Privacy Policy

Gauss AI ("Gauss", "we", "our") is committed to protecting the privacy and personal data of its users ("you", "data subject"). This Privacy Policy describes how we collect, use, store, and protect your information, in compliance with the Brazilian General Data Protection Law (LGPD - Law 13,709/2018).

1. Data controller

The controller responsible for processing your personal data is:

2. Data we collect

To provide our WhatsApp-based financial tracking service, we collect the following data:

Data	Purpose
Phone number (WhatsApp)	Identification and communication
Name (optional)	Service personalization
Expense data (amount, description, category)	Expense tracking and categorization
Original message text	AI processing to extract expenses
Merchant learning patterns	Improvement of automatic categorization
Conversation history	Context for AI responses (retained for 7 days)
Analytics data (anonymized)	Service and experience improvement

3. Purpose of processing

Your data is processed for the following purposes:

• Expense tracking: Processing and storing the expenses you log via WhatsApp
• AI categorization: Automatically classifying your expenses into categories (food, transportation, etc.)
• Financial insights: Providing summaries, totals, and analyses of your spending
• Service improvement: Enhancing AI accuracy and user experience
• Communication: Sending responses, confirmations, and notifications via WhatsApp

4. Legal basis for processing

The processing of your personal data is based on the following legal grounds under the LGPD:

• Consent (Art. 7, I): By starting a conversation with Gauss on WhatsApp, you consent to the processing of your data as described in this policy
• Contract performance (Art. 7, V): Processing is necessary for the provision of the contracted service
• Legitimate interest (Art. 7, IX): For service improvement and anonymized analytics

5. Data retention

Data type	Retention period
Conversation history	7 days (automatic deletion)
Expense and profile data	Until you request account deletion
Learning patterns	Until you request account deletion
Anonymized analytics	Retained in anonymized form indefinitely

6. Your rights (data subject rights)

Under the LGPD, you have the following rights over your personal data:

• Access: Know what data we hold about you
• Export/Portability: Receive your data in a structured format
• Deletion: Request the complete removal of your data
• Anonymization: Keep statistics without personal data
• Withdrawal of consent: Revoke your consent at any time

7. Data sharing

Your data may be shared with the following third parties, strictly for service provision:

• WhatsApp (Meta): Communication platform used for interacting with the service. Messages are protected by WhatsApp's end-to-end encryption
• Railway: Cloud infrastructure where data is stored and processed
• OpenAI: Natural language processing. Message text is sent to the OpenAI API to generate intelligent responses. OpenAI does not use data sent via API to train its models
• Stripe: Secure subscription payment processing. Gauss does not store credit card data — only the Stripe customer identifier is retained
• PostHog: Analytics platform for service improvement (anonymized data)
• Google Tag Manager (GTM): Tag management system used to deploy analytics and marketing tags on our website
• Google Analytics (GA4): Web analytics service for anonymized browsing data collection, managed via GTM
• Microsoft Clarity: Behavioral analytics tool that captures session replays and heatmaps to understand how users interact with our website. Clarity does not collect personally identifiable information

We do not sell, rent, or share your personal data for third-party advertising or marketing purposes.

8. Data security

We adopt technical and organizational measures to protect your data:

• End-to-end encryption: Messages via WhatsApp are encrypted by the platform
• Encryption at rest and in transit: Data stored in PostgreSQL (Railway) is encrypted
• Access control: Strict access control with rotated credentials
• Automatic deletion: Conversation history is automatically deleted after 7 days
• Anonymization: Option to anonymize data while keeping only aggregate statistics

9. International data transfer

Your data is processed and stored on Railway and OpenAI servers located in the United States. This transfer is carried out based on your consent and under the security guarantees of the infrastructure providers, in compliance with Art. 33 of the LGPD.

10. Cookies and tracking technologies

Our website uses the following tracking technologies, managed through Google Tag Manager (GTM):

• Google Analytics (GA4): Collects anonymized browsing data such as pages visited, time spent, and traffic sources. This data does not personally identify you and is used exclusively for website improvement.
• Microsoft Clarity: Records anonymized session replays and generates heatmaps to help us understand how visitors interact with our pages. Clarity automatically masks sensitive content and does not collect personally identifiable information. You can learn more at clarity.microsoft.com.

You can opt out of tracking by using your browser's "Do Not Track" setting, installing an ad blocker, or adjusting cookie preferences in your browser settings.

11. Changes to this policy

We may update this Privacy Policy periodically. Significant changes will be communicated via WhatsApp or published on this page with the updated date.

12. Contact

For questions, requests, or complaints related to this policy or the processing of your personal data, please contact us:

You also have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD) if you believe that the processing of your data violates the LGPD.