Guspora™ Privacy Policy

Guspora, LLC ("Company," "we," "us," or "our") operates Guspora (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service, including our three-party compliance ecosystem connecting AHJ Inspectors, Customers, and Service Providers.

1. Information We Collect

1.1 Information You Provide

Account Information (All Users):

• Name, Email address, Phone number
• Company or agency name
• Role (AHJ Inspector, Customer, or Service Provider)

AHJ Inspector Information:

• Jurisdiction (department, county, city, district)
• Badge or credential number
• Department affiliation
• Supervisor or department head contact

Customer Information:

• Property addresses and details
• Business name and type
• Billing address (if applicable)
• Property management authority documentation

Service Provider Company Information:

• State fire protection contractor license number(s)
• General liability insurance Certificate of Insurance (COI)
• Workers compensation insurance certificate
• Business license documentation
• Billing address
• Payment information (processed by Stripe)

Service Provider Technician Information:

• Individual state technician license number(s)
• Manufacturer-specific certifications (CaptiveAire, Buckeye, Ansul, Kidde, Amerex, and others)
• Factory training completion records
• ICC certification numbers
• Certification expiration dates

Business Data:

• Inspection records and reports
• Deficiency records (descriptions, photographs, code citations, severity classifications)
• Equipment inventories and manufacturer identification
• Repair documentation and progress notes
• Service histories
• Documents and files you upload

Video and Image Data (AI-Powered Inspections):

• Video recordings captured during AI-powered inspections via smart glasses (Meta Ray-Ban, compatible devices) or phone camera
• Audio recordings captured during inspections for AI transcription
• Photographs taken during manual or AI-powered inspections
• AI-generated inspection reports derived from video/audio analysis

Communications:

• Support requests
• Feedback and surveys
• Correspondence with us
• In-platform messages between authorized parties

1.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on the Service
• Actions taken within the application

Device Information:

• Browser type and version
• Operating system
• Device identifiers
• IP address

Log Data:

• Access times
• Error logs
• Referring URLs

Device Sensor Data (Mobile App and Smart Glasses):

• GPS coordinates during inspection check-in and check-out
• Camera and microphone data streamed from connected smart glasses
• Biometric authentication data (fingerprint templates stored locally on device only — never transmitted to our servers)
• Device orientation and motion data during inspections

1.3 Information from Third Parties

Payment Processor (Stripe):

• Transaction history
• Payment method details (we do not store full card numbers)

Authentication Providers:

• If you sign in via Google or other providers, we receive basic profile information

State Licensing Databases:

• License status, expiration dates, and disciplinary actions for credential verification

Manufacturer Technician Databases:

• Authorized technician status, certification dates, and authorization scope for manufacturer-specific credential verification

Insurance Verification:

• COI validation and expiration data

2. How We Use Your Information

We use your information to:

Provide the Service:

• Create and manage your account
• Process transactions (Service Providers)
• Conduct credential verification and monitoring
• Manage the deficiency lifecycle and dual-approval workflow
• Generate inspection reports
• Store and organize your business data
• Send notifications via email, SMS (Twilio), and in-app alerts

Credential Verification:

• Verify state licenses against licensing databases
• Cross-reference technician certifications against manufacturer-authorized technician databases
• Monitor insurance certificate expiration dates
• Implement automatic suspension upon credential lapse
• Display verification badges to authorized parties

Three-Party Compliance Ecosystem:

• Share deficiency information between authorized AHJ Inspectors, Customers, and Service Providers as described in Section 3
• Process dual-approval access requests
• Maintain permanent audit trails of deficiency lifecycles
• Provide compliance analytics to authorized parties

Improve the Service:

• Analyze usage patterns
• Develop new features
• Fix bugs and improve performance
• Train and improve AI features (using anonymized/aggregated data only)

Communicate with You:

• Send service notifications (deficiency alerts, approval requests, credential expiration warnings)
• Respond to support requests
• Provide product updates
• Send marketing communications (with your consent)

Legal and Security:

• Comply with legal obligations
• Enforce our Terms of Service including anti-bid-board provisions
• Protect against fraud and abuse
• Maintain security of the Service

3. Three-Party Data Sharing

The core function of Guspora's compliance ecosystem requires controlled data sharing between AHJ Inspectors, Customers, and Service Providers.

3.1 Data Visible to AHJ Inspectors

AHJ Inspectors can view, within their verified jurisdiction:

• Deficiency records they created (full details)
• Customer property information related to their inspections
• Service Provider company credentials (license, insurance, business status)
• Individual technician credentials and verification badges
• Repair progress and status updates on deficiencies in their jurisdiction
• Completion documentation submitted by Service Providers
• Jurisdiction-wide compliance analytics (aggregated)

3.2 Data Visible to Customers

Customers can view, for their properties:

• Full deficiency details including descriptions, photographs, and code citations
• Service Provider company profiles and credential status
• Individual technician verification badges and certification status
• Real-time repair progress on their deficiencies
• Complete compliance history and audit trails
• List of verified Service Providers qualified for specific equipment types

3.3 Data Visible to Service Providers

Before Dual Approval: Service Providers can only see general location (city/county), equipment category, and requesting Customer name for pending access requests.

After Dual Approval: Service Providers can view full deficiency details, AHJ Inspector notes and requirements, Customer contact information, and equipment specifications for approved deficiencies only.

3.4 Deficiency Data Gating

3.5 Credential Data Sharing

Service Provider company credentials and individual technician certifications are visible to:

• AHJ Inspectors (as a compliance verification tool)
• Customers (when evaluating or selecting Service Providers)
• The Service Provider themselves (for management purposes)

Credential information is NOT shared with other Service Providers or any unauthorized parties.

4. AI and Data Processing

4.1 AI Features

Guspora uses artificial intelligence to assist with report generation. When you use AI features:

• Your input (voice recordings, text) is processed by AI services
• AI-generated content is stored in your account
• We use OpenAI and Anthropic APIs for AI processing

4.2 AI Training

• We do NOT use your individual customer data, deficiency records, or credential information to train AI models
• We may use anonymized, aggregated data to improve our AI prompts and features
• You may opt out of anonymized data usage by contacting us

4.3 Voice, Video, and Smart Glasses

Guspora supports AI-powered inspections using smart glasses (such as Meta Ray-Ban) and phone cameras. When you use these features:

• Video is streamed from your smart glasses or phone camera to the Guspora mobile app on your phone
• Audio is captured via the glasses microphone array or phone microphone
• Audio is processed by OpenAI Whisper for transcription
• Transcription and selected video frames are processed by Anthropic Claude for NFPA-compliant report generation
• All processing occurs through encrypted API connections
• You control when recording starts and stops
• You review and approve all AI-generated reports before they are finalized

Smart glasses act as wireless camera and microphone accessories — they do not run Guspora software directly. All processing occurs on your phone and through our secure cloud APIs.

4.4 Automatic Face Blurring Technology

Guspora includes built-in face detection and blurring technology to protect the privacy of all individuals present during inspections, including employees, visitors, bystanders, and minors.

How it works:

• Google ML Kit face detection runs entirely on your device (on-device processing — no face data is sent to any cloud service)
• All detected faces are automatically blurred with a strong Gaussian blur before any image or video frame is stored, transmitted, or displayed
• Unblurred images and video frames are NEVER stored to device storage, uploaded to our servers, or transmitted to any third party
• Even the live preview during recording displays blurred faces
• Face blurring is enabled by default for all users and all inspection types

What this means for people at inspected locations:

• No identifiable facial images of any person — including minors, employees, visitors, or bystanders — are captured, stored, or included in inspection reports
• Face detection data (bounding box coordinates) is used only for real-time blurring and is immediately discarded after each frame is processed
• No facial recognition, facial analysis, or biometric identification is performed
• No face templates, embeddings, or biometric identifiers are created or stored

Users may disable face blurring in app settings, but it is ON by default. If disabled, the user assumes responsibility for obtaining consent from individuals who may appear in inspection recordings.

4.5 Biometric Authentication

The Guspora mobile app supports fingerprint authentication for quick login:

• Fingerprint data is processed entirely by your device's secure hardware (Android Keystore)
• Fingerprint templates NEVER leave your device and are NEVER transmitted to Guspora servers
• We store only an encrypted authentication token, not biometric data
• PIN-based authentication is available as an alternative
• You can disable biometric login at any time in app settings

4.6 AI Data Processing Commitments

• Inspection video and audio are processed only for the purpose of generating your inspection report
• We do NOT use your inspection recordings to train AI models
• Recordings are stored in encrypted AWS S3 storage and are accessible only to your account
• You may delete recordings at any time
• AI processing partners (OpenAI, Anthropic) process data under their enterprise API agreements which prohibit using customer data for model training

5. How We Share Your Information

5.1 Between Platform Parties

As described in Section 3, information is shared between AHJ Inspectors, Customers, and Service Providers through the controlled three-party compliance ecosystem.

5.2 Service Providers (Third-Party Technology)

These providers are contractually obligated to protect your data.

5.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, government requests, protection of our rights or safety, or investigation of fraud or security issues.

5.4 Business Transfers

If we merge with or are acquired by another company, your information may be transferred. We will notify you.

5.5 With Your Consent

We may share information with your explicit consent.

6. Data Security

Technical Safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest (AES-256)
• Secure cloud infrastructure (AWS)
• Regular security updates
• On-device face blurring before any image/video storage or transmission
• Biometric authentication data isolated in device secure hardware (never transmitted)
• Smart glasses video streams encrypted in transit between glasses and phone

Access Controls:

• Role-based access controls enforcing three-party data boundaries
• Dual-approval gating for Service Provider deficiency access
• Multi-factor authentication available
• Regular access reviews

Credential Data Protection:

• Credential verification data stored in encrypted databases
• License and certificate numbers protected with access controls
• Insurance documentation stored securely with limited access
• Manufacturer database connections secured with API authentication

Operational Security:

• Employee security training
• Incident response procedures
• Regular security assessments

7. Data Retention

After account termination, you have 30 days to export your data before deletion. Deficiency audit trail data may be retained longer as required for legal compliance.

8. Your Rights and Choices

8.1 Access and Export

• You can access your data through the Service dashboard
• Export in standard formats (CSV, PDF)
• Request a copy of all data we hold about you

8.2 Correction

You can update your account information at any time through settings. Credential information updates are subject to re-verification.

8.3 Deletion

• You can delete individual records (subject to audit trail requirements)
• Request account deletion by contacting support@guspora.com
• Data will be deleted within 30 days

8.4 Marketing Opt-Out

• Unsubscribe from marketing emails
• Adjust notification preferences

Service notifications (deficiency alerts, credential warnings, approval requests) cannot be disabled as they are essential to platform function.

8.5 Do Not Track

We do not currently respond to "Do Not Track" browser signals.

9. Cookies and Tracking

9.1 Cookies We Use

Essential Cookies:

• Authentication and session management
• Security features
• Required for Service functionality

Analytics Cookies:

• Usage patterns and performance
• Feature adoption
• May be disabled in settings

9.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10. Children's Privacy and Protection of Minors

Guspora is not intended for use by children under 18. We do not knowingly collect personal information from children.

Protection During Inspections at Child-Occupied Facilities

Guspora is frequently used to inspect fire protection systems at schools, daycares, children's hospitals, and other facilities where minors are present. We have implemented specific technical safeguards to protect children's privacy during inspections:

• Automatic face blurring is enabled by default and applies to ALL detected faces, including children
• No identifiable images of minors are ever captured, stored, or transmitted
• Face detection processing occurs entirely on the technician's device with no cloud component
• Inspection reports generated by AI contain equipment and compliance data only — never identifiable images of any person
• Technicians are instructed to focus camera equipment on fire protection systems and equipment, not on people

These protections operate automatically and do not require any action from the facility being inspected. Building owners and facility managers may request confirmation of these privacy protections from their service provider.

If you believe that images of a minor have been captured without proper blurring, contact us immediately at support@guspora.com and we will investigate and delete any such data within 24 hours.

11. International Data Transfers

Your data is processed and stored in the United States (AWS us-east-1 region). By using the Service, you consent to the transfer of data to the United States.

For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses and your consent.

12. California Privacy Rights

California residents have additional rights under the CCPA:

• Right to Know: Request disclosure of data collected about you
• Right to Delete: Request deletion of your personal information (subject to audit trail retention requirements)
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising these rights

To exercise these rights, contact support@guspora.com.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted with an updated "Last Updated" date. Material changes communicated via email, in-app notification, and prominent website notice. Continued use after changes constitutes acceptance.

14. Contact Us

15. Additional Disclosures

15.1 Government and Enterprise Users

AHJ Inspectors and other government users may be subject to additional requirements regarding data handling, public records laws, and ethics regulations. The Service does not replace official government inspection processes, records systems, or legal authority.

15.2 HIPAA

15.3 Industry Compliance

While we implement strong security practices, you are responsible for ensuring your use of Guspora complies with industry-specific regulations applicable to your business.

15.4 Credential Data Accuracy

Guspora relies on state licensing databases, manufacturer technician databases, and user-provided documentation for credential verification. While we make reasonable efforts to verify accuracy, we cannot guarantee that all credential data is complete, current, or error-free. Users should not rely solely on Guspora's verification system for critical hiring or contracting decisions.

15.5 Audit Trail Permanence

Deficiency lifecycle data, including creation, access approvals, status updates, and clearance records, is maintained as a permanent audit trail. This data may persist after individual account deletion to maintain the integrity of compliance records shared across the three-party ecosystem.