GigRevoGigRevo← Back to Home
Legal

Privacy Policy

Last Updated: March 15, 2026

GIGREVO TECHNOLOGIES LTD

Company Number: 17076940

Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

England and Wales

1. Introduction

1.1. GIGREVO TECHNOLOGIES LTD (“GigRevo,” “we,” “us,” or “our”) operates the website www.gigrevo.com and the Telegram bot @gigrevo_bot (collectively, the “Platform”). This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you use our Platform.

1.2. We are the data controller for the personal data we process through the Platform. We are registered in England and Wales and subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process personal data of individuals located in the European Economic Area (EEA), we also comply with the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679).

1.3. By using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as the legal basis for processing, we will obtain your explicit consent at the point of data collection. You may withdraw consent at any time as described in Section 10.

1.4. This Privacy Policy should be read alongside our Terms of Service (available at www.gigrevo.com/terms), which govern your use of the Platform.

2. Data Controller Contact Information

2.1. If you have any questions about this Privacy Policy or wish to exercise your data rights, you may contact us at:

GIGREVO TECHNOLOGIES LTD

Email: privacy@gigrevo.com

General support: support@gigrevo.com

Website: www.gigrevo.com

2.2. GigRevo does not currently appoint a Data Protection Officer (DPO) as we do not meet the mandatory appointment thresholds under Article 37 of the UK GDPR. We will appoint a DPO if and when our processing activities require one. In the meantime, all data protection enquiries should be directed to privacy@gigrevo.com.

3. Personal Data We Collect

We collect different categories of personal data depending on how you interact with the Platform.

3.1. Data collected during account registration

When you create an account via email, we collect your full name, email address, password (stored in hashed form — we never store plaintext passwords), phone number (optional), and your selected role (Client or Freelancer).

When you create an account via Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

When you create an account or log in via Telegram Login, we receive your Telegram user ID (numeric), Telegram first name, last name, username, and profile photo URL from Telegram. We do not receive your phone number, contacts, or Telegram message history.

3.2. Data collected during Platform use

Profile information you provide voluntarily, including biography, skills, location, hourly rate, portfolio items, and profile picture. Project and escrow data, including project descriptions, milestone descriptions, amounts, deadlines, escrow statuses, and timestamps. Communications between you and other Users conducted through the Platform’s messaging features. Proposal and application data submitted through the Platform.

3.3. Wallet and transaction data

If you connect a wallet via the website (such as MetaMask), we record your public wallet address. We do not have access to and do not store your private keys for wallets you connect yourself.

If you use the Telegram bot, we generate a custodial wallet on your behalf. This involves creating a cryptographic key pair and storing the private key in our database, encrypted using AES-256-GCM encryption. The encryption keys are stored separately from the database in secure environment variables. We use this stored private key to sign blockchain transactions on your behalf when you issue commands through the Telegram bot. The security implications of this custodial arrangement are described in Section 6.

Transaction data associated with your escrows, including on-chain transaction hashes, token amounts, fee deductions, and milestone statuses.

3.4. Technical data collected automatically

IP address, browser type and version, operating system, device type, referral URLs, pages visited and time spent on each page, and timestamps of access. Authentication session data, including session tokens, login timestamps, and the method of authentication used (email, Google, or Telegram). Consent records, including the timestamp, IP address, and version of the Terms of Service and Privacy Policy you accepted at registration.

3.5. Data we do NOT collect

We do not collect payment card information, bank account details, government-issued identification documents, biometric data, or data about racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, or sexual orientation. We do not use third-party analytics cookies or advertising trackers.

4. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

4.1. To provide and operate the Platform (Legal basis: Contractual necessity — Article 6(1)(b) UK GDPR)

Creating and managing your user account. Facilitating escrow creation, funding, milestone tracking, delivery, release, and dispute resolution. Processing transactions through the escrow smart contract on the Polygon blockchain. Operating the custodial wallet service for Telegram bot users, including generating wallets, signing transactions, and managing balances. Linking your Telegram identity to your website account when you choose to do so. Sending you transactional notifications about escrow events you are a party to (such as escrow funded, milestone delivered, payment released, or dispute opened).

4.2. To comply with legal obligations (Legal basis: Legal obligation — Article 6(1)(c) UK GDPR)

Maintaining records of transactions for tax, accounting, and regulatory compliance purposes. Responding to lawful requests from law enforcement, regulators, or courts. Fulfilling anti-money laundering (AML) and counter-terrorism financing obligations that may apply to us now or in the future.

4.3. To protect our legitimate interests (Legal basis: Legitimate interests — Article 6(1)(f) UK GDPR)

Detecting, preventing, and investigating fraud, abuse, security incidents, and violations of our Terms of Service. Maintaining the security and integrity of the Platform, including monitoring for suspicious activity and enforcing rate limits on authentication endpoints. Improving the Platform’s functionality, performance, and user experience based on aggregated, anonymised usage patterns. Enforcing our Terms of Service and resolving disputes.

We have conducted a legitimate interests assessment for each of these purposes and have determined that our interests do not override your fundamental rights and freedoms.

4.4. With your consent (Legal basis: Consent — Article 6(1)(a) UK GDPR)

Sending you marketing communications or promotional messages about GigRevo (if we introduce this in the future — we do not currently send marketing emails). Any other processing for which we specifically request and obtain your consent.

You may withdraw consent at any time by contacting privacy@gigrevo.com. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Data Sharing

5.1. We do not sell, rent, or trade your personal data to any third party.

5.2. We share limited data in the following circumstances:

With other Platform Users: When you participate in an escrow, the other party (Client or Freelancer) can see your public profile information (name, username, profile picture, bio, skills) and your public wallet address. This sharing is necessary for the Platform to function.

On the Polygon blockchain: When an escrow transaction is executed, the following data is recorded on the Polygon public blockchain: wallet addresses of the Client and Freelancer, token amounts, transaction timestamps, and escrow status changes. This data is publicly visible to anyone, permanently recorded, and cannot be deleted or modified. We minimise on-chain data by only recording wallet addresses (not names, emails, or other identifying information) on the blockchain. However, if your wallet address can be linked to your real-world identity through external means, on-chain transaction data could be associated with you.

With infrastructure providers: We use the following third-party service providers to operate the Platform: Vercel (website hosting and serverless functions — based in the United States), MongoDB Atlas (database hosting — data stored in cloud infrastructure), Polygon RPC providers (blockchain node access for reading and writing on-chain data). These providers process data on our behalf under data processing agreements and are contractually required to protect your data in accordance with applicable data protection law.

With law enforcement: We may disclose your personal data if required to do so by law, court order, or lawful request from a regulatory authority. We will notify you of such a request unless prohibited by law from doing so.

5.3. In the event of a merger, acquisition, or sale of all or a portion of GigRevo’s assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy that result from it.

6. Data Security

6.1. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Passwords are hashed using industry-standard algorithms and are never stored in plaintext.
  • Custodial wallet private keys (for Telegram bot users) are encrypted at rest using AES-256-GCM. Encryption keys are stored separately from the database in secure environment variables.
  • All data in transit is encrypted using HTTPS/TLS.
  • Authentication endpoints are rate-limited to prevent brute-force attacks (10 requests per minute for login, 5 requests per minute for password reset and signup).
  • API error handling is standardised to prevent information leakage.
  • Debug logging of sensitive data (including password reset tokens) has been removed from production.

6.2. Custodial Wallet Security Disclosure: If you use the Telegram bot, GigRevo stores an encrypted copy of your wallet’s private key on its servers. While we employ strong encryption and security practices, no system is completely immune to security breaches. In the event of a breach of GigRevo’s systems, it is theoretically possible that encrypted private keys could be compromised, which could result in loss of funds held in custodial wallets. We strongly encourage users who hold significant balances to export their private key using the bot’s export function and transfer funds to a self-managed wallet. GigRevo does not insure custodial wallet funds and cannot guarantee recovery in the event of a security breach.

6.3. We regularly review and update our security measures. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours and will notify affected users without undue delay, as required by Article 33 and Article 34 of the UK GDPR.

7. International Data Transfers

7.1. GigRevo is based in the United Kingdom. Your personal data may be transferred to, stored, and processed in countries outside the UK and the EEA, including the United States (where our hosting provider Vercel and database provider MongoDB Atlas operate infrastructure).

7.2. Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place in accordance with Articles 46-49 of the UK GDPR. These safeguards include: reliance on adequacy decisions by the UK Secretary of State or the European Commission where available, standard contractual clauses (SCCs) approved by the ICO or the European Commission, and the data importer’s participation in recognised certification frameworks.

7.3. On-chain data recorded on the Polygon blockchain is distributed across a global network of validator nodes and is accessible from any jurisdiction worldwide. By using the Platform and participating in escrow transactions, you acknowledge that transaction data recorded on the blockchain will be globally distributed and publicly accessible.

7.4. You may request information about the specific safeguards we apply to international transfers by contacting privacy@gigrevo.com.

8. Data Retention

8.1. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • Account data (name, email, profile information): Retained for as long as your account is active. Upon account deletion, this data is anonymised (name replaced with “Deleted User,” email replaced with a non-identifying placeholder, phone and avatar cleared) rather than hard-deleted, because transactional records may reference your account.
  • Escrow and transaction records (project descriptions, milestone data, amounts, timestamps): Retained for a minimum of 6 years after the escrow is completed or cancelled, to comply with UK tax, accounting, and record-keeping requirements under the Companies Act 2006 and HMRC guidelines.
  • Custodial wallet private keys (Telegram bot users): Retained for as long as your account is active. Upon account deletion, the encrypted private key material is permanently destroyed (overwritten with null) and cannot be recovered.
  • Authentication and consent records (login timestamps, ToS acceptance records, IP addresses): Retained for a minimum of 6 years for legal compliance and dispute resolution purposes.
  • Technical logs (IP addresses, access timestamps): Retained for a maximum of 90 days for security monitoring and abuse prevention, then permanently deleted.
  • On-chain blockchain data (wallet addresses, transaction hashes, escrow amounts): This data is recorded on the Polygon public blockchain and is permanent and immutable. Neither GigRevo nor any other party can modify or delete data recorded on the blockchain. This is an inherent characteristic of blockchain technology and is not within GigRevo’s control.

8.2. When personal data is no longer required, we either permanently delete it or anonymise it so that it can no longer be associated with you.

9. Your Rights Under UK GDPR and EU GDPR

9.1. You have the following rights regarding your personal data:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you. We will provide this in a commonly used electronic format within 30 days of your request.
  • Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly through your Profile settings on the Platform.
  • Right to erasure / right to be forgotten (Article 17): You have the right to request deletion of your personal data. You can exercise this right by using the account deletion feature in your dashboard profile settings, or by contacting privacy@gigrevo.com. Upon receiving a valid erasure request, we will anonymise your off-chain personal data (as described in Section 8.1) and destroy any custodial wallet key material. Please note that we cannot erase data recorded on the Polygon blockchain (wallet addresses, transaction amounts, timestamps), as blockchain records are immutable. We also cannot erase data that we are legally required to retain (such as transaction records for tax compliance). We will inform you of any data that cannot be erased and the reasons why.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.
  • Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This applies to data you have provided to us and that we process on the basis of consent or contractual necessity. Contact privacy@gigrevo.com to request a data export.
  • Right to object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right not to be subject to automated decision-making (Article 22): We do not currently make any decisions based solely on automated processing that produce legal or similarly significant effects on you.

9.2. To exercise any of these rights, contact privacy@gigrevo.com. We will respond to your request within 30 days. If your request is complex or we receive a high volume of requests, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it within the initial 30-day period.

9.3. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

9.4. We may need to verify your identity before processing your request to ensure we do not disclose personal data to the wrong person.

10. Consent and Withdrawal

10.1. Where we process your personal data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

10.2. To withdraw consent, contact privacy@gigrevo.com or use the relevant in-platform controls (such as account deletion).

10.3. If you withdraw consent for processing that is essential to providing the Platform’s services (for example, processing necessary to operate escrow transactions), we may not be able to continue providing those services to you.

11. Cookies and Similar Technologies

11.1. The Platform uses only strictly necessary cookies for the purpose of user authentication and session management. Specifically, we use NextAuth session cookies (named next-auth.session-token or __Secure-next-auth.session-token) which are essential for keeping you logged in and maintaining your session while you use the Platform.

11.2. These cookies are classified as “strictly necessary” under the UK Privacy and Electronic Communications Regulations 2003 (PECR) and Article 5(3) of the EU ePrivacy Directive. Strictly necessary cookies do not require your consent.

11.3. We do not use analytics cookies, advertising cookies, tracking pixels, or any third-party cookies. We do not use any technology to track your behaviour across other websites.

11.4. If we introduce non-essential cookies in the future (such as analytics), we will update this policy, implement a cookie consent mechanism, and obtain your explicit consent before setting such cookies.

12. Children’s Privacy

12.1. The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data as promptly as possible.

12.2. If you believe that a child under 18 has provided personal data to us, please contact privacy@gigrevo.com immediately.

13. Blockchain-Specific Privacy Considerations

13.1. GigRevo uses the Polygon blockchain to execute escrow transactions. The Polygon blockchain is a public, decentralised, and immutable ledger. This has specific privacy implications that you should understand before using the Platform.

13.2. When an escrow transaction is executed on the Polygon blockchain, the following data is permanently and publicly recorded: the wallet addresses of both the Client and the Freelancer, the stablecoin token used (USDC or USDT), the transaction amount, the timestamp of each transaction, and the status of escrow operations (creation, funding, acceptance, delivery, release, dispute, cancellation). This data is visible to anyone with access to a Polygon blockchain explorer (such as PolygonScan) and can never be deleted, modified, or hidden.

13.3. GigRevo does not record your name, email address, or other directly identifying information on the blockchain. Only your wallet address appears on-chain. However, if your wallet address is associated with your real-world identity through external means (for example, if you have used the same wallet address on a centralised exchange that requires identity verification), third parties could potentially link your on-chain transactions to your identity.

13.4. Due to the immutable nature of blockchain technology, the right to erasure (Article 17 UK GDPR) cannot be fully exercised with respect to on-chain data. This is a known and widely acknowledged limitation of blockchain-based systems. The European Data Protection Board (EDPB) and the UK Information Commissioner’s Office (ICO) have recognised that technical impossibility may limit the application of the right to erasure. GigRevo mitigates this by minimising the personal data recorded on-chain (using only wallet addresses rather than names or other identifiers) and by allowing full erasure of all off-chain data that is within our control.

13.5. By using the Platform and participating in escrow transactions, you explicitly acknowledge and accept that transaction data will be permanently recorded on the public Polygon blockchain and cannot be erased.

14. Changes to This Privacy Policy

14.1. We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or Platform features. We will notify registered users of material changes via email or in-platform notification at least 14 days before the changes take effect.

14.2. The “Last Updated” date at the top of this policy indicates when the most recent revision was made. We encourage you to review this policy periodically.

14.3. Your continued use of the Platform after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree to any changes, you should stop using the Platform and may request account deletion.

15. Complaints

15.1. If you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with a supervisory authority.

15.2. In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15.3. If you are located in the European Economic Area, you may also lodge a complaint with the data protection authority in your country of residence. A list of EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

15.4. We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please contact privacy@gigrevo.com first, and we will do our best to resolve your issue promptly.

16. Contact

For all privacy-related enquiries:

GIGREVO TECHNOLOGIES LTD

Email: privacy@gigrevo.com

General support: support@gigrevo.com

Website: www.gigrevo.com