Privacy Policy

1. Who we are

GIG (“we”, “us”) operates the GIG platform from Ontario, Canada. This policy explains what personal information we collect, why, and your choices — consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial law.

2. Information we collect

• Account information — name, email, phone, address, profile details (bio, designation, headshot, social links, rate cards).
• Workspace content — projects, contacts, forms and submissions, tables, finance records that you or your organization create. Organizations control the personal information of contacts they add.
• Billing information — subscription plan and history. Card details are collected and stored by Stripe, our payment processor — they never touch GIG servers; we store only non-sensitive references (brand, last four digits).
• Technical data — log and security data such as IP address, browser, and sign-in events, used to operate and protect the Service (including rate limiting and fraud prevention).

3. How we use it

• to provide and operate the Service, including connecting gig profiles to organizations you choose to join;
• to process subscriptions and payments through Stripe;
• to secure the Service (authentication, access isolation between organizations, abuse prevention);
• to communicate service messages (approvals, requests, billing notices);
• to comply with legal obligations.

We do not sell personal information, and we do not use your workspace content for advertising.

4. Sharing

• Within the Service, at your direction — when you join an organization, share a profile or rate card, publish a project page, or send approval/update links, the recipients you choose see that content.
• Service providers — infrastructure and payment partners that process data for us (including Supabase for hosting/database and Stripe for payments), bound by contractual safeguards. These providers may store data outside Canada (including the United States); where they do, the data is subject to the laws of those jurisdictions.
• Legal — where required by law or to protect rights, safety, and the integrity of the Service.

5. Retention

We keep personal information for as long as your account is active or as needed to provide the Service, then delete or anonymize it within a reasonable period, except where retention is required (for example, financial records). Organizations control retention of the contact records in their workspace.

6. Security

We use technical and organizational safeguards including encrypted transport, encrypted credential storage, per-organization access isolation enforced at the database layer, scoped magic links with expiry, and audit logging of administrative actions. No system is perfectly secure; report concerns to us promptly.

7. Your rights

You may access, correct, or delete your personal information, withdraw consent, or ask questions about our practices by contacting us. Gig workers control their own profile and can disconnect from an organization at any time; information an organization collected about you as their contact is managed by that organization. You may also complain to the Office of the Privacy Commissioner of Canada.

8. Changes & contact

We will post updates to this policy here and give notice of material changes. Questions: contact the GIG team through your account or at the contact address published on our website.