top of page
Get Early Access

Privacy Policy

Effective Date: January 2026

This Privacy Policy explains how Gugu collects, uses, stores, shares, and protects personal data when you use the Gugu app, website, and related services.

 

1. Who we are

​

The data controller for personal data covered by this Privacy Policy is:

Guguworks LLC
1209 Mountain Rd PL NE Ste N

87110, Albuquerque,

NM, United States
Email: privacy@guguworks.com

 

2. Who Gugu is for

​

Gugu is intended for parents, legal guardians, and authorized caregivers. Gugu is not intended for direct use by children.

If you submit information relating to a child, including recordings, labels, notes, or metadata, you represent that you are authorized to do so.

 

3. Categories of data we collect

Depending on how you use Gugu, we may collect the following categories of data:

a. Account data

  • name

  • email address

  • sign-in credentials or authentication tokens

  • subscription tier

  • account preferences

  • country or region

b. Device and technical data

  • device type

  • operating system

  • app version

  • language

  • time zone

  • IP address

  • crash data

  • diagnostic logs

  • session and request metadata

c. Audio and audio-related data

  • raw audio recordings you create, upload, or save

  • timestamps and clip duration

  • audio features

  • spectrograms

  • embeddings

  • labels and annotations

  • model outputs, classifications, and confidence scores

  • result history and related metadata

d. Support and communications data

  • support emails

  • support chat or help tickets

  • feedback

  • survey responses

  • bug reports

e. Payment and subscription data

Where purchases are made through Apple or another platform, we may receive limited subscription or transaction-status information, but payment card information is usually handled by the platform provider.

​

4. How we collect data

​

We collect data:

  • directly from you when you create an account, submit audio, save history, contact support, or change settings;

  • automatically from your device and app usage;

  • from platform providers such as Apple when needed for account, subscription, or app-delivery functionality; and

  • from service providers acting on our behalf.

5. Why we use data

​

We use personal data to:

a. Provide the core service

We process uploaded audio and related metadata to generate results, display history, and operate the app.

b. Maintain and secure the service

We use data to authenticate accounts, prevent abuse, detect fraud, monitor reliability, debug technical issues, and protect the Services.

c. Store history and saved items

If you use history or save recordings, we store related audio and result data in your account.

d. Improve product performance

We use diagnostic, usage, and operational data to improve speed, stability, reliability, and usability.

e. Improve models or services

If you opt in, we may use recordings and related derived data to test, train, evaluate, and improve our models and related systems.

f. Human review workflows

If you opt in to human review, or if human review is necessary to respond to support or safety issues, selected recordings and related outputs may be reviewed by trained personnel or contracted service providers under appropriate controls.

g. Legal and compliance purposes

We may use data to comply with law, enforce our Terms, resolve disputes, and protect rights, safety, and security.

​

6. Audio processing notice

​

Because Gugu is an audio-analysis service, audio handling is central to how the app works.

Core processing

When you submit audio for analysis, raw audio may be transmitted off your device to Gugu’s servers or infrastructure providers to process your request and return results.

Apple requires developers to disclose data transmitted off-device when it remains accessible longer than needed to service the request in real time, and a public privacy policy URL is required for App Store submissions.

Storage

Unless otherwise stated in the app at the time of collection, submitted raw audio, derived features, result metadata, and history may be stored as described in this Policy.

Optional improvement use

If you separately opt in, we may use retained audio and related derived data for testing, training, evaluation, and quality improvement.

Optional human review

If you separately opt in, selected recordings and related results may be reviewed by trained personnel or service providers for labeling, quality assurance, support, safety review, or model improvement.

​

7. Legal bases for processing

​

Where GDPR, UK GDPR, or similar laws apply, we rely on one or more of the following legal bases:

  • Contract: processing needed to provide the Services you request.

  • Legitimate interests: security, fraud prevention, debugging, service administration, and proportionate service improvement.

  • Consent: where required, including for optional model-improvement uses, optional human review, and certain optional retention or communications choices.

  • Legal obligation: where processing is necessary to comply with law.

Under GDPR-style regimes, retention should be limited to what is necessary for the stated purpose, and users should be told the retention period or the criteria used to determine it.

​

8. Retention

​

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required by law, needed for dispute resolution, or required for security and fraud prevention.

Draft retention schedule for v1:

  • Raw audio submitted for analysis: up to 30 days after submission, unless you save it, keep it in history, or separately opt in to longer retention.

  • Saved recordings and cloud history: until you delete them, your account is deleted, or they are removed under our retention rules.

  • Raw audio included in optional model-improvement datasets: up to 12 months from collection or opt-in inclusion, after which it is deleted or de-linked from account identity where feasible.

  • Derived data such as spectrograms, embeddings, labels, outputs, and confidence scores: up to 24 months, unless deleted earlier with account deletion or no longer needed.

  • Operational logs, security logs, crash logs, and diagnostics: generally 30 to 90 days, except where longer retention is required for investigations or legal compliance.

  • Backups: deleted data may persist in encrypted backups for a limited rolling period before being overwritten or purged.

There is no universal consumer-app rule in the EU or U.S. that says audio must be kept for a fixed number of days; the legal test is generally necessity, proportionality, and transparent disclosure of the retention period or criteria.

​

9. Sharing of personal data

​

We may share personal data with:

  • cloud hosting, storage, database, and compute providers;

  • analytics, diagnostics, and crash-reporting providers;

  • authentication and account-service providers;

  • customer support providers;

  • contractors or reviewers helping us provide approved review, labeling, support, or quality workflows;

  • payment and subscription providers;

  • professional advisers such as lawyers, auditors, and insurers; and

  • regulators, courts, law enforcement, or other third parties where required by law or necessary to protect rights, safety, or security.

We do not sell raw audio recordings as data commodities.

​

10. International transfers

​

Your data may be processed in countries other than your own. Where required by law, we use appropriate safeguards for international transfers, such as adequacy decisions, contractual safeguards, or other approved mechanisms. The European Commission identifies adequacy decisions, SCCs, and BCRs as recognized GDPR transfer mechanisms.

​

11. Children and child-related data

​

Gugu is intended for adult parents and caregivers, not for direct use by children.

Under COPPA, an audio file containing a child’s voice is treated as personal information, and child-directed services or services with actual knowledge of collecting such information have additional obligations.

If we learn that data was provided without appropriate authorization, we may suspend the account and delete the affected data where appropriate.

​

12. Consumer health and inferred-data notice

​

Some outputs generated by Gugu may relate to a baby’s likely condition, behavior, or needs. Some U.S. state privacy laws define health-related or inferred health-related data broadly, including data that is inferred or derived by algorithms or machine learning.

Where applicable, we will provide any additional notices or rights required by those laws.

​

13. Security

​

We use administrative, technical, and organizational measures designed to protect personal data, including access controls, encryption in transit, restricted permissions, logging, and vendor controls. No method of transmission or storage is completely secure.

​

14. Your rights and choices

​

Depending on where you live, you may have rights to:

  • access your personal data;

  • correct inaccurate data;

  • delete personal data;

  • export certain data;

  • object to or restrict certain processing;

  • withdraw consent at any time for optional processing;

  • manage saved recordings and history; and

  • lodge a complaint with a supervisory authority.

Privacy notices should explain user rights and provide the relevant contact route.

You can exercise rights by contacting us at [privacy@guguworks.com].

​

15. Consent choices

​

Where we rely on consent:

  • consent is optional for the covered purpose;

  • you can withdraw consent at any time;

  • withdrawal does not affect processing already carried out lawfully before withdrawal; and

  • refusing optional consent will not disable core processing that is strictly necessary to provide the feature you requested, unless that specific optional processing is itself the feature.

ICO guidance says consent requests should be prominent, concise, understandable, and separate from general terms, with granular choices for distinct processing operations and an easy way to withdraw consent.

​

16. Deletion

​

You may request deletion of your account and associated data. When you do:

  • live account data will be deleted or de-identified within a reasonable period, subject to legal and security exceptions;

  • saved recordings and history tied to the account will be deleted or scheduled for deletion;

  • certain limited data may be retained for compliance, fraud prevention, dispute resolution, or backup integrity.

  • ​

17. Changes to this Privacy Policy

​

We may update this Privacy Policy from time to time. If changes are material, we will provide notice as required by law.

​

18. Contact

​

For privacy questions or requests, contact:

Privacy Team


Guguworks LLC
1209 Mountain Rd PL NE Ste N

87110, Albuquerque

NM, United States
privacy@guguworks.com

bottom of page