This Privacy Notice explains what personal data Guitar Guru collects, why we collect it, how we use and protect it, and what rights you have over your data. Please read it carefully before using the Guitar Guru app or website.
1. Who we are
Guitar Guru is operated by Guitar Guru Ltd ("we", "us", "our"). We are the data controller for the personal data described in this notice. If you have any questions, you can contact us at [email protected].
2. Data we collect
Account data
When you create an account we collect your email address, a display name you choose, and your password (stored as a one-way cryptographic hash — we cannot read it). We also store your preferred display currency.
Guitar and valuation data
When you add a guitar to your collection or request a valuation, we collect:
- Photos of your guitar that you upload
- Details you provide: manufacturer, model, year, condition, and any description
- Valuation results generated by our models, including estimated price ranges and market context
Usage data
We collect standard server logs that include your IP address, the type of device and operating system you are using, and the dates and times of requests to our service. These logs are used for security monitoring and diagnosing technical problems.
Payment data
We do not currently collect payment information. If we introduce paid features in the future, payments will be processed by a PCI-compliant third-party provider and we will update this notice accordingly. We will never store raw card details on our own systems.
Location data
We do not currently collect precise location data. In the future we may request access to your approximate location to provide localised market pricing and nearby dealer information. If we do so, we will ask for your explicit consent first, and you will be able to withdraw that consent at any time through your device settings.
Data we do not collect
We do not collect any data from your device other than what you explicitly submit to us.
3. How we use your data
We use your personal data only for the purposes described below:
- Providing the service — to authenticate your account, store your guitar collection, and generate valuations
- Communications — to send transactional emails such as password reset links. We do not send marketing emails unless you separately opt in
- Improving the service — aggregated, anonymised usage patterns may be analysed to improve valuation accuracy and app functionality. Individual guitar data is not shared externally for this purpose
- Security and fraud prevention — to detect and prevent abuse, unauthorised access, and other harmful activity
- Legal compliance — where we are required to do so by applicable law
4. Lawful basis for processing
Where the UK GDPR or EU GDPR applies, we rely on the following lawful bases:
- Contract — processing your account data and guitar data is necessary to provide the service you have signed up for
- Legitimate interests — security monitoring, abuse prevention, and service improvement, where these do not override your rights
- Legal obligation — where we are required to retain or disclose data by law
5. Third-party services
We use a small number of trusted third-party providers to operate the service. Each acts as a data processor under our instruction:
- Google Cloud Platform — cloud infrastructure, database hosting, and image storage. Servers are located in the EU (London region). Google Cloud privacy information
- Brevo (Sendinblue) — transactional email delivery (e.g. password reset emails). Your email address is passed to Brevo solely for the purpose of sending that email. Brevo privacy policy
We do not sell your data to third parties, and we do not use your data for advertising.
6. Data retention
We retain your account data and guitar collection for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it for longer.
Server logs are retained for a maximum of 90 days.
Password reset tokens expire after one hour and are deleted immediately upon use.
7. Security
We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and access controls on our infrastructure. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable precautions to protect your information.
8. Your rights
Under UK and EU data protection law, you have the following rights:
- Access — you can request a copy of the personal data we hold about you
- Rectification — you can ask us to correct inaccurate data
- Erasure — you can ask us to delete your account and associated data
- Restriction — you can ask us to limit how we use your data in certain circumstances
- Portability — you can ask for your data in a machine-readable format
- Objection — you can object to processing based on legitimate interests
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.
9. Cookies
The Guitar Guru website (guitar-guru.app) does not use tracking or advertising cookies. The app itself stores your authentication token securely on your device using the iOS Keychain. We do not use third-party analytics scripts on this website.
10. Children
Guitar Guru is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
11. Changes to this notice
We may update this Privacy Notice from time to time. If we make material changes, we will notify you via the app or by email before the changes take effect. The date at the top of this page reflects when it was last updated.
12. Contact
For any privacy-related questions or requests, please contact us at [email protected].