Privacy Policy

Last updated: 4 March 2026

Beta Notice: GigXchange is currently in beta. This privacy policy is subject to change as the platform evolves. We will notify registered users of any material changes via email. By using the platform during the beta period, you acknowledge that data practices and policies may be updated without prior notice.

1. Who We Are

GigXchange is operated by Eclipse-Labs AI, registered in England and Wales, with its registered office at [registered address — to be confirmed]. We are the data controller for the personal data described in this policy.

Data Protection Contact: privacy@gigxchange.co.uk

2. What Data We Collect

Category	Data	Purpose
Account	Name, email, password (hashed), account type	Account creation and authentication
Profile	Bio, photos, location, genre, links, availability	Public profile display, search and discovery
Booking	Event dates, fees, messages, booking status	Facilitating and managing bookings
Payment	Transaction amounts, payment status	Processing payments, escrow, refunds
Usage	Pages visited, features used, device/browser info	Improving the platform, analytics

3. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR Article 6):

Contract — Processing necessary to provide the service you signed up for (account management, bookings, payments)
Legitimate interest — Platform improvement, fraud prevention, analytics
Consent — Marketing communications (you can opt out at any time)
Legal obligation — Tax records, regulatory compliance

4. How We Use Your Data

To create and maintain your account
To display your public profile to other users
To facilitate bookings and payments between users
To send transactional notifications (booking confirmations, messages)
To improve the platform through analytics
To prevent fraud and enforce our Terms of Service

5. Data Sharing

We do not sell your personal data. We share data only with:

Other GigXchange users — Your public profile information is visible to other users as part of the service
Payment processors — To process transactions securely
Hosting providers — Our infrastructure providers (data stored within the UK/EEA)
Law enforcement — When required by law or to protect the safety of users

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

Profile data is deleted within 30 days
Transaction records are retained for 6 years (HMRC requirements)
Anonymised analytics data may be retained indefinitely

7. Your Rights

Under UK GDPR, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate data
Erasure — Request deletion of your data ("right to be forgotten")
Restriction — Limit how we process your data
Portability — Receive your data in a machine-readable format
Objection — Object to processing based on legitimate interest

To exercise any of these rights, contact privacy@gigxchange.co.uk. We will respond within 30 days.

8. Cookies

GigXchange uses essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are used only with your consent.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption in transit (TLS/HTTPS)
Hashed passwords (never stored in plain text)
Row-level security on database access
Regular security reviews

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.