookie to keep you signed in. This cookie is stored on your device and expires after 7 days of activity or 24 hours of inactivity. We do not use tracking cookies or third-party analytics.

2. How We Use Your Information

  • Provide and operate the Gus service, including all study tools
  • Process your content through AI services to generate study materials
  • Transcribe and summarize your lecture recordings
  • Enable study group communication and file sharing
  • Send transactional emails (password resets, study group invitations)
  • Maintain and improve the service

3. Third-Party Services

We use the following third-party services to operate Gus. Your data is shared with them only as needed to provide specific features:

  • Anthropic (Claude API) — processes your content for AI study assistance, flashcard generation, quiz generation, and lecture summarization. Anthropic does not use your data to train their models.
  • Rev.ai — transcribes lecture audio recordings into text. Audio is transmitted for processing and not retained by Rev.ai after transcription.
  • OpenAI — generates text embeddings used for content search and relevance. OpenAI does not use API inputs to train their models.
  • Google & Facebook — if you use social login, these providers share your name and email with us to authenticate your account. We do not access any other data from your Google or Facebook accounts.
  • Resend — delivers transactional emails (password resets, invitations) on our behalf.

4. Data Sharing

We do not sell your personal information. We do not share your data with advertisers or data brokers.

Your data is shared only in these circumstances:

  • With the third-party service providers listed above, solely to operate Gus
  • With other members of study groups you join (messages, files, and tasks you share within a group are visible to group members)
  • If required by law, such as in response to a valid legal process

5. Cookies & Sessions

Gus uses a single session cookie to keep you signed in. This cookie is:

  • HttpOnly (not accessible to JavaScript)
  • Secure in production (transmitted only over HTTPS)
  • Valid for 7 days, with a 24-hour idle timeout
  • Stored server-side in our database — the cookie itself contains only a session identifier

We also store a theme preference (light/dark mode) in your browser's local storage. We do not use advertising cookies, tracking pixels, or third-party analytics.

6. Data Retention

  • Account data (name, email, school) is retained while your account is active.
  • Content (notes, lectures, recordings, flashcards) is retained while your account is active. You can delete individual items at any time.
  • Study group content (messages, files, tasks) remains in the group even if you leave. Group owners can delete group content.
  • Deleted accounts — when you delete your account, your personal data is removed within 30 days. Encrypted backups may retain data for up to 90 days for disaster recovery before being purged.

7. Your Rights

You have the right to:

  • Access your personal data — you can view and download your content within the app
  • Correct your personal data — you can update your name, email, school, and timezone in settings
  • Delete your personal data — you can delete individual content items or your entire account
  • Request data export — contact us to receive a copy of your data

To exercise these rights or if you have questions, email us at privacy@meetgus.app.

8. Education Records

Gus is a student-facing tool. We are not an agent of your school or university, and we do not receive education records directly from educational institutions. The content you upload to Gus (notes, recordings, etc.) is provided by you and managed by you.

For students at U.S. institutions, your school's FERPA obligations do not extend to content you voluntarily store in Gus. For students at Canadian institutions, the equivalent provincial education records and freedom-of-information statutes (e.g., Ontario's FIPPA, BC's FIPPA, Alberta's FOIP) similarly apply to records held by your school, not to content you choose to store with us.

If your institution integrates with Gus in the future, we will enter into appropriate data protection agreements and update this policy accordingly.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know — you can request details about the personal information we collect and how it is used
  • Right to Delete — you can request deletion of your personal information
  • Right to Correct — you can request correction of inaccurate personal information
  • Right to Opt-Out — we do not sell or share your personal information for targeted advertising, so there is nothing to opt out of
  • Right to Non-Discrimination — we will not treat you differently for exercising your privacy rights

To submit a CCPA request, email privacy@meetgus.app. We will respond within 45 days.

10. Canadian Privacy Rights (PIPEDA)

If you are located in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) governs how we handle your personal information. We commit to:

  • Meaningful consent — you knowingly consent to our collection and use of your data when you create an account and upload content
  • Limiting collection — we collect only what is necessary to provide Gus's features
  • Accuracy — you can update your account information at any time in settings
  • Access and correction — you can view, export, and correct your personal data, as described in Section 7
  • Safeguards — see Section 11 (Data Security) for the protections we apply
  • Breach notification — if a breach poses real risk of significant harm, we will notify you and report to the Office of the Privacy Commissioner of Canada as required
  • Complaints — to file a privacy complaint, email privacy@meetgus.app. You also have the right to contact the Office of the Privacy Commissioner of Canada.

Quebec residents: Gus is not currently available to students at Quebec institutions. We are not yet equipped to comply with Quebec's Law 25 (including its French-language and Privacy Impact Assessment requirements). When we expand to Quebec, we will update this policy and notify users.

11. Cross-Border Data Transfers

Gus is operated from the United States. If you access Gus from outside the U.S. (including from Canada), your personal information will be transferred to, stored in, and processed in the U.S. The third-party service providers listed in Section 3 (Anthropic, OpenAI, Rev.ai, Resend, Apache Tika, Google, Facebook) may also process your data in the U.S. or other jurisdictions where they operate. By using Gus, you acknowledge that this cross-border transfer takes place. We use contractual and technical safeguards to protect your data wherever it is processed.

12. Children's Privacy

Gus is designed for college and university students. You must be at least 13 years old to create an account. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

13. Data Security

We take reasonable measures to protect your data:

  • Passwords are hashed using bcrypt with a high work factor
  • All traffic is encrypted with HTTPS in production
  • Session cookies are HttpOnly and Secure
  • Sessions are stored server-side in an encrypted database
  • OAuth login uses industry-standard CSRF protection

No system is perfectly secure. If we discover a breach affecting your data, we will notify you promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the app. The "Effective" date at the top of this page indicates when the policy was last revised. Continued use of Gus after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@meetgus.app.