Back to GigComs

Privacy Policy

Last updated: 2026-03-31

1.Introduction

Gigcoms ("we", "us", "our") operates gigcoms.com. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform for managing live music bookings and communication.

Data Controller: GigComs ApS, Copenhagen, Denmark. Registered under Danish law. Contact: privacy@gigcoms.com

2.Information We Collect

  • Account data: Account information: email address, name, and authentication data when you sign up
  • Profile data: Profile data: artist/booker profile, username, bio, avatar, timezone, and language preferences
  • Booking data: Booking data: event details, dates, fees, contracts, invoices, and related documents
  • Messages: Messages: conversations through our platform, including messages sent via connected channels (WhatsApp, email)
  • Usage data: Usage data: pages visited, features used, and AI commands processed
  • Payment data: When you process payments through Stripe, we store transaction references and amounts. We never store card numbers — Stripe handles all sensitive payment data.
  • Device data: IP address, browser type, operating system, and device identifiers for security and analytics.

3.How We Use Your Information

PurposeLegal Basis (GDPR Art. 6)
Provide and maintain our booking management serviceContract performance (Art. 6(1)(b))
Facilitate communication between artists, bookers, and clients across connected channelsContract performance (Art. 6(1)(b))
Process your requests through our AI assistant to create bookings, contracts, and manage your calendarContract performance (Art. 6(1)(b))
Send transactional emails (booking confirmations, contract notifications, invoice reminders)Contract performance (Art. 6(1)(b))
Analytics & product improvementConsent (Art. 6(1)(a))
Marketing emails & newslettersConsent (Art. 6(1)(a))
Prevent fraud, abuse, and unauthorized accessLegitimate interest (Art. 6(1)(f))
Tax record retention (7 years)Legal obligation (Art. 6(1)(c))

4.Information Sharing

We do not sell your personal data. We share information only in these cases:

  • With service providers who help us operate (hosting, email delivery, AI processing)
  • When required by law or to protect our legal rights
  • With your explicit consent (e.g., when you connect a WhatsApp or email channel)
  • With the other party in a booking (artist ↔ booker) to facilitate the booking process

5.Third-Party Services

We use the following services to operate Gigcoms:

ServicePurposeDataRegion
SupabaseDatabase, authentication, and file storage (EU region)All account & booking dataEU (Frankfurt)
Anthropic (Claude)AI processing for chat assistant and automated responsesChat messages, booking contextUS (with EU DPA)
VercelHosting and content deliveryRequest logs, analyticsGlobal CDN (EU primary)
StripePayment processing for deposits and invoicesTransaction amounts, customer emailEU / US
ResendTransactional email deliveryEmail addresses, notification contentUS (with EU DPA)
WhatsApp / MetaMessaging integration when you connect your WhatsApp Business accountMessages via connected accountsEU / US

6.Cookies & Analytics

GigComs uses minimal cookies and analytics:

  • Essential cookies: Authentication session cookies (Supabase Auth). Required for the service to function.
  • Analytics: Vercel Analytics and Google Analytics (anonymized) to understand usage patterns and improve the product.
  • No advertising cookies: We do not use tracking cookies for advertising or retargeting.

You can disable non-essential cookies in your browser settings. Disabling essential cookies will prevent you from using the service.

7.Data Retention

We retain your data for as long as your account is active. You can request deletion of your account and associated data at any time. Booking records may be retained for legal and tax compliance purposes.

  • Active accounts: Data retained for the lifetime of your account.
  • Deleted accounts: Personal data removed within 30 days. Booking records retained for 7 years for tax/legal compliance.
  • Chat history: AI conversation logs retained for 90 days, then anonymized.

8.Your Rights

Under GDPR, you have the right to access, correct, delete, and export your data at any time. Email privacy@gigcoms.com or use the settings page to manage your data.
  • Access: Access your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data in a portable format
  • Withdraw consent: Withdraw consent for data processing at any time
  • Object: You may object to processing based on legitimate interests.
  • Restriction: You may request we restrict processing while a dispute is resolved.

9.International Data Transfers

Some of our processors are located outside the EU/EEA. We ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs) with US-based processors
  • EU-US Data Privacy Framework certification where applicable
  • Data Processing Agreements (DPAs) with all sub-processors

10.Children's Privacy

GigComs is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11.AI & Automated Decision-Making

GigComs uses AI (powered by Anthropic Claude) to assist with booking management:

  • AI chat assistant: Processes your natural language requests to create bookings, contracts, and manage your calendar.
  • Auto-negotiation: If enabled, AI may respond to booking inquiries based on your configured rules. You can review and approve all AI responses before they are sent.
  • No profiling: We do not use AI to make automated decisions that produce legal effects or significantly affect you.

You can disable AI auto-responses in your agent settings at any time.

12.Security

We use industry-standard security measures including encryption in transit (TLS), encrypted database connections, row-level security policies, and hashed API keys to protect your data.

  • TLS encryption for all data in transit
  • Encrypted database connections with row-level security
  • Hashed API keys and secure session management
  • Regular security reviews and dependency updates

13.Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will:

  • Notify the Danish Data Protection Agency (Datatilsynet) within 72 hours
  • Notify affected users without undue delay via email
  • Document the breach, its effects, and remedial actions taken

14.Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with:

Datatilsynet (Danish Data Protection Agency)
Carl Jacobsens Vej 35, 2500 Valby, Denmark
dt@datatilsynet.dk · +45 33 19 32 00

Questions? Contact us at privacy@gigcoms.com

Privacy Policy — GigComs | GigComs