Privacy Policy for Gusto

Last updated: November 22, 2025

This Privacy Policy explains how Gusto collects, uses, discloses, and protects information about you when you use our mobile application and related services (collectively, the “Services”).By using Gusto, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Services.> Note: Replace the bracketed placeholders (like [email address]) with your own details before publishing.

1. Who we are

Gusto is a mobile application that helps restaurant owners create and manage AI‑assisted menus and allows customers to discover participating restaurants.

  • Controller / Operator: Gusto operated by Fluzagora Software
  • Contact email:  contact@fluxagora.com

If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws, Gusto is the “data controller” of your personal data, unless we state otherwise.

2. Information we collect

We collect the following categories of information.

2.1 Information you provide directly

  • Account and authentication data
  • Name, email address, and profile information from:
  • Email/password sign‑up (if enabled)
  • Google Sign‑In
  • Sign in with Apple
  • Authentication tokens and identifiers managed by Firebase Authentication.
  • Owner profile and business data
  • Business name and slug (public identifier)
  • Business location (latitude/longitude and optional address)
  • Business profile photo / logo
  • Greeting message and “About” text
  • Voice and tone preferences for the AI assistant
  • Menu PDFs and menu items, including any text, prices, categories, and other content you upload.
  • Customer usage data you choose to provide
  • Saved preferences or filters (e.g., preferred cuisines, “open now” filters)
  • Any feedback or support messages you send us.
  • Communication data
  • Content of messages you send to our support channels (email or in‑app support)
  • Technical and account metadata related to such communications.

2.2 Information we collect automatically

When you use Gusto, certain information is collected automatically:

  • Device and log information
  • Device model, operating system version, app version
  • Language and regional settings
  • IP address and approximate location (via IP)
  • Error logs, performance data, and diagnostic information.
  • Usage information
  • Screens you view, buttons you tap, and basic in‑app events (e.g., opening discovery map, viewing a restaurant, generating a menu)
  • Timestamps and duration of sessions.

We use this information to operate, secure, and improve the app. Where required by law, we will obtain your consent before collecting or using certain types of data.

2.3 Location information

Gusto uses location data in two main ways:

  • For customers (discovery mode)

With your permission, we use your device’s precise location to:

  • Show your current position on the map
  • List and sort nearby restaurants
  • Provide distance estimates and relevance‑based results
  • For owners (business profile)

When you set your restaurant’s location, we store the latitude/longitude and, optionally, an address. This is used to:

  • Show your restaurant on the discovery map to customers
  • Support distance‑based sorting and filtering.

You can control location permissions in your device settings. If you disable location access, certain features (such as “nearby restaurants” and map centering on your position) may not work as intended, but you can still browse in a more generic way.

2.4 Audio and real‑time interaction data

In certain features (e.g., voice‑based interactions, WebRTC calls, or audio notes), we may collect:

  • Microphone input (your voice)
  • Session metadata (timestamps, connection info, error logs)

Audio is processed to provide the feature you requested (e.g., converting speech to text, or streaming to an AI service). We do not use your microphone without your explicit permission at the OS level. Where required, we will show a clear prompt before recording starts.

2.5 Data from third‑party services you connect

If you choose to connect third‑party accounts or services, we may receive information from them according to their privacy policies and your settings with them. Examples include:

  • Google account data (basic profile and email) for authentication
  • Apple account data for Sign in with Apple.

We only request the minimum scopes necessary to provide the authentication or relevant feature.

3. How we use your information

We use your information for the following purposes:

  • To provide and maintain the Services
  • Authenticate you and manage user accounts
  • Let owners create, edit, and publish menus and business profiles
  • Let customers discover restaurants via map and list views
  • Display restaurant information, menus, and business photos.
  • To personalize your experience
  • Remember your last used restaurant, filters, and preferences
  • Adjust AI assistant behavior (e.g., preferred voice or tone)
  • Show relevant, nearby restaurants based on your location (with consent).
  • To improve and develop the Services
  • Analyze usage patterns and performance
  • Debug errors, crashes, and UX problems
  • Test and roll out new features and improvements.
  • To communicate with you
  • Send service‑related notifications (e.g., changes to terms, important updates, security alerts)
  • Respond to your support requests or feedback.
  • To ensure safety, security, and legal compliance
  • Detect, investigate, and prevent fraud, abuse, or security incidents
  • Enforce our terms of use and other policies
  • Comply with applicable laws, regulations, and legal processes.

Where required by law (for example, under GDPR), we rely on one or more of the following legal bases: performance of a contract, legitimate interests (such as improving the Services and ensuring security), compliance with legal obligations, and your consent (e.g., for precise location, certain analytics, or marketing communications, if any).

4. How we share your information

We do not sell or rent your personal data to third parties.We may share your information in the following limited circumstances:

4.1 Service providers (processors)

We use trusted third‑party providers to help us operate the Services, such as:

  • Firebase (Google Cloud)
  • Firebase Authentication
  • Cloud Firestore
  • Firebase Storage
  • Google Maps Platform
  • Maps, Places, and Geocoding APIs
  • Analytics and crash reporting providers (if enabled)
  • Communication and support tools (e.g., email providers).

These providers process data on our behalf and are bound by contractual obligations to protect your information and use it only for the specific services they provide to us.

4.2 Restaurants and other users

  • If you are a restaurant owner, certain information you provide is intended to be public or customer‑facing, for example:
  • Restaurant name and slug
  • Business location and address
  • Business profile photo/logo
  • Menu content and descriptions.
  • If you are a customer, your personal identifying information is not shared with restaurant owners by default, unless you explicitly choose to share it (for example, when contacting them via another channel).

4.3 For legal reasons and safety

We may disclose information if we reasonably believe it is necessary to:

  • Comply with any applicable law, regulation, legal process, or governmental request
  • Protect the rights, property, or safety of Gusto, our users, or others
  • Detect, prevent, or otherwise address fraud, security, or technical issues.

4.4 Business transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will take reasonable steps to ensure the confidentiality of any personal data involved and notify you where required by law.

5. International data transfers

Our servers and many of our third‑party providers (such as Firebase and Google Maps) may be located in countries other than your own. As a result, your information may be processed outside of your country of residence, including in countries that may not provide the same level of data protection as your home jurisdiction.Where required by applicable law (e.g., in the EEA/UK), we will ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place for such transfers.

6. Data retention

We retain your information for as long as necessary to:

  • Provide the Services to you
  • Fulfil the purposes described in this Privacy Policy
  • Comply with legal, accounting, or reporting obligations
  • Resolve disputes and enforce our agreements.

When we no longer need to process your personal data, we will either delete or anonymize it. If deletion is not technically possible (for example, because the data is stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.You may request deletion of your account and associated data at any time (see “Your rights and choices” below), subject to any legal obligations we may have to retain certain data.

7. Security

We use reasonable and appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted connections (HTTPS/TLS) between the app and our backend
  • Access controls and authentication for internal systems
  • Regular updates and monitoring for vulnerabilities.

However, no system is completely secure. We cannot guarantee absolute security, and you use the Services at your own risk. You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account.

8. Your rights and choices

Depending on your location and applicable law, you may have some or all of the following rights:

  • Access: Request confirmation whether we process your personal data and obtain a copy.
  • Correction: Request that we correct or update inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data, subject to legal obligations.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, commonly used, and machine‑readable format, and have it transmitted to another controller where technically feasible.
  • Objection: Object to our processing of your data when we rely on legitimate interests, including profiling.
  • Withdraw consent: If we rely on your consent (e.g., for location, or certain analytics), you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at [your-privacy-email@example.com] with sufficient information to verify your identity and your request. We may ask for additional information to ensure security and prevent fraud.You may also have the right to lodge a complaint with your local data protection authority if you are unhappy with how we handle your data.

9. Children’s privacy

Gusto is not intended for children under 16 (or the age required by your local law, if higher), and we do not knowingly collect personal data from children in this age group.If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information as soon as reasonably practicable. If you believe that a child has provided us with personal data, please contact us at [your-privacy-email@example.com].

10. Third‑party links and content

The Services may contain links to third‑party websites, apps, or services (for example, external restaurant sites, mapping services, or social platforms). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

11. Cookies and similar technologies

If you access Gusto‑related content via a website (for example, a web dashboard or our marketing site), we and our partners may use cookies and similar technologies to:

  • Remember your preferences
  • Analyze traffic and usage
  • Improve performance and security.

Your browser may offer tools to manage cookies; you can usually choose to block or delete cookies. However, some features of the Services may not function properly without them.If we deploy web‑based analytics or advertising cookies, we will provide additional notices and choices where required by law.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page, and
  • Where appropriate, provide you with additional notice (for example, in‑app notification or email).

Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.

13. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

  • Email: contact@fluxagora.com

Events
Events