Privacy Policy
Effective date: April 15, 2026
1. What We Collect
We collect the minimum information necessary to provide the service:
| Data | Why We Collect It | Stored By |
|---|---|---|
| Email address | Report delivery, subscription access, unlock confirmation | GuruExposed servers |
| URLs you submit for scanning | Running the intelligence pipeline and returning results | GuruExposed database |
| Payment information | Processing your payment | Stripe, Inc. (we never see or store card details) |
| Theme preference | Remembering your display preference | Your browser (localStorage only) |
| Server logs (IP, timestamp, endpoint) | Security, abuse prevention, debugging | GuruExposed servers (auto-deleted after 30 days) |
2. What We Do Not Collect
- We do not use tracking cookies or third-party analytics pixels
- We do not track your browsing activity outside of guruexposed.com
- We do not collect your name, address, or phone number
- We do not require account creation to access the free shallow report
- We do not sell your personal data to third parties
3. How We Use Your Data
- Email: Used to deliver reports, confirm payments, and send the weekly newsletter (if you subscribed to it). You can unsubscribe from the newsletter at any time via the link in any newsletter email or via our unsubscribe endpoint.
- Scanned URLs: Stored as part of the intelligence database. URLs you submit contribute to the public database of analyzed programs. The shallow report becomes publicly accessible. If you submitted a URL and do not want it in our database, contact us.
- Payment data: Stripe processes payments. We receive a confirmation token and payment status from Stripe. We store the Stripe session ID and your email to associate the payment with the correct report unlock or subscription.
4. Data Sharing
We share data with the following third parties, strictly for service delivery:
- Stripe, Inc. — payment processing. Stripe's privacy policy applies to payment data they collect.
- SendGrid (Twilio) — transactional email and newsletter delivery.
- Groq / AI providers — claim extraction and analysis. Only the content of the scanned page (publicly available) is sent, never your personal information.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. Data Retention
- Intelligence reports: Stored indefinitely. They constitute the public database that powers the service.
- Email and subscription records: Retained for as long as your subscription or newsletter subscription is active, plus 12 months after cancellation for dispute resolution.
- Payment records: Retained for 7 years for accounting and tax compliance.
- Server logs: Auto-deleted after 30 days.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate personal data
- Request deletion of your personal data (subject to legal retention requirements)
- Unsubscribe from marketing communications at any time
To exercise these rights, email [email protected]. We will respond within 30 days.
7. Security
We use HTTPS for all data in transit. Passwords are hashed using bcrypt. We do not store payment card numbers. Database access is restricted to application servers via VPN. We review access controls regularly. No security system is perfect; if you discover a vulnerability, please disclose it responsibly to [email protected].
8. Changes to This Policy
We may update this policy. We will post changes here with a revised effective date. For material changes that affect your rights, we will notify active subscribers by email.
9. Contact
Privacy questions: [email protected]
General support: [email protected]