Privacy Policy
Last updated: 5 May 2026 · Effective immediately
1. Who we are
Gigzz ("Gigzz", "we", "us", "our") is a platform that connects Indian households ("Posters") with verified college students ("Students") for one-time, in-person tasks. This policy describes what personal data we collect, why, how we use it, and your rights under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable laws.
Gigzz is operated by [YOUR REGISTERED ENTITY NAME], with registered address [YOUR ADDRESS]. For any privacy questions, you can write to us at privacy@gigzz.in.
2. What data we collect
We collect only what is necessary to operate the service.
2.1 When you sign up
- Your name, email address, and profile photo from your Google account (if you use Google sign-in).
- The role you choose (Poster or Student).
2.2 Profile data you provide
- Bio, city, college, skills, and other details you choose to add.
2.3 Verification data (Students only)
- A photograph of your college ID card.
- Your Aadhaar number, used solely for one-time identity verification.
Important about Aadhaar: we do not store your full Aadhaar number. We only retain a hashed reference (or, in some cases, only the last 4 digits) for our internal verification audit trail. We never display your Aadhaar to other users, and we never share it with third parties. We comply with the UIDAI Aadhaar Act and the DPDP Act regarding sensitive personal data.
2.4 Activity data
- Gigs you post or apply to, applications, ratings you give and receive, in-app messages.
- Basic usage logs (timestamps, IP address, device type) for security and debugging.
2.5 What we do NOT collect
- Bank account numbers, debit/credit card details, or PINs.
- UPI PINs or transaction histories — we do not handle payments.
3. How we use your data
Your data is used only for the following purposes:
- To create and maintain your account.
- To match you with relevant gigs (Students) or applicants (Posters).
- To verify Students' identity before they are allowed to apply for gigs.
- To enable in-app messaging between matched parties.
- To compute and display ratings and gig history.
- To detect and prevent fraud, abuse, or violations of our Terms.
- To comply with legal obligations (e.g. responding to lawful orders).
We do not sell your personal data. We do not use it for advertising or profiling for advertising purposes.
4. Payments are off-platform
Gigzz does not handle payments. When a Poster accepts a Student, the Poster pays the Student directly via UPI, cash, or any method they mutually agree on, in person, after the gig is completed. Gigzz is not a payment intermediary, escrow agent, or financial institution. We do not see, hold, or process money.
5. How long we keep your data
- Account data: while your account is active.
- Verification documents (College ID image): for the duration of verification review and up to 12 months after, for audit. Then deleted.
- Aadhaar reference (last 4 digits / hash): retained for the lifetime of the account for legal traceability, then deleted on account closure.
- Gigs, reviews, messages: retained for the lifetime of the account; anonymised or deleted on account closure.
- Logs: 12 months.
6. Who we share your data with
- Other users: your name, profile photo, college, bio, skills, rating, and gigs done are visible to other users on Gigzz. Your exact address is shared only with an accepted Student. Your Aadhaar is never shared.
- Service providers: we use Supabase (database + storage), Vercel (hosting), and Google (sign-in). These vendors process data on our behalf under contractual data-protection commitments. No vendor sees more than necessary.
- Law enforcement: we will share data when compelled by a valid legal order from Indian authorities, and only to the minimum extent required.
7. Where your data is stored
Our servers (via Supabase) may be located outside India. By using Gigzz you consent to the cross-border processing of your data, subject to safeguards required by the DPDP Act. We are in the process of evaluating India-region hosting and will update this policy if and when we migrate.
8. Your rights under the DPDP Act
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Erase your data and close your account.
- Withdraw consent at any time (note: this will end your ability to use Gigzz).
- Nominate another person to exercise these rights on your behalf in the event of your death or incapacity.
- Lodge a grievance with our Grievance Officer (below) and, if unresolved, with the Data Protection Board of India.
To exercise any of these rights, email privacy@gigzz.in. We will respond within the time frame required by law.
9. Security
We use industry-standard safeguards: TLS in transit, encryption at rest, role-based access, and Postgres row-level security. Sensitive columns (e.g. verification status, ratings) are write-locked at the database level so no user — not even by manipulating the API — can tamper with them.
Despite this, no system is 100% secure. If we detect a breach affecting your data, we will notify you and the Data Protection Board within the time frame required by law.
10. Children
Gigzz is intended for users aged 18 and above. If you are below 18 you may not use the service. If we learn we have collected data from a minor without verifiable parental consent, we will delete it.
11. Cookies
We use only the cookies strictly necessary to keep you signed in (a Supabase auth session cookie). We do not use third-party advertising or analytics cookies at this time.
12. Changes to this policy
We may update this policy from time to time. If a change is material, we'll notify you via email or an in-app banner. The "Last updated" date at the top will always reflect the current version.
13. Grievance Officer
Under Rule 5(9) of the IT Rules, 2011 and the DPDP Act:
Name: [YOUR NAME]
Designation: Grievance Officer, Gigzz
Email: grievance@gigzz.in
Address: [YOUR ADDRESS]
We aim to acknowledge any grievance within 24 hours and resolve it within 15 days.
This policy is provided as a starting template. It is not legal advice. You should have a qualified lawyer review and tailor it to your operations before public launch.