Privacy Policy

When you use GigOrganizer's electronic signature features, either as the organizer sending a contract or as a signer receiving one, we collect the following:

We use the following third-party services:

• Stripe - Payment processing
• Resend - Transactional email delivery
• Twilio - SMS message delivery
• Google - OAuth sign-in (if you choose Google login)
• Apple - OAuth sign-in (if you choose Apple login)
• Supabase - Database, authentication, and file storage
• Vercel - Hosting and infrastructure

Each of these services has their own privacy policy governing their use of your data.

GigOrganizer uses essential cookies and similar technologies to operate the Service. We do not use advertising or tracking cookies.

• Authentication cookies: Used to maintain your login session across pages. Set on the .gigorganizer.com domain to enable seamless access between gigorganizer.com and contracts.gigorganizer.com.
• Guest access tokens: Used to grant temporary dashboard access to guest purchasers (without an account) for 24 hours. These tokens are cryptographically signed and expire automatically.
• Security cookies: Used for CSRF protection and session integrity during authentication flows (e.g., OAuth PKCE code verifiers).

These cookies are strictly necessary for the Service to function and cannot be disabled while using GigOrganizer.

GigOrganizer offers optional SMS text message reminders as part of our team management features. By opting in to receive SMS messages from GigOrganizer, you agree to the following:

• Opt-In: You will only receive SMS messages if you explicitly opt in via the GigOrganizer gig confirmation page. The opt-in checkbox is unchecked by default and requires your active consent.
• Message Types: SMS messages are limited to gig reminders containing event details such as venue, arrival time, and point-of-contact information.
• Message Frequency: Message frequency varies. You will typically receive 1-2 messages per gig you are confirmed for.
• Message and Data Rates: Message and data rates may apply. Check with your mobile carrier for details.
• Opt-Out: You can opt out at any time by replying STOP to any message, or by unchecking the SMS opt-in toggle on your gig confirmation page. Reply HELP for assistance.
• No Third-Party Sharing: Your mobile phone number and SMS opt-in data will never be shared with or sold to third parties or lead generators for marketing or promotional purposes.

For questions about SMS messaging, contact us at support@gigorganizer.com.

Account Data: Contract data, profile information, and purchase history are retained for the duration of your account. When you delete your account, this data is permanently removed (subject to the e-signature exception below).

Guest Access: Guest purchases (without an account) have full dashboard access for 24 hours. After 24 hours, access is limited to e-signature status and signed PDF downloads (this limited access does not expire). Guest session cookies expire with the access token (24 hours). The underlying purchase and contract records are retained as described in the Account Data and E-Signature Records sections.

Completed E-Signature Records: Signed documents, audit trails, signature images, and stroke data are retained for 7 years from the date of completion, or for the duration of the organizer's account, whichever is longer. This retention period supports the legal enforceability of signed contracts. If the organizer deletes their account, completed e-signature records are retained for the remainder of the 7-year period to preserve the legal record.

Incomplete Signing Transactions: Envelopes where not all parties have signed are retained for 90 days after the signing link expires, then permanently deleted.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you, including e-signature data.
• Right to Delete: You may request deletion of your personal information. E-signature audit trail data associated with completed transactions may be retained as necessary to comply with legal obligations and preserve the enforceability of signed contracts.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information

• Identifiers: Name, email address, typed legal name. Sources: directly from you or from the organizer who creates the contract.
• Internet/Network Activity: IP address, browser type/version, timestamps. Sources: automatically collected during signing and Service use.
• Signature Data: Typed name, drawn signature images, stroke coordinate data. Sources: directly from the signer during the signing ceremony.
• Commercial Information: Transaction amounts, purchase history. Sources: from Stripe payment metadata.
• Authentication Data: Authentication session data from Google or Apple OAuth (if used). We do not persist provider OAuth access tokens. Sources: from the authentication provider you choose.
• Audit Records: Chronological signing event logs. Sources: generated by the Service during e-signature transactions.

Business Purpose: Providing, maintaining, securing, and improving the Service, including contract generation, e-signature facilitation, payment processing, customer support, and maintaining legally sufficient signing evidence.

Service Providers: Stripe (payments), Resend (email), Twilio (SMS), Google/Apple (authentication), Supabase (database/storage), Vercel (hosting).

Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.

To exercise these rights, contact support@gigorganizer.com.