LEGAL · PRIVACY POLICY
Privacy Policy — GIGPROOF
Draft for legal review — not legal advice. v0.1 · 8 Jul 2026
Subject to the Privacy Protection Law 5741-1981, including Amendment 13 (in effect from 14 Aug 2025). To be confirmed with legal counsel before publishing (task #23).
Draft under legal review — not final
1. Who We Are
GIGPROOF ("the Service", "we") is a pre-booking risk-reduction tool for booking managers, helping them evaluate an unfamiliar artist based on method-labelled evidence. Database controller: [business/company name, registration no., address]. Privacy contact: [[אימייל] / address].
2. What Information We Collect
- Account information: email, name, and login identifier (including via Google/Facebook sign-in — name, email, profile picture).
- Evidence the user uploads or links ("artifacts"): links, files, and self-declared figures entered by the artist/booking manager. Collected only after the user confirms authority over the source.
- Publicly-discovered information (with consent/approval): results from public sources (e.g. YouTube/Spotify catalogue) shown for approval or rejection before being saved.
- Usage and analytics information: via Google Analytics 4 (ID `G-ZX907M2NY8`) — pages, events, device. Collected subject to cookie consent (see section 6).
- Payment information: processed via the payment provider (Bit) — we do not store card details.
3. Why We Use the Information (Purposes and Legal Basis)
To operate the service and display the Passport / the artist's private view; to verify evidence; for billing and issuing receipts; for improvement and security; to comply with legal obligations. Legal basis: performance of a contract, consent (analytics/marketing), and a balanced legitimate interest.
4. Sharing Information
We do not sell personal information. Sharing occurs only with: infrastructure providers (Supabase — storage, Vercel — hosting, Anthropic — AI processing, Google Analytics, Resend — email) under processing agreements; and authorities as required by law. The public Passport shows only verified strengths the artist has approved for publication — never private information without approval.
5. Your Rights (Amendment 13)
The right to access, correct, delete, and object to use of your information. Contact [email]. We will respond within the statutory period. Consent may be withdrawn at any time.
6. Cookies and Consent
A consent banner is shown on entry. Analytics/measurement load only after consent (Consent Mode v2). Strictly necessary cookies operate by default.
7. Retention and Security
We retain information for as long as necessary for its purposes and legal obligations, and then delete or anonymise it. Security measures: encryption, RLS, access control, encrypted tokens.
8. International Transfers
Some providers are located outside Israel (US/Europe) — subject to appropriate transfer safeguards.
9. Minors
The service is intended for adults (18+) in a business context.
10. Changes and Contact
We will update this policy and publish the date. Questions: [email/address].