Privacy Policy

Last updated: 9 March 2026

1. Who We Are

GigShield is operated by Paul Church (“we”, “us”, “our”). We are the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at support@gigshield.co.uk.

2. What Data We Collect

We collect the following personal data when you use GigShield:

  • Account information: name, email address
  • Financial data: income records, expense records, mileage logs, and tax calculations you enter
  • Bank statement data: transaction data you upload or import (processed locally; we do not store raw bank credentials)
  • Payment information: handled securely by Stripe; we do not store card numbers
  • Usage data: pages visited, features used, device type, and browser information

3. How We Use Your Data

We use your data to:

  • Provide and improve the GigShield tax management service
  • Calculate estimated tax liabilities based on information you provide
  • Process subscription payments via Stripe
  • Send service-related emails (account confirmations, payment receipts)
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data on the following legal bases under UK GDPR:

  • Contract: to provide the service you signed up for
  • Legitimate interest: to improve our service and prevent fraud
  • Consent: for optional marketing communications (you can withdraw at any time)
  • Legal obligation: where required by law

5. How We Store and Protect Your Data

Your data is stored securely on Supabase (hosted in the EU/UK) with encryption at rest and in transit. We use industry-standard security measures including HTTPS, secure authentication tokens, and row-level security policies on our database.

6. Third-Party Services

We share data with the following processors, each with their own privacy policies:

  • Supabase: database and authentication
  • Stripe: payment processing
  • Vercel: website hosting and deployment

We do not sell your personal data to any third party.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate data
  • Erasure: ask us to delete your data (“right to be forgotten”)
  • Portability: receive your data in a machine-readable format
  • Restriction: ask us to limit how we use your data
  • Object: object to processing based on legitimate interest

To exercise any of these rights, email support@gigshield.co.uk. We will respond within 30 days.

9. Cookies

GigShield uses essential cookies required for authentication and security. We do not use advertising or tracking cookies. Essential cookies cannot be disabled as they are necessary for the service to function.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on the GigShield dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact & Complaints

If you have concerns about how we handle your data, please contact us at support@gigshield.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.