Privacy Policy — Gustia

Effective Date: May 1, 2026
Version: 1.1

1. Introduction & Our Commitment to Your Privacy

Gustia is a mobile app that helps you understand restaurant menus — dish explanations, ingredients, allergens, and dietary filtering.

Data Controller: Forecast Fusion, LLC
43 East Chestnut Street, Asheville, NC 28801, United States

Contact: privacy@gustia.app
Account deletion: gustia.app/delete-account

This policy explains how we collect and use your information when you use the Gustia mobile app (available on the Apple App Store and Google Play). We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (together, "CCPA"), and other applicable state privacy laws.

If you have questions about this policy or our privacy practices, please contact us at privacy@gustia.app. We respond to privacy requests within 30 days.

2. Data We Collect

We collect data you give us directly, data generated automatically when you use the app, and a small amount of data from our service providers.

2.1 Account Data

What you provide when you create and use your account:

Email address and password (managed by Clerk; passwords are hashed — we never see them)
Optional display name
App settings and preferences

Legal basis (GDPR): Contract performance — Art. 6(1)(b).

If you choose to set up a dietary profile, we collect:

Allergies you report (e.g., nuts, dairy, gluten)
Dietary restrictions and preferences (e.g., vegan, halal, kosher, vegetarian)

This is considered health data under GDPR and we only collect it with your explicit opt-in consent. You can use the app without providing this information — allergen filtering is simply unavailable.

You can remove this data or withdraw consent at any time in Settings → Privacy. Withdrawal does not affect processing that already happened.

Legal basis: Explicit consent — GDPR Art. 9(2)(a).

2.3 Location Data

When you use the "Find restaurants near me" feature we use your device location to return nearby results. Location is used for the request and is not stored on our servers. You can always search by city name as an alternative.

Legal basis: Consent — GDPR Art. 6(1)(a), plus device-level permission.

2.4 Device Permissions

We request the following permissions only when you use a related feature:

Camera — to photograph menus for scanning.
Photo library — to let you pick a previously saved menu photo.
Location — to find nearby restaurants.
Notifications — to deliver useful information about app updates you have opted in to.

You can grant or revoke any permission at your device's system settings at any time.

When you scan a menu, the photo is sent to our backend and processed by an OCR service to extract the text.

Important: Menu photos are stored in our databaselinked to the restaurant, not to your user account. Once the photo has been processed we take steps to disassociate menu photos from your account after processing and do not retain them in your personal history. Some images may incidentally contain third-party personal information (such as contact details printed on a menu); we do not use such information to identify individuals. We use the stored images to build and improve the menu database for all users. We do not keep a personal history of which menus you personally scanned beyond what is necessary to operate your account.

The extracted menu text is then processed by AI to generate dish explanations and predicted ingredients.

Legal basis: Contract performance — GDPR Art. 6(1)(b), and our legitimate interest in improving the menu database — Art. 6(1)(f).

2.6 Usage & Analytics Data

We collect basic product analytics to understand how Gustia is used and to fix problems:

App events (screens viewed, features used, filters applied, searches)
Device info (model, OS version, app version, language)
Session data

We use PostHog for product analytics.

Legal basis: Legitimate interest — GDPR Art. 6(1)(f).

2.7 Advertising & Attribution Data

We enable advertising attribution tools such asAppsFlyer and collect advertising identifiers, attribution data, and campaign-related events, subject to platform controls and any consent required by applicable law. On iOS, tracking-related processing will be subject to ATT where applicable. Each Marketing partner is subject to their own privacy policy and has committed to GDPR compliance.

Data involved:

Device advertising identifiers (IDFA on iOS if you allow tracking, GAID on Android)
IP address (used for geolocation and fraud prevention)
Install source and in-app events (e.g., account created)
Device and OS info

iOS: On iOS, we show Apple's App Tracking Transparency (ATT) prompt before any tracking begins. If you decline, we do not use IDFA and do not share identifier-level data with Meta, Apple Search Ads, or Google Ads.

Android and EU users: For users in the EU/EEA, we ask for your consent before enabling this tracking. You can change your choice at any time in Settings → Privacy.

We do not share your allergen or dietary data with advertisers. Ever.

Legal basis: Consent — GDPR Art. 6(1)(a).

2.8 Push Notifications & Email Notifications

We send you:

Transactional messages — account emails (password reset, deletion confirmation, security alerts). These are required for us to operate your account.
Product updates and tips — only if you opt in. You can unsubscribe at any time in Settings or via the link in any email.

Push notifications are delivered through Expo Notifications and require your device-level permission.

Legal basis: Contract performance (transactional) and consent (product updates).

3. How We Use Your Data

3.1 Core App Functionality

Creating and maintaining your account
Processing menu scans and showing dish explanations
Filtering dishes against your dietary profile
Finding nearby restaurants

Legal basis: Contract — Art. 6(1)(b).

3.2 Communications

Account and security emails
Responding to support requests
Notifying you of changes to this policy or our Terms
Product updates (opt-in only)

Legal basis: Contract and consent.

3.3 Service Improvement

Usage analytics
Fixing bugs and crashes
Improving the menu database and ingredient predictions

Legal basis: Legitimate interest — Art. 6(1)(f).

3.4 Marketing & Advertising

Measuring which campaigns brought users to Gustia (attribution via AppsFlyer)
Optimizing our advertising on Meta, Apple, and Google

Legal basis: Consent.

3.5 Legal & Compliance

Complying with laws and valid legal requests
Enforcing our Terms of Use
Preventing fraud and abuse

Legal basis: Legal obligation — Art. 6(1)(c) — and legitimate interest.

3.6 Health & Safety

Health data is used only to filter dishes for you. We do not use it for any public health or aggregation purposes.

Allergen and dietary information counts as special-category data under GDPR because it relates to your health.

4.1 Processing Conditions

We rely on explicit consent (Art. 9(2)(a)). You opt in when you first set up your dietary profile. You can withdraw at any time, and the app will still work without this data — allergen filtering simply becomes unavailable.

4.2 Your Rights

You can access, correct, delete, or export your dietary profile at any time via Settings → Privacy, or by emailing privacy@gustia.app. See Section 10 for the full list of rights.

4.3 Data Minimization

We only collect what you explicitly provide. We do not infer health conditions from your behavior, we do not share your health data with third parties, and we do not use it for automated decision-making beyond filtering menu items for you.

5.1 AppsFlyer & Advertising Partners

AppsFlyer is our attribution partner. With your consent (and, on iOS, subject to ATT), AppsFlyer may share the data listed in Section 2.7 with Advertising Partners.

You can opt out at any time:

In-app: Settings → Privacy → Advertising & analytics
iOS: Settings → Privacy → Tracking → Gustia
Android: Google Settings → Ads → Opt out of ads personalization
Directly with AppsFlyer: https://www.appsflyer.com/optout

Legal basis: Explicit consent (GDPR/CCPA) for sharing; we provide opt-out rights as described in §5.5 and §10.2.

5.2 Other Service Providers

We work with the following providers to run the app:

Service	Purpose	Data shared	CCPA category
Clerk	Authentication	Email, hashed password, user ID	Identifiers
Supabase	Database & backend hosting	Account and profile data	Identifiers; Sensitive PI (health data, if stored)
Gemini	OCR for menu scan; dish explanations and ingredient prediction	Menu images; extracted menu text (no user identifiers)	Sensory data; Commercial info
OpenAI	Menu data enrichment	Dish and allergen information (no user identifiers)	Commercial info
Expo Notifications	Push notification delivery	Device push tokens	Identifiers
AppsFlyer	Attribution	See Section 2.7	Identifiers; Internet activity; Geolocation (approximate)
PostHog	Product Analytics	User ID (if identified), IP address (used for GeoIP, configurable), device/OS info, app events (screens viewed, taps, navigation), session recordings (UI state snapshots)	Identifiers; Internet activity; Geolocation (approximate, IP-derived)

Our service providers are bound by their published terms of service, privacy policies, and — where available — data processing agreements (DPAs) requiring them to process data only on our instructions and in compliance with applicable law.

5.3 Legal Requests

We may disclose data if required by law or a valid legal request. We will try to notify you where we are legally allowed to do so.

5.4 Business Transfers

If we are acquired, merged, or go through a similar transaction, your data may transfer as part of the business. We will let you know if this happens.

5.5 No Sale of Personal Information

We do not sell your personal information. We do share limited device and attribution data with advertising partners as described in Section 2.7, and you can opt out at any time. Under California law this "sharing" can be opted out of.

6. Device Permissions

6.1 Location

When: when you tap "Find restaurants near me."Why: to return nearby restaurants.Stored: no — we don't keep your location on our servers. Revoke: device Settings → Gustia → Location.

6.2 Camera

When: when you scan a menu. Why: to capture the menu image for processing. Stored: the image goes to our backend linked to the restaurant, not to you (see Section 2.5). Revoke: device Settings → Gustia → Camera.

6.3 Photo Library

When: when you pick an existing menu photo.Why: same as camera. Revoke: device Settings → Gustia → Photos.

7. Cookies & Tracking Technologies

7.1 Mobile App

The mobile app does not use browser cookies. It uses:

Your device's advertising identifier (IDFA / GAID), subject to your consent and ATT on iOS
Secure local storage for session and preferences
SDK-level identifiers for AppsFlyer

7.2 Web Companion

We do not operate a user-facing web app, other than the account deletion page. That page uses only essential cookies needed to run it.

7.3 Do Not Track (DNT) / Global Privacy Control

If your browser sends a DNT or GPC signal to our account deletion page, we honor it by treating it as an opt-out of non-essential tracking.

8. Data Retention Periods

We keep data only as long as we need it.

Data	How long we keep it
Account data	While your account exists, plus up to 30 days after deletion
Dietary / allergen profile	Deleted when you remove it or when your account is deleted
Location	Not stored
Menu photos (linked to restaurant, not to you)	Kept as part of the menu database; not tied to your user ID
AppsFlyer attribution	Up to 2 years
Backups	Up to 7 days after deletion from live systems

Legal holds: If we receive a legal hold, court order, or law enforcement request, we may retain data beyond the standard retention period as required by law.

9. International Data Transfers

Forecast Fusion, LLC is based in the United States. We transfer data to the US and other countries using appropriate safeguards including EU Standard Contractual Clauses and, for UK transfers, the UK International Data Transfer Agreement or equivalent addendum.

Users may request further information at privacy@gustia.app.

10. Your Privacy Rights

If you live in the EU, EEA, or UK, you have these rights:

Access — get a copy of the personal data we hold about you.
Rectification — correct data that is wrong or incomplete.
Erasure — ask us to delete your data ("right to be forgotten").
Restriction — ask us to limit how we use your data in specific situations.
Portability — get your data in a machine-readable format.
Objection — object to processing based on legitimate interest, and to direct marketing at any time.
Withdraw consent — where we rely on consent (e.g., health data, advertising), you can withdraw it at any time.
Lodge a complaint — with your national Data Protection Authority.

10.2 CCPA / CPRA Rights (California)

If you are a California resident, you have these rights:

Right to know what personal information we collect, use, and share.
Right to delete your personal information, subject to legal exceptions.
Right to correct inaccurate personal information.
Right to opt out of "sharing" for cross-context behavioral advertising (see Section 5.5).
Right to limit our use of sensitive personal information (health data, precise location). We use your sensitive personal information (dietary/allergen data, precise location) only to provide the features you request and not for any secondary purposes such as advertising profiling.
Right to non-discrimination — we will not treat you differently for exercising your rights.

10.3 Other US State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, Montana, Delaware, Oregon, Texas, and other US states with privacy laws have comparable rights. You can exercise them through the same channels as California residents.

10.4 How to Exercise Your Rights

You have three ways to exercise any of the rights above:

In the app — Settings → Privacy. You can update your profile, change consent toggles, download a copy of your data, and delete your account.
By email — write to privacy@gustia.app and tell us which right you want to exercise. We may ask you to confirm the email address on file so we can verify it is really you.
Web Portal — Account deletion: gustia.app/delete-account. Data export: gustia.app/data-export.

We will respond within one month. For complex or numerous requests, we may extend this by up to two additional months and will notify you of the extension and reason.

We do not charge a fee.

11. Children's Privacy

Gustia is not directed at children under 13.

United States (COPPA): We do not knowingly collect personal information from children under 13. If we discover we have, we will delete the account and data.
EU/EEA: In some EU countries the minimum age for consent to data processing is 16 (others allow 13-15 with parental consent). If you are under the age of consent in your country, you must have permission from your parent or guardian to use Gustia.

We use a simple age confirmation during sign-up ("I am 13 or older"). This age gate exists to comply with COPPA and GDPR, and is independent of the App Store / Google Play content rating for the app, which is based on content (menu display that may include incidental references to alcoholic beverages) and is set at the platform level.

If you believe a child under the applicable age has created an account, please contact privacy@gustia.app and we will remove it.

Parents can contact us directly to raise concerns or request deletion.

12. Account Deletion & Data Retention

12.1 How to Delete Your Account

In the app: Settings → Account → Delete Account.
On the web: gustia.app/delete-account
By email: privacy@gustia.app

12.2 Grace Period & Recovery

When you request deletion, your account enters a 30-day grace period. During this time your account is disabled and you can log back in to cancel the deletion. If you do nothing, your account and your personal data are permanently deleted at the end of the grace period.

12.3 What Gets Deleted

When deletion is finalized we remove:

Your account and login
Your dietary profile
Your in-app saved items and preferences

What we do not delete:

Menu photos that are already part of our restaurant menu database (they are not linked to you — see Section 2.5).
Aggregated, anonymized usage statistics.
Data we are legally required to keep.

12.4 Exceptions to Deletion

We may keep data beyond the grace period if:

Law, a court order, or a valid legal request requires it.
It is needed to resolve a dispute or enforce our Terms.
It exists in routine backups — these are cleared within 7 days.

13. Data Security

We use industry-standard safeguards to protect your data:

Encryption in transit (TLS) and at rest
Passwords hashed by Clerk (we never see them)
Access to production systems limited to team members who need it
Monitoring of application errors and access logs

No system is perfectly secure. You help by keeping your password private, not sharing your login, and signing out on shared devices. If you think your account has been accessed without your permission, contact support@gustia.app.

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required under GDPR Art. 33. Where a breach is likely to result in high risk to your rights (for example, involving health data), we will also notify affected users directly as required by Art. 34.

14. Changes to This Privacy Policy

We may update this policy. When we do:

Small changes: we update the "Effective Date" and post the new version in the app and at gustia.app/privacy.
Material changes (for example, changes affecting how we use health data, or new third-party sharing): we will notify you in the app or by email before they take effect, and where required by law we will ask for renewed consent.

You can always read the current version in the app at Settings → Legal → Privacy Policy.

15. Contact Information

15.1 Privacy Contact

Forecast Fusion, LLC
Email: privacy@gustia.app
Mailing address: 43 East Chestnut Street, Asheville, NC 28801, USA

We will respond to privacy requests within 30 days.

15.2 Data Protection Officer

Gustia is not required to appoint a Data Protection Officer under GDPR Article 37. If that changes, we will update this section and publish contact details. In the meantime, all privacy inquiries should go to privacy@gustia.app.

15.3 Data Protection Authorities

If you are not satisfied with how we handle your privacy rights, you can lodge a complaint with your supervisory authority:

EU/EEA: list of national DPAs — https://edpb.europa.eu/about-edpb/board/members_en
United Kingdom: Information Commissioner's Office (ICO) — https://ico.org.uk
California: California Privacy Protection Agency —https://cppa.ca.gov

16. California-Specific Disclosures (CCPA / CPRA)

This section supplements Section 10.2 for California residents.

16.1 Categories of Personal Information Collected

In the past 12 months we have collected the following categories of personal information (as defined by CCPA):

Category	Examples	Source	Purpose	Shared with
Identifiers	Email, user ID, device identifiers (IDFA/GAID)	You and your device	Account, analytics, advertising	Clerk, AppsFlyer, Marketing Partners
Commercial info	Features used, searches, restaurants viewed	Your device	Analytics	PostHog, AppsFlyer
Internet activity	App events, sessions, IP address	Your device	Analytics, fraud prevention	PostHog, AppsFlyer
Geolocation	Device location when you use nearby search	Your device (opt-in)	Nearby restaurant lookup	Not stored
Sensory	Menu photos	Your device (opt-in)	OCR processing, menu database	Gemini
Sensitive personal information	Allergen and dietary data (opt-in)	You	Dietary filtering only	Not shared
Inferences	Which dishes match your profile	Derived	Personalization	Internal only

We do not knowingly collect biometric information, professional or education information, or information about a user's race, religion, union membership, or sexual orientation.

16.2 Retention

See Section 8.

16.3 CPRA-Specific Rights

Right to limit use of sensitive personal information — covered by our general health-data consent and by the privacy toggles in Settings → Privacy.
Right to correct — available via Settings or privacy@gustia.app.
Right to opt out of sharing — available via Settings → Privacy → Advertising & analytics, and via the iOS ATT prompt.

Gustia uses automated processing to filter menu items against your dietary profile. This logic operates solely on the data you provide and does not infer conditions beyond what you explicitly enter. We do not currently offer automated decision-making outside of basic dietary filtering, so the right to opt out of ADM is not separately applicable. If this changes, we will add a notice here.

We do not operate a separate formal CPRA appeal process at this stage. If we deny a request, our denial will explain how to escalate.

16.4 Financial Incentives

We do not offer financial incentives in exchange for personal information.

16.5 California Consumer Legal Rights

A California consumer has the right to request that we delete personal information we have collected from them, subject to the exceptions in the CCPA. We will honor valid requests within the timeframes in Section 10.4.

In the mobile app, you can change your consent at any time in Settings → Privacy. Changes take effect immediately.

17.2 Global Privacy Controls

See Section 7.3.

18. Glossary of Terms

To keep this policy short we have inlined the relevant terms where they are first used. If a term is unclear, email privacy@gustia.app and we will explain it.

19. Summary of Your Privacy Rights at a Glance

EU / EEA / UK (GDPR): access, correct, delete, restrict, port, object, withdraw consent, lodge a complaint.California (CCPA / CPRA): know, delete, correct, limit use of sensitive data, opt out of sharing for advertising, non-discrimination. Everyone: update your profile, manage consents in Settings, delete your account, email us at privacy@gustia.app.

20. Final Notes

This policy is intended to be short, clear, transparent and comprehensive about what we do with your data. If anything here is unclear, email privacy@gustia.app.

Effective date: May 1, 2026

Forecast Fusion, LLC
privacy@gustia.app
43 East Chestnut Street, Asheville, NC 28801, USA