Privacy Policy

This Privacy Policy describes the types of personal information that Gitar, Inc. (“Gitar,” “we,” “our,” and/or “us”) collects, uses, and discloses from individuals who use our website, including https://gitar.ai/, and our services that link to this Privacy Policy (collectively, “Services”). As used in this Privacy Policy, “personal Information” means any information relating to an identified or identifiable individual. By using our Services, you agree to the collection, use, disclosure, and procedures described in this Privacy Policy. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service (gitar.ai/terms-of-service).

Personal Information We Collect

We may collect a variety of personal information from or about you or your devices from various sources, as described below. Where applicable, we indicate whether and why you must provide us with your personal information, as well as the consequences of failing to do so. If you do not provide your personal information when requested, you may not be able to use our Services if that personal information is necessary to provide you with our Services or if we are legally required to collect it.

A. Personal Information You Provide to Us

Account Registration. If you sign up for an account, we collect your email address, name, and any additional information you choose to provide.

Communications. If you contact us directly, we may receive additional information about you, such as your name, email address, phone number, city, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect certain information from you, such as your email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.

Payment Information. If you make a purchase through our Services, your payment-related information, such as credit card or other financial information, is collected by our third-party payment processor on our behalf.

Inputs and Outputs, including Chats and Code: When you interact with our Services, including by submitting queries, generating outputs, or uploading code, we collect information related to those interactions. This includes:

• Inputs: Text, code, and other data you provide when using our Services, such as messages, commands, and uploaded files.
• Outputs: Responses, generated code, and other data our Services provide back to you based on your inputs.
• Retention: We do not retain user-provided inputs or generated outputs beyond the scope necessary to provide the requested functionality. No user-generated content is stored for training or model improvement purposes.

B. Personal Information We Collect When You Use Our Services

Location Information. When you use our Services, we may receive your location information (for example, your IP address may indicate your general geographic region).

Device Information. We receive information about the device and software you use to access our Services, including IP address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.

Usage Information. To help us understand how you use our Services and to help us improve it, we automatically receive information about your interactions with our Services, such as the pages or other content you view and the dates and times of your visits.

Information from Cookies and Similar Technologies. We and our third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services.

Please review your web browser’s “Help” file to learn how you may modify your cookie settings. Please note that if you delete or choose not to accept cookies from our Services, you may not be able to utilize the features of our Services to their fullest potential.

How We Use the Personal Information We Collect

We use the personal information we collect:

• To provide, maintain, improve, and enhance our Services;
• To understand and analyze how you use our Services and develop new products, services, features, and functionality;
• To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide support;
• For marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you;
• To generate anonymized or aggregated data for any lawful purposes;
• To find and prevent fraud and abuse, and respond to trust and safety issues that may arise;
• For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and
• For other purposes for which we provide specific notice at the time the information is collected.

Legal Bases For Processing European Information

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we only process your personal information when we have a valid “legal basis,” including as set forth below.

• Consent. We may process your personal information where you have consented to certain processing of your personal information. For example, we may process your personal information to use cookies where you have consented to such use.
• Contractual Necessity. We may process your personal information where required to provide you with our Services. For example, we may need to process your personal information to respond to your inquiries or requests.
• Compliance with a Legal Obligation. We may process your personal information where we have a legal obligation to do so. For example, we may process your personal information to comply with tax, labor, and accounting obligations.
• Legitimate Interests. We may process your personal information where we or a third party have a legitimate interest in processing your personal information. Specifically, we have a legitimate interest in using your personal information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Services. We only rely on our or a third party's legitimate interests to process your personal information when these interests are not overridden by your rights and interests.

How We Disclose the Personal Information We Collect

Partners and Affiliates. We may disclose any information we receive to our current or future affiliates for any of the purposes described in this Privacy Policy.

Vendors and Service Providers. We may disclose any information we receive to vendors and service providers retained in connection with the operation of our Services. We share this information solely on the basis of consent and if applicable, per contract.

Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. We share this information solely on the basis of consent and if applicable, per contract. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to comply with law enforcement requests and legal process, such as a court order or subpoena, respond to your requests, or protect your, our, or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.

Consent. We may also disclose your information with your permission.

Master Service Agreement (MSA) Considerations. In the event a customer has a Master Service Agreement (MSA) in place that specifies restrictions on the use of AI, the terms of the MSA will take precedence over any AI-related policies outlined in this Privacy Policy.

Your Choices

Location Information. You can prevent your device from sharing precise location information at any time through your device’s operating system settings.

Marketing Communications. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

Your European Privacy Rights. If you are located in the EEA or the UK, you have additional rights described below.

• You may request access to the personal information we maintain about you, update, and correct inaccuracies in your personal information, restrict or object to the processing of your personal information, have your personal information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your personal information to another company. In addition, you have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
• You may withdraw any consent you previously provided to us regarding the processing of your personal information at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain personal information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. This information is given free of charge, however in certain situations, you may be charged a reasonable fee for providing such information if the request is excessive or repetitive.

If you wish to request additional information, you can contact us at support@gitar.ai.

How to Block Cookies. You can block cookies by setting your internet browser to block some or all cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Services. You can change your browser settings to block or notify you when you receive a cookie, delete cookies or browse the Services using your browser’s anonymous usage setting. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings. If you do not agree to our use of cookies or similar technologies which store information on your device, you should change your browser settings accordingly. Where required by applicable law, you will be asked to consent to certain cookies and similar technologies before we use or install them on your computer or other device.

Third Parties

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

Retention

When you request that we do so, we take measures to delete your personal information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When we process personal information for our own purposes, we determine the retention period taking into account various criteria, such as the type of services provided to you, the nature and length of our relationship with you, possible re-enrollment with our Services, the impact on our Services we provide to you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitations.

Data Sharing & Subprocessors

We work with subprocessors to operate our Services. We enter into data protection agreements with all our subprocessors.

Our Subprocessors include:

• AWS – Cloud hosting
• Clerk.com – Authentication
• OpenAI & Anthropic – AI-powered responses (zero retention)
• Datadog & HyperDX – Logging and monitoring
• Vercel – Web deployment
• PostHog – Analytics
• Slack – Internal communication

For the full list of subprocessors, visit [Link].

Security

We make reasonable efforts to protect your information by using security measures designed to safeguard the information we maintain. We implement technical and organizational safeguards, including encryption in transit and at rest, access controls, continuous monitoring, and regular security assessment. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.

Instant EU GDPR
Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700

Instant EU GDPR
Representative Ltd.
Office 2
12A Lower Main Street,
Lucan Co. Dublin
K78 X5P8
Ireland
England

Our UK Representative:
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England

Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Services is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at support@gitar.ai.

International Visitors

Our Services are hosted in the United States (“U.S.”) and intended for visitors located within the U.S. If you choose to use our Services from the EEA, the UK or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the U.S. for storage and processing. We may transfer personal information from the EEA or the UK to the U.S. and other third countries based on European Commission-approved or UK Government-approved Standard Contractual Clauses, or otherwise in accordance with applicable data protection laws. We may also transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Services. By providing any information, including personal information, on or through our Services, you consent to such transfer, storage, and processing. For more information about the tools that we use to transfer personal information, or to obtain a copy of the contractual safeguards we use for such transfers (if applicable), you can contact us as described below.

Changes to this Privacy Policy

We will post any updates to this Privacy Policy on this page, and the revised version will be effective when it is posted. If we make a material update, we may notify you of such update through our Services (including our websites), by email, or other means.

Contact Information

We are responsible and the data controller for processing your personal information. If you have any questions, comments, or concerns about our processing activities, please email us at support@gitar.ai or write to us at: