Working draft — for legal review only
Legal

Privacy Policy

Last updated: June 11, 2026

We know GigShift handles sensitive information — identity documents, biometric verification, and real-time location. This page explains exactly what we collect, why, and the rights you have over it, with extra detail for U.S. state and Canadian provincial laws.
Jump to section

1. Who We Are & Scope

In short

This Privacy Policy explains what information GigShift collects from businesses and workers who use our website, mobile app, and platform (together, the "Platform"), why we collect it, who we share it with, and the choices and rights you have — including rights specific to where you live in the United States or Canada.

This Privacy Policy applies to GigShift LLC and its affiliates ("GigShift," "we," "us," or "our") and covers the GigShift website, the GigShift mobile application (iOS and Android), and any related services that link to this Policy (collectively, the "Platform"). It applies to:

  • Workers — individuals who create a profile to find, accept, and complete shifts.
  • Businesses — companies and their authorized users who post shifts and manage staffing through GigShift.
  • Visitors — anyone browsing gigshift.com without an account.

By creating an account or using the Platform, you acknowledge that your information will be handled as described in this Policy. If you do not agree, please do not use the Platform.

⚠ Attorney review needed

Confirm the exact legal entity name(s), state of incorporation, and registered business address for GigShift / Eximius before publishing. Update every instance of "GigShift LLC" below to match.

2. Information We Collect

In short

We collect the information you give us (like your name, contact details, and ID documents), information generated by using the app (like your location during a shift and a short identity-verification selfie), and basic technical data about your device.

2.1 Information you provide to us

  • Account information: name, email address, phone number, password, and profile photo.
  • Identity & verification documents:government-issued ID (driver's license, passport, or work permit), date of birth, and Social Security Number / Social Insurance Number or equivalent tax identifier, used to verify your identity and work eligibility.
  • Work history & qualifications: resume details, certifications, skills, references, and availability (workers); company details, tax ID, and billing contacts (businesses).
  • Payment information: bank account or card details, processed through our payment processors (we do not store full card numbers).
  • Communications: messages you send through the Platform, support requests, and survey responses.

2.2 Information collected automatically

  • Biometric & identity-verification data:a live selfie ("liveness check") and facial geometry data captured during onboarding and at shift check-in, and data extracted from your ID document via optical character recognition. This data is used solely to confirm you are a real person and that you match your verified identity.
  • Precise location (geolocation) data: GPS location while you are clocked into a shift, used to confirm you are at the assigned worksite (geofencing) and, for businesses, to provide live shift-coverage visibility. We do not track worker location outside of active shift windows.
  • Device & usage data: IP address, device identifiers, browser type, operating system, app version, pages viewed, and crash/diagnostic logs.
  • Reliability & performance data: shift attendance, punctuality, ratings, and other metrics used to calculate your Worker Reliability Score.

2.3 Information from third parties

  • Background check providers: criminal history and employment eligibility results, where permitted by law and with your consent.
  • Identity verification providers: match/no-match results from document and biometric verification vendors.
  • Payroll, tax, and payment partners: confirmation of payment status and tax-form data (e.g., Form 1099 / T4A details).
  • Businesses you work with: shift feedback, ratings, and incident reports.

2.4 If you don't provide this information

Providing certain information is required to use the Platform. If you do not provide the identity, verification, work-eligibility, or payment information described above, we may not be able to verify you, and you may not be able to create an account, accept shifts, post shifts, or receive payment. Providing other information (such as a profile photo, optional skills, or marketing preferences) is optional and will not affect your ability to use core Platform features.

3. How We Use Your Information

In short

We use your information to run the Platform — matching workers with shifts, verifying identity and eligibility, processing payments, keeping the Platform safe, and meeting legal obligations like background-check and tax laws.

  • Create and manage your account and verify your identity and eligibility to work.
  • Match workers to relevant shifts and businesses to available, verified workers.
  • Operate geofencing and live shift-tracking features.
  • Calculate Worker Reliability Scores and provide ratings/feedback between workers and businesses.
  • Process payments, generate invoices, and issue required tax documents.
  • Provide customer support and respond to your requests.
  • Send service notifications (shift confirmations, schedule changes, payment receipts) and, where you've opted in, marketing communications.
  • Detect, investigate, and prevent fraud, abuse, safety incidents, and violations of our Terms of Use.
  • Comply with background-check, employment-eligibility, wage-and-hour, tax, and other applicable laws in the U.S. and Canada.
  • Improve and develop the Platform, including through aggregated and de-identified analytics.

We do not use biometric data for any purpose other than identity verification and shift check-in confirmation, and we do not sell biometric data.

4. How We Share Your Information

In short

We share information only as needed to run the Platform: with the businesses or workers on the other side of a shift, with service providers who help us operate (background checks, payments, hosting), and when required by law. We do not sell your personal information to third parties for their own marketing.

  • Between workers and businesses:when a worker accepts a shift, the business receives the worker's name, profile photo, contact details, verification status, and reliability score. Workers receive the business name, shift location, and point-of-contact details.
  • Service providers: identity-verification vendors, background-check providers, cloud hosting (e.g., Microsoft Azure), payment processors, customer-support tools, and analytics providers — each bound by contract to use your data only to provide services to us.
  • Legal & safety: when required to comply with law, respond to legal process, or to protect the rights, property, or safety of GigShift, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
  • With your consent: for any other purpose disclosed to you at the time of collection.

5. Cookies & Tracking Technologies

In short

Our website uses cookies and similar technologies for things like keeping you logged in, remembering preferences, and understanding how visitors use the site. You can control most cookies through your browser settings.

  • Essential cookies: required for login, security, and core site functionality.
  • Performance & analytics cookies: help us understand how the site is used so we can improve it.
  • Preference cookies: remember choices like language or display settings.

Where required by law, we will request your consent before placing non-essential cookies and provide a way to manage your preferences.

6. Data Retention

In short

We keep your information for as long as your account is active and for as long as needed to meet legal, tax, and record-keeping requirements afterward.

  • Account and profile data: retained while your account is active and for a limited period after closure to handle disputes and legal obligations.
  • Identity verification and background-check records: retained as required by applicable employment-eligibility, wage-and-hour, and recordkeeping laws.
  • Payment and tax records: retained for the period required by tax authorities (typically several years).
  • Location/geofence data: retained only for the period needed for shift verification, payroll, and dispute resolution, then deleted or de-identified.

7. How We Protect Your Information

In short

We use industry-standard technical and organizational safeguards — encryption, access controls, and monitoring — to protect your information. No system is 100% secure, so we also ask you to use a strong password and keep it confidential.

  • Encryption of data in transit (TLS) and at rest for sensitive fields, including biometric and identity data.
  • Role-based access controls limiting employee access to personal information on a need-to-know basis.
  • Regular security reviews of our infrastructure and third-party providers.
  • Incident-response procedures, including notification to affected users and regulators where required by law.

8. Your Privacy Choices & Rights

In short

Depending on where you live, you generally have the right to access, correct, download, or delete your personal information, and to opt out of certain uses. Section 9 (U.S.) and Section 10 (Canada) below describe additional rights specific to your state or province.

  • Access & portability: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: request deletion of your account and associated personal information, subject to legal retention requirements (e.g., tax and background-check records).
  • Marketing opt-out: unsubscribe from marketing emails at any time using the link in those emails, or by adjusting your notification settings in the app.
  • Withdraw consent: where we rely on your consent (e.g., biometric verification or location tracking), you may withdraw it — though this may limit your ability to use certain Platform features, such as shift check-in.
  • Non-discrimination: we will not deny you services, charge you a different price, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, contact us using the details in Section 15. We will verify your identity before fulfilling your request and respond within the timeframe required by applicable law.

If we deny a request, in whole or in part, you may appeal that decision by replying to our response or contacting us using the details in Section 15. We will review the appeal and respond within the timeframe required by applicable law, and will explain how to escalate the matter to a state or provincial regulator if your appeal is denied.

9. Notice for U.S. State Residents

In short

Several U.S. states give residents specific privacy rights. Because GigShift collects biometric data (face-scan liveness checks) and precise location data, the laws below are especially relevant — please read the box for your state.

California — CCPA / CPRA

California residents have the right to:

  • Know what categories of personal information (including sensitive personal information such as biometric identifiers, precise geolocation, and government ID numbers) we collect, use, and disclose.
  • Request access to and deletion of personal information, and correction of inaccurate information.
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. GigShift does not sell personal information, and any analytics/advertising cookies will honor browser-based opt-out signals (Global Privacy Control).
  • Limit the use and disclosure of sensitive personal information to what is necessary to provide the Platform (e.g., identity verification, geofencing).
  • Not be discriminated against for exercising these rights.

To submit a CCPA/CPRA request, see Section 15 (Contact Us). You may also designate an authorized agent to submit a request on your behalf.

Biometric Privacy Laws — Illinois (BIPA), Texas (CUBI), Washington

GigShift captures a brief facial scan ("liveness check") during onboarding and shift check-in, and processes facial geometry from your government ID. If you are a resident of Illinois, Texas, or Washington, the following applies:

  • We will obtain your written consent before collecting biometric identifiers or biometric information.
  • We will provide notice of the purpose and length of time biometric data will be collected, stored, and used.
  • Biometric data is stored using reasonable security measures and is not sold, leased, traded, or otherwise profited from.
  • Biometric data is permanently destroyed when the initial purpose for collection has been satisfied or, at the latest, within the period required by applicable law (e.g., 3 years of your last interaction with the Platform under Illinois BIPA).

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) and other comprehensive privacy law states

If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state with a comprehensive consumer privacy law, you generally have the right to:

  • Confirm whether we process your personal data and access that data.
  • Correct inaccuracies and request deletion of your personal data.
  • Obtain a portable copy of your data.
  • Opt out of targeted advertising and the sale of personal data (GigShift does not sell personal data or use it for targeted advertising).
  • Request additional information about, and a human review of, automated decisions that produce legal or similarly significant effects — including how the Worker Reliability Score affects which shifts you can see or accept — and appeal the outcome using the process described in our response to your request.
  • Appeal a decision regarding your privacy request (where applicable, using the appeal process described in our response to your request).

All other U.S. states

Even if your state does not yet have a comprehensive privacy law, GigShift applies the same core practices nationwide: we do not sell your personal information, we limit use of biometric and location data to identity verification and shift operations, and we will honor reasonable requests to access or delete your information as described in Section 8.

10. Notice for Canadian Residents

In short

GigShift complies with Canadian federal privacy law (PIPEDA) and applicable provincial laws, including Quebec's Law 25. Canadian users have rights to access, correct, and request deletion of their information, and additional protections around automated decision-making and biometric data.

PIPEDA (federal)

  • We collect, use, and disclose personal information only with consent (or as otherwise permitted by law) and only for purposes a reasonable person would consider appropriate.
  • You may access your personal information, challenge its accuracy, and request correction.
  • You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
  • Concerns can be directed to our Privacy Officer (Section 15) or to the Office of the Privacy Commissioner of Canada.

Quebec — Law 25 (Bill 64)

  • We maintain a designated person responsible for the protection of personal information (our Privacy Officer, Section 15).
  • Where GigShift uses automated decision-making that affects you (for example, certain elements of shift matching or the Worker Reliability Score), you may request information about the personal information used, the reasons and main factors leading to the decision, and the right to have that information corrected.
  • You have the right to data portability for personal information you have provided, in a structured, commonly used technological format, where technically feasible.
  • A privacy impact assessment is conducted for projects involving sensitive data such as biometric identity verification.

Alberta & British Columbia — PIPA

For users in Alberta and British Columbia, GigShift's collection, use, and disclosure of personal information (including any employee personal information collected for staffing purposes) is conducted in accordance with each province's Personal Information Protection Act, including providing notice of purposes for collection and reasonable access/correction rights.

11. Children's Privacy

In short

GigShift is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18.

The Platform is not directed to individuals under the age of 18, and workers must meet the minimum legal working age in their jurisdiction. If we learn that we have collected personal information from someone under 18, we will take steps to delete it promptly.

12. Cross-Border Data Transfers (U.S. & Canada)

In short

GigShift operates in both the United States and Canada, and your information may be stored or processed in either country, with appropriate safeguards in place.

Because GigShift provides services to businesses and workers in both the U.S. and Canada, personal information may be transferred between, and stored in, data centers located in either country. Where required by Canadian law (including Quebec Law 25), we conduct an assessment to confirm that information transferred outside Canada receives a comparable level of protection, and we use contractual safeguards with our service providers accordingly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes, we will notify you by email and/or through an in-app or website notice before the change takes effect, and we will update the "Last updated" date at the top of this page.

14. How to Delete Your Account

In short

You can permanently delete your GigShift account directly from the app — no need to contact support. Go to Profile → Delete Account, confirm, and your account is deleted immediately.

In the GigShift app

  1. Open the GigShift app and go to your Profile tab.
  2. Tap Delete Account (near Sign out).
  3. Review what happens, optionally tell us why you're leaving, then tap Delete My Account.
  4. Confirm by tapping Delete in the dialog that appears.

Once confirmed, your account is deleted immediately: your profile, account details, and activity history are removed, and you are signed out of this device. This action is irreversible — to use GigShift again, you'll need to create a new account.

What gets deleted, and what we keep

  • Deleted immediately: your profile information, login credentials, and account details.
  • Retained for a limited time, as required by law: payroll and tax records, background-check results, and shift/timecard history connected to completed work — kept only for the periods described in Section 6 (Data Retention), then deleted or de-identified.

Can't access the app?

If you're unable to use the in-app option, you can request deletion by emailing our Privacy Office at the address in Section 15 (Contact Us). We will verify your identity and process the request within the timeframe required by applicable law.

15. Contact Us

In short

Questions, requests to access/correct/delete your data, or privacy complaints can be sent to our Privacy Officer using the details below.

GigShift Privacy Office
Email: [email protected]
Mail: [Registered business address — to be confirmed]

Canadian residents may also contact the Office of the Privacy Commissioner of Canada, and California residents may also contact the California Privacy Protection Agency, if you believe your privacy rights have not been adequately addressed.