Skip to main content
← Back to Home
Legal

Privacy Policy

Last updated: April 1, 2026 · Effective: April 1, 2026

1. Introduction

At GigaConnect Inc. ("GigaConnect," "Company," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use the GigaConnect platform, including our website, mobile applications, APIs, and all related services (collectively, the "Service").

This Privacy Policy complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable data protection laws worldwide. By using the Service, you consent to the data practices described in this policy.

Please read this Privacy Policy carefully. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Personal Information You Provide

When you register for an account and use the Service, we collect the following personal information:

  • Identity Data: First name, last name, display name, username, and profile photo.
  • Contact Data: Email address, phone number, and physical address (if provided).
  • Professional Data: Skills, work experience, education history, certifications, portfolio items, hourly rate, availability status, headline, and bio.
  • Authentication Data: Password (stored as bcrypt hash), MFA tokens, and OAuth tokens when signing in via Google, GitHub, or LinkedIn.
  • Communication Data: Messages sent through the platform, proposal cover letters, job descriptions, reviews, comments, and social feed posts.
  • Verification Data: Information submitted for identity verification, such as government-issued ID copies (when required).

2.2 Payment Information

To process transactions, we collect billing and payment details including:

  • Payment card numbers (processed and stored by PCI-compliant payment processors; we do not store full card numbers on our servers).
  • Bank account information for payouts (stored encrypted).
  • PayPal or other payment service account identifiers.
  • Billing address and transaction history.
  • Stripe Connect or Razorpay account identifiers.

2.3 Usage Data

We automatically collect information about how you interact with the Service:

  • Pages visited, features used, and actions taken (clicks, searches, job views).
  • Search queries and search result interactions.
  • Time spent on pages and session duration.
  • Referral URLs and exit pages.
  • Error logs and performance data.

2.4 Device & Technical Data

We collect technical information about the devices and networks you use:

  • IP address and geolocation data (approximate).
  • Browser type and version, operating system, and device type.
  • Device identifiers and screen resolution.
  • Language preferences and timezone.
  • Mobile device model and operating system version (for mobile app users).

2.5 AI & Analytics Data

Our AI-powered features process certain data to provide personalized recommendations:

  • Skill vectors and embeddings generated from your profile data.
  • Behavioral patterns used for job matching and talent recommendations.
  • Fraud detection signals derived from usage patterns.
  • Aggregated and anonymized analytics data used to improve our algorithms.

3. How We Use Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Provide, maintain, operate, and improve the Service.
  • Process account registration, authentication, and session management.
  • Facilitate job posting, proposal submission, contract management, and milestone tracking.
  • Process escrow payments, milestone releases, and payouts.
  • Enable real-time messaging and communication between Users.

3.2 Personalization & AI Features

  • Provide AI-powered job matching and talent recommendations.
  • Personalize search results, feed content, and suggested connections.
  • Generate rate suggestions and project estimates.
  • Analyze proposal quality and provide AI-generated summaries.

3.3 Safety & Security

  • Verify your identity and prevent fraud, unauthorized access, and other illegal activities.
  • Detect and prevent abuse, spam, and policy violations.
  • Calculate credibility and fraud scores to maintain platform trust.
  • Monitor for security incidents and investigate potential breaches.

3.4 Communications

  • Send transactional notifications (contract updates, payment confirmations, security alerts, milestone status changes).
  • Send service-related announcements and policy updates.
  • With your consent, send promotional communications and marketing emails (you can opt out at any time).

3.5 Analytics & Improvement

  • Analyze usage patterns to understand how Users interact with the Service.
  • Conduct research and analysis to improve platform features and user experience.
  • Generate aggregate statistics and anonymized reports.

3.6 Legal Compliance

  • Comply with legal obligations, tax reporting requirements, and regulatory requests.
  • Enforce our Terms of Service and other policies.
  • Protect the rights, property, and safety of GigaConnect, our Users, and the public.

5. Information Sharing & Disclosure

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

5.1 With Other Users

Your public profile information (name, skills, portfolio, ratings, reviews, and professional details) is visible to other Users as part of the platform's functionality. When you enter a Contract, additional information (such as your full name and communication history) is shared with the other party to that Contract.

5.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service, subject to strict confidentiality agreements and data processing agreements. These include:

  • Payment Processors: Stripe, Razorpay, and PayPal for payment processing and escrow management.
  • Cloud Infrastructure: Hosting providers for servers, databases, and file storage (MinIO/S3).
  • Email Services: For transactional and marketing email delivery.
  • Analytics: For usage analytics and performance monitoring.
  • Search Infrastructure: Elasticsearch for search functionality.
  • AI Services: For machine learning model hosting and inference.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, or in response to valid legal processes, including subpoenas, court orders, or government requests. We will attempt to notify you of such requests unless prohibited by law or court order.

5.4 Safety & Fraud Prevention

We may share information when we believe it is necessary to prevent fraud, protect the safety of any person, address security or technical issues, or protect GigaConnect's rights and property.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on the platform of any change in ownership or uses of your personal data.

5.6 Aggregated & Anonymized Data

We may share aggregated and anonymized data that cannot reasonably be used to identify you with third parties for research, analysis, benchmarking, or marketing purposes.

6. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. The following table outlines our standard retention periods:

Data CategoryRetention Period
Account & profile dataDuration of account + 2 years after deletion
Contract & project data7 years after contract completion (tax/legal compliance)
Transaction & payment records7 years (financial reporting and tax requirements)
Chat messagesDuration of account + 1 year after deletion
Reviews & ratingsDuration of account + 2 years after deletion
Usage & analytics data26 months (rolling window)
Server logs & security data90 days
Support tickets3 years after resolution
Cookie consent preferences13 months

When the retention period expires, we will securely delete or anonymize the data so that it can no longer be associated with you. Data required for ongoing legal proceedings or disputes may be retained until the matter is resolved.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed. We will provide this in a commonly used electronic format within 30 days of your request.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly through your account settings, or contact us for assistance.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g., data required for tax compliance or ongoing legal proceedings). Upon a valid deletion request, we will delete or anonymize your data within 30 days, except where retention is legally required.

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and to transmit it to another service provider. This applies to data you have provided to us and that we process based on consent or contractual necessity.

7.5 Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of your data or object to processing based on legitimate interests.

7.6 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes at any time (this is an absolute right). You also have the right to object to processing based on legitimate interests, in which case we will cease processing unless we demonstrate compelling legitimate grounds.

7.7 Right to Withdraw Consent

Where we process data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

7.8 Right to Lodge a Complaint

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Exercising Your Rights

To exercise any of these rights, contact our Data Protection Officer at dpo@gigaconnect.com or use the privacy controls in your account settings. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request.

9. International Data Transfers

GigaConnect operates globally, and your data may be transferred to and processed in countries outside your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers and data processors.
  • Adequacy Decisions: Where available, we rely on adequacy decisions by the European Commission.
  • Supplementary Measures: We implement additional technical and organizational measures, such as encryption and access controls, to ensure the security of transferred data.

You may request a copy of the safeguards we use for international data transfers by contacting our Data Protection Officer.

10. Children's Privacy

GigaConnect is not intended for individuals under the age of eighteen (18). We do not knowingly collect, use, or disclose personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take prompt steps to delete such information from our systems.

If you are a parent or guardian and believe that your child has provided personal information to GigaConnect, please contact us immediately at privacy@gigaconnect.com so that we can take appropriate action.

11. Security Measures

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards

  • Encryption in transit using TLS 1.3 for all communications.
  • Encryption at rest for sensitive data in our databases.
  • Password hashing using bcrypt with appropriate work factors.
  • JWT-based authentication with short-lived access tokens and secure refresh token rotation.
  • Multi-factor authentication (MFA) support using TOTP.
  • Regular security audits and penetration testing.
  • Web Application Firewall (WAF) and DDoS protection.
  • Input validation and parameterized queries to prevent injection attacks.

Organizational Safeguards

  • Role-based access control (RBAC) for employee access to user data.
  • Mandatory security training for all employees and contractors.
  • Data processing agreements with all third-party service providers.
  • Incident response procedures and breach notification processes.
  • Regular review of access logs and security monitoring.

While we strive to protect your information using industry best practices, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

12. Third-Party Services

Our platform integrates with and may contain links to third-party services. Each third-party service has its own privacy policy and data practices. We encourage you to review the privacy policies of the following third-party services we integrate with:

GigaConnect is not responsible for the privacy practices or content of third-party services. Your interactions with third-party services are governed by their respective terms and privacy policies.

13. California Consumer Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

13.1 Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.

13.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations).

13.3 Right to Opt Out of Sale

GigaConnect does not sell personal information as defined by the CCPA. We do not sell, rent, or trade your personal data with third parties for monetary consideration.

13.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access levels based on your exercise of privacy rights.

13.5 Authorized Agents

You may designate an authorized agent to make CCPA requests on your behalf. We may require verification of the agent's authorization and your identity before processing such requests.

13.6 Shine the Light Law

Under California's "Shine the Light" law (Civil Code Section 1798.83), California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As noted above, we do not share personal information with third parties for their direct marketing purposes.

Submitting CCPA Requests

California residents can submit requests by emailing privacy@gigaconnect.com with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days. You may also call our toll-free privacy line (available on our contact page).

14. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this page with a revised "Last updated" date.
  • Send you an email notification at least thirty (30) days before the changes take effect.
  • Display a prominent notice on the platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

15. Data Protection Officer

GigaConnect has appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws and to address any questions or concerns you may have regarding our data practices.

Data Protection Officer

Email: dpo@gigaconnect.com

Subject Line: "DPO Inquiry"

Response Time: Within 30 days of receipt

For privacy inquiries related to specific regions, you may also contact the relevant supervisory authority in your jurisdiction.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

GigaConnect Inc. — Privacy Team

Privacy Inquiries: privacy@gigaconnect.com

Data Protection Officer: dpo@gigaconnect.com

General Support: support@gigaconnect.com

CCPA Requests: privacy@gigaconnect.com (subject: "CCPA Request")

Related Legal Documents