Privacy Policy

Last updated: April 2026

Contents

How We Use Your Data

GigGalaxy collects information you provide (name, email, phone, location, profile details) to connect clients with service providers in your area. We store this data securely using Supabase infrastructure with row-level security policies.

Your profile information, skills, and certifications are used to match you with relevant jobs. Location data is used only for proximity-based job matching and is never shared with third parties.

AI-Powered Features

GigGalaxy uses artificial intelligence to enhance your experience:

  • Smart Match: Your profile (skills, categories, bio, certifications) is processed by OpenAI to generate numerical embeddings. These embeddings help match providers with relevant jobs. No personal identifying information is stored in embeddings.
  • Price Suggestions: Job descriptions are analyzed by AI to suggest fair pricing based on category, location, and scope.
  • Certification Analysis: When you upload a certification document and consent to AI processing, the document may be analyzed to extract relevant professional skills. Personal information (such as ID numbers, dates of birth, or social security numbers) is automatically redacted before AI processing.
  • Dispute Resolution: AI may summarize disputes and suggest resolutions to help administrators make fair decisions.

Third-Party Services

We use the following third-party services to operate GigGalaxy:

  • Supabase: Database hosting, authentication, file storage, and real-time features. Your data is stored in Supabase's secure infrastructure. Supabase's servers are located in the United States.
  • OpenAI / Google Gemini: Used for AI features including Smart Match embeddings, price suggestions, certification skill extraction, and dispute analysis. Only the minimum necessary data is sent. We do not send personal identification documents — only redacted text extracted from certifications.
  • Stripe: Used for subscription billing and payment processing. Stripe handles all payment card data directly — we never store your card details. Stripe is PCI DSS Level 1 certified.
  • Sentry: Used for error tracking and crash reporting to improve app stability. No personal data is included in error reports.

PIPEDA Compliance (Canadian Users)

GigGalaxy complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the following rights:

  • Consent: We collect and use your personal information only with your knowledge and consent. You provide consent when you create an account and agree to these terms. AI features require separate opt-in consent.
  • Access: You may request access to all personal information we hold about you. We will respond within 30 days.
  • Correction: You may request corrections to any inaccurate personal information via the Edit Profile screen or by contacting support.
  • Withdrawal: You may withdraw consent for data processing at any time by deleting your account. Withdrawal does not affect the lawfulness of prior processing.
  • Complaints: You may file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

Cross-Border Data Transfers

Your data may be processed in the United States through our third-party service providers (Supabase, Stripe, OpenAI). Under PIPEDA, cross-border transfers are permitted provided that comparable safeguards are in place. We maintain contractual agreements with all providers that require them to protect your data to Canadian standards.

Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Job history: Retained for 2 years after job completion for dispute resolution and reference purposes.
  • Subscription records: Retained for 7 years for tax and legal compliance (Canada Revenue Agency requirements).
  • AI embeddings: Deleted when the associated profile or job is deleted.
  • Certification documents: Deleted within 30 days of your request or account deletion.

Certification Documents

When you upload certification documents (licenses, insurance, background checks, etc.):

  • Documents are stored securely in Supabase Storage and are only accessible to you and GigGalaxy administrators.
  • If you opt in to AI skill extraction, text is extracted from the document, personal information is automatically redacted, and only the redacted text is sent to OpenAI to infer professional skills.
  • AI-suggested skills are never added to your profile automatically. You always review and approve suggested skills before they appear on your profile.
  • You can decline AI processing for any certification. Declining does not affect your ability to submit certifications for manual review.

Your Rights

  • You can view, edit, and delete your profile information at any time through the Edit Profile screen.
  • You can opt out of AI-powered certification analysis on a per-document basis.
  • You can request deletion of your account and all associated data by contacting support.
  • You can remove any skills from your profile at any time, whether manually added or AI-suggested.

Data Security

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), row-level security on all database tables, secure authentication via Supabase Auth, and limited access to personal data on a need-to-know basis.

Subscription & Payments

GigGalaxy offers provider subscription tiers (Bronze, Gold, Platinum). Payments are processed securely through Stripe. We never see or store your payment card information.

  • All new providers get a 30-day free trial on Gold with no credit card required.
  • You can cancel your subscription at any time through the Manage Subscription page.
  • Cancellations take effect at the end of the current billing period — you retain access until then.
  • If a payment fails, Stripe will attempt to charge the card up to 3 times over 14 days before cancelling the subscription.

Contact & Privacy Officer

If you have questions about these terms, your data, or wish to exercise your privacy rights, contact our Privacy Officer:

Email: privacy@giggalaxy.ca

For data access, correction, or deletion requests, we will respond within 30 days as required by PIPEDA.