LEGAL · PRIVACY POLICY

Privacy Policy — GIGPROOF

Draft for legal review — not legal advice. v0.1 · 8 Jul 2026

Subject to the Privacy Protection Law 5741-1981, including Amendment 13 (in effect from 14 Aug 2025). To be confirmed with legal counsel before publishing (task #23).

Draft under legal review — not final

1. Who We Are

GIGPROOF ("the Service", "we") is a pre-booking risk-reduction tool for booking managers, helping them evaluate an unfamiliar artist based on method-labelled evidence. Database controller: [business/company name, registration no., address]. Privacy contact: [[אימייל] / address].

2. What Information We Collect

  • Account information: email, name, and login identifier (including via Google/Facebook sign-in — name, email, profile picture).
  • Evidence the user uploads or links ("artifacts"): links, files, and self-declared figures entered by the artist/booking manager. Collected only after the user confirms authority over the source.
  • Publicly-discovered information (with consent/approval): results from public sources (e.g. YouTube/Spotify catalogue) shown for approval or rejection before being saved.
  • Usage and analytics information: via Google Analytics 4 (ID `G-ZX907M2NY8`) — pages, events, device. Collected subject to cookie consent (see section 6).
  • Payment information: processed via the payment provider (Bit) — we do not store card details.

3. Why We Use the Information (Purposes and Legal Basis)

To operate the service and display the Passport / the artist's private view; to verify evidence; for billing and issuing receipts; for improvement and security; to comply with legal obligations. Legal basis: performance of a contract, consent (analytics/marketing), and a balanced legitimate interest.

4. Sharing Information

We do not sell personal information. Sharing occurs only with: infrastructure providers (Supabase — storage, Vercel — hosting, Anthropic — AI processing, Google Analytics, Resend — email) under processing agreements; and authorities as required by law. The public Passport shows only verified strengths the artist has approved for publication — never private information without approval.

5. Your Rights (Amendment 13)

The right to access, correct, delete, and object to use of your information. Contact [email]. We will respond within the statutory period. Consent may be withdrawn at any time.

6. Cookies and Consent

A consent banner is shown on entry. Analytics/measurement load only after consent (Consent Mode v2). Strictly necessary cookies operate by default.

7. Retention and Security

We retain information for as long as necessary for its purposes and legal obligations, and then delete or anonymise it. Security measures: encryption, RLS, access control, encrypted tokens.

8. International Transfers

Some providers are located outside Israel (US/Europe) — subject to appropriate transfer safeguards.

9. Minors

The service is intended for adults (18+) in a business context.

10. Changes and Contact

We will update this policy and publish the date. Questions: [email/address].