Privacy Policy

This policy applies to every natural person whose personal information we process in connection with the Services, regardless of whether they live in the same country as indexgig or elsewhere. It covers visitors who only view public content (such as marketing pages or blog posts) without logging in. It covers registered users who use indexgig as clients—including sole proprietors, in-house recruiters, and employees or contractors acting on behalf of a business that posts jobs, purchases services, or manages engagements through the platform. It also covers freelancers and other independent professionals who create profiles, submit proposals, deliver work, or communicate with clients through indexgig. If you use the Services on behalf of an organization, you represent that you have the authority to bind that organization where our relationship is contractual, and you acknowledge that certain account-level information may be visible to or controlled by administrators of that organization’s workspace. We may process personal information about your colleagues or contacts if you invite them, add them to a team, or share content with them; in those cases you should ensure you are permitted to share their details with us. This policy does not govern how other users of the marketplace treat information they receive from you through normal use of the Services (for example messages or files you send to a counterparty). Their use of your information is subject to their own practices and any direct agreement between you and them. We provide tools and settings where we can to help you control visibility, but marketplace participants should exercise judgment when sharing sensitive data. If you are a candidate or applicant whose information was submitted to us by a third party without your direct use of the Services, we will process that information as described here and as required by the context in which it was provided.

We collect personal information in three broad ways: information you give us directly, information generated automatically when you use the Services, and information we receive from third parties when permitted by law and contract. Information you provide may include identity and contact details (name, email address, phone number, postal or billing address), account credentials and security information, professional or business identifiers (job title, company name, tax or registration identifiers where needed for compliance), profile and résumé-style content (skills, work history, education, rates, availability, portfolio links, samples of work), job postings and project descriptions, proposals, contracts, invoices, and the full content of messages, comments, attachments, and support tickets you send through or in connection with the Services. If you participate in surveys, beta programs, or events, we may collect responses and preferences you submit. When you pay or receive payment through integrated flows, we or our payment partners may collect payment method details, transaction identifiers, and information needed for fraud prevention, tax reporting, and accounting. We do not store full payment card numbers on our own servers when a certified partner tokenizes that data for us. We automatically collect certain technical and usage information. Examples include device type, operating system, browser type and version, language settings, approximate location derived from IP address, referrer URLs, pages and features viewed, actions taken (such as clicks, searches, and form submissions), timestamps, session identifiers, and crash or diagnostic logs. We use cookies, local storage, pixels, and similar technologies as described in the section on cookies. We may receive information from third parties such as single sign-on providers if you choose to link an account, fraud and risk vendors, analytics partners (subject to your choices and applicable law), publicly available sources, or business partners who refer you to indexgig. If another user uploads your contact details or mentions you in content, we process that information in line with this policy and the submitting user’s obligations. We ask you not to send us special categories of data (such as health information, government identifiers except where we explicitly request them for a stated purpose, or information about children) unless we expressly ask for it and explain the legal basis. If you voluntarily include such information in a profile, message, or file, you acknowledge that you are responsible for that choice.

We use personal information only where we have a lawful basis under applicable law—typically to perform our contract with you, to pursue legitimate interests that are not overridden by your rights, to comply with legal obligations, or where you have given consent. We use account and profile data to create and maintain your account, authenticate you, display your profile or listings to other users according to your settings, and enable core marketplace functions such as posting jobs, searching talent, submitting proposals, and managing projects. We use communications data to deliver in-product messaging, email notifications, and support responses you request. We use usage and technical data to secure the Services, detect and prevent fraud, abuse, spam, and policy violations, debug and improve performance, understand feature adoption in aggregate or de-identified form, and develop new functionality. We may use automated systems—including rules-based filters and machine-assisted ranking—to surface relevant jobs or candidates; these systems are designed to support human decision-making and are subject to ongoing review. We process information to enforce our Terms of Service and other policies, resolve disputes, and defend legal claims. We use billing and transaction data to process payments, issue receipts, meet tax and regulatory reporting duties, and prevent financial crime. Where permitted and consistent with your choices, we may send marketing about indexgig features, educational content, or events. You can opt out of promotional emails through the unsubscribe link or your account settings where available. We may continue to send strictly necessary service messages (security alerts, legal notices, receipts) even if you opt out of marketing. We do not sell your personal information in the conventional sense of exchanging lists of individuals for money. If we ever engage in activities that could be characterized as a "sale" or "sharing" under specific U.S. state laws, we will provide the disclosures and choices those laws require. We may create aggregated or de-identified datasets that cannot reasonably be linked back to you; we may use and share such datasets for analytics, research, and business purposes without additional notice to you.

We share personal information only when necessary to operate the Services, when you direct us to share, when we are legally required to do so, or in the limited business circumstances described below. Within the marketplace, information is shared according to the nature of the product. For example, client-facing parts of a freelancer’s profile may be visible to clients who view applications or search results; job details you post may be visible to freelancers who browse or match to those listings; and messages you send through the platform are delivered to the intended recipients. You should assume that content you publish for discovery may be seen by other users and, in some cases, indexed or cached according to our technical architecture. We engage service providers and subprocessors to perform functions on our behalf—such as cloud hosting, database management, content delivery, email and push delivery, customer support tooling, security monitoring, payment processing, identity verification, analytics, and professional services. We select vendors with appropriate safeguards and contractually require them to use personal information only for the purposes we specify, to protect it in line with this policy and applicable law, and not to use it for their own independent marketing unless separately permitted. We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, including to law enforcement. We may also disclose information when we believe it is necessary to protect the rights, property, or safety of indexgig, our users, or the public, including to detect, prevent, or address fraud, security, or technical issues. If indexgig undergoes a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. If that happens, we will notify you as required by law and explain any choices you may have. With your explicit direction—for example when you integrate a third-party tool, export data, or authorize an agent—we may share information with that third party subject to their privacy practices. We do not share your personal information with unrelated third parties for their own marketing without your consent where that consent is required.

We use cookies (small text files placed on your device), local storage, session tokens, pixels, and similar technologies to recognize you across sessions, maintain login state, remember preferences (such as language or display settings), measure how the Services perform, understand traffic sources, and support security features such as rate limiting and bot detection. We group cookies roughly into: strictly necessary cookies required for basic operation and security; functional cookies that remember your choices; analytics cookies that help us understand usage patterns; and, where applicable, cookies used to measure the effectiveness of campaigns. The exact names and lifetimes of cookies may change as we update the product; you can review current options in our cookie preference center or browser settings where we provide one. You can control cookies through your browser or device settings. Blocking or deleting certain cookies may prevent you from staying signed in, may reset preferences, or may limit some features. Do-not-track signals are not universally standardized; we treat them alongside other preference mechanisms where the law requires. Where local law mandates consent before non-essential cookies or similar technologies are used, we will obtain that consent before activation and record your choices. You may withdraw consent at any time through the same interface; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer period is required or permitted by law. Account and profile information are generally retained while your account remains open and for a reasonable period afterward to allow reactivation, resolve disputes, or meet legal holds. Transaction and billing records may be kept longer to satisfy tax, accounting, and anti-fraud requirements—often for a number of years defined by the jurisdictions in which we operate. Communications and project-related content may be retained for the duration of the engagement and for a period afterward so parties can access records, enforce contracts, or respond to legal requests. When you delete specific content or your account, we delete or de-identify associated personal information where feasible. Residual copies may persist for a limited time in encrypted backups, disaster-recovery systems, or logs that are automatically rotated. In some cases we retain minimal records to maintain a suppression list (so we do not accidentally re-contact you), to evidence consent or contract formation, or where deletion would impair the rights of other users (for example messages you sent that are part of another user’s inbox). Retention schedules are reviewed periodically. If we no longer need personal information and are not obligated to keep it, we delete, anonymize, or aggregate it in line with internal procedures.

Depending on your location, you may have rights under privacy and data protection laws. These can include the right to access the personal information we hold about you, to request correction of inaccurate data, to request deletion in certain circumstances, to restrict or object to particular types of processing, to withdraw consent where processing is based on consent, to receive a copy of your information in a portable format where technically feasible, and to lodge a complaint with a supervisory authority. You can update much of your profile and account information directly in your settings. For requests that cannot be fulfilled self-service—such as comprehensive access or deletion across systems—contact us using the details in the contact section. We may need to verify your identity before acting on a request to protect against unauthorized access. We may deny or limit requests where the law allows—for example when we must retain data for legal defense or to protect the rights of another person. We will respond within the timeframe required by applicable law, which varies by jurisdiction. If we need more time for complex requests, we will tell you. If we decline a request, we will explain our reasoning where the law requires. If you are in the European Economic Area, the United Kingdom, or Switzerland, the controller responsible for your personal data is identified in our contact section, and you may have additional rights under the GDPR or local equivalents. If you are a resident of U.S. states with comprehensive privacy laws, you may have rights to opt out of certain processing activities, to appeal our decisions, and to receive disclosures about categories of data and disclosures; we will honor those rights as required and describe any global controls we offer. You may control marketing preferences through unsubscribe links, account toggles, or by contacting us. Some rights (such as objecting to strictly necessary processing) may be limited because they would prevent us from providing the Services.

indexgig may operate globally. Personal information may be processed in the country where you live, in the countries where we maintain facilities or personnel, and in other countries where our service providers operate. When we transfer personal data from the European Economic Area, the United Kingdom, Switzerland, or other regions with cross-border transfer rules to countries that have not been recognized as providing an adequate level of protection, we implement safeguards required by law—such as standard contractual clauses approved by relevant authorities, supplementary measures where appropriate, or other lawful transfer mechanisms. We assess our vendors’ locations and practices and require them to protect transferred data consistently with this policy and applicable law. You may request more information about the mechanisms we rely on for transfers by contacting us.

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures may include encryption in transit and, where appropriate, at rest; access controls and authentication; logging and monitoring; vulnerability management; employee training; and vendor due diligence. Despite these efforts, no website or Internet transmission is completely secure. We cannot guarantee that unauthorized third parties will never defeat our safeguards. If you believe your account or data has been compromised, notify us immediately and use strong, unique passwords and multi-factor authentication where we offer it. In the event of a personal data breach that requires notification under applicable law, we will notify affected individuals and regulators as required, describe likely consequences, and outline remedial steps we are taking.

The Services are intended for adults and professionals who can enter into binding contracts. They are not directed at children. We do not knowingly collect personal information from anyone under the age at which parental consent is required in their jurisdiction (often 13 or 16, depending on local law). If you are a parent or guardian and believe we have collected information from a child, please contact us with sufficient detail to locate the account or content. We will take steps to delete that information promptly unless we are legally required to retain it. If you are between the minimum age and the age of majority in your region, you should use the Services only with the involvement and consent of a parent or guardian as required by local law.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the structure of our business. When we make changes, we will revise the "Last updated" date at the top of this page and post the new version here. If changes are material, we will provide additional notice as required by applicable law—for example by email to your registered address, an in-product notification, or a banner when you next sign in. Your continued use of the Services after the effective date of an update constitutes your acceptance of the revised policy where the law allows. If we introduce a new use of personal information that requires consent under applicable law, we will obtain that consent before proceeding. If you do not agree to an update, you should stop using the Services and, where available, delete your account.

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact us at hello@indexgig.com. When you write to us, include enough information for us to identify your account or request (such as the email address associated with your account) and describe your question clearly. For data protection requests, we may ask for additional verification before disclosing or changing information. We aim to acknowledge substantive privacy inquiries promptly and to resolve them within the timeframes required by applicable law. If you are not satisfied with our response, you may have the right to complain to a data protection authority in your country or region.

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases depending on the activity. Contract: processing necessary to perform our agreement with you—for example creating your account, delivering the marketplace, processing payments you authorize, and communicating about your use of the Services. Legitimate interests: processing necessary for our legitimate business interests, such as securing the platform, improving features, preventing fraud, understanding aggregate usage, and asserting or defending legal claims—balanced against your rights and freedoms. Where required, we conduct assessments and offer opt-outs where appropriate. Legal obligation: processing required to comply with law—for example tax reporting, responding to lawful requests from authorities, or retaining records subject to statutory retention periods. Consent: where we ask for your consent—for certain cookies, marketing in specific contexts, or optional features—you may withdraw consent at any time without affecting processing that occurred before withdrawal. Vital interests: rarely, we may process data to protect someone’s life or physical safety. If we rely on legitimate interests, you may object to certain processing as described in the rights section; we will stop unless we demonstrate compelling legitimate grounds or need the data for legal claims.

We distinguish between transactional and service messages on the one hand, and promotional communications on the other. Transactional and service messages include security alerts, password resets, receipts, legal notices, changes to terms or policy, responses to support tickets, and messages necessary to perform a contract (for example notifications about a job application or project milestone). You generally cannot opt out of these while maintaining an active account, because they are essential to operating the Services safely and fairly. Promotional communications may describe new features, tips, webinars, or offers. Where law requires prior consent, we will only send these after you opt in. Otherwise, we may send them based on our legitimate interests or your relationship with us, and we will provide a clear way to unsubscribe in each message or in your account settings. Even if you opt out of marketing, we may still use your contact information for non-promotional notices. If you use multiple email addresses with us, you may need to adjust preferences separately for each account.

The Services may contain links to third-party websites, plugins, or integrations that are not operated by indexgig. This policy does not apply to those destinations. If you follow a link or enable an integration, the third party’s privacy policy governs its collection and use of information. We encourage you to read those policies before submitting personal data. If you authenticate through a third-party identity provider or connect external tools (such as calendars, file storage, or communication apps), we may receive tokens or profile information according to the permissions you grant. You can typically revoke access through your indexgig settings or the third party’s account security page. We are not responsible for the privacy practices of clients, freelancers, or other users you interact with outside our platform.

We use analytics and logging to understand how the Services are used, to diagnose errors, and to improve reliability and user experience. Server and application logs may include IP addresses, device identifiers, URLs, timestamps, and error codes. We retain logs for limited periods consistent with security and troubleshooting needs, after which they may be deleted or aggregated. We may use first-party and, where permitted, third-party analytics to measure traffic, conversion funnels, and feature usage. Where required, we will obtain consent before activating non-essential analytics technologies. From time to time we may conduct surveys, interviews, or usability studies. Participation is voluntary, and we will explain how information from those activities will be used. We may publish research results only in de-identified or aggregate form unless you agree otherwise.

Privacy laws vary by country and state. This section highlights themes that often apply in specific regions without listing every local requirement. Residents of the European Economic Area, the United Kingdom, and Switzerland benefit from the rights and safeguards described throughout this policy, including those related to international transfers and legal bases. You may contact us or your local supervisory authority if you have concerns. In several U.S. states, consumers have rights to know, access, delete, correct, and opt out of certain processing, and rights against discrimination for exercising privacy rights. We honor applicable requests as required by law. Some rights apply only to specific categories of processing or data. In other jurisdictions—such as Canada, Brazil, or the Asia-Pacific region—similar principles may apply to access, correction, and accountability. We will respond to requests in line with the law that governs our relationship with you. Nothing in this section limits any right expressly granted to you under the law of your place of residence.

We take privacy complaints seriously. If you believe we have handled your personal information inconsistently with this policy or applicable law, please contact us first at hello@indexgig.com with a clear description of the issue. We will investigate in good faith and respond within the time required by law where a deadline applies. If you are not satisfied with the outcome, you may have the right to escalate to a data protection authority or, where applicable, to pursue other remedies available in your jurisdiction. For users in the European Union, you may contact the supervisory authority in the member state where you live or work. For users in the United Kingdom, you may contact the Information Commissioner’s Office. We will cooperate with regulators as required. Keeping records of your correspondence helps us resolve issues efficiently; please retain copies of relevant messages for your own files as well.