Privacy Policy

Last updated: 23 April 2026

1. Introduction

Welcome to GigGap Ltd. (“GigGap,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website at www.gig-gap.com, the GigGap mobile application, and any related sites, applications, or services (collectively, the “Platform”).

GigGap Ltd. is a company registered in England and Wales and is the data controller responsible for your personal data. GigGap operates a branch in Senegal (“GigGap Senegal”), which is not a separate legal entity. GigGap Ltd. remains the sole data controller for all users worldwide.

Our Platform primarily serves users in Senegal, The Gambia, and Nigeria, as well as African diaspora communities globally, though the Platform is open to users worldwide.

The following data protection laws may apply to you depending on your location:

United Kingdom: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
European Economic Area (EEA): EU General Data Protection Regulation (EU GDPR).
Senegal: Loi n° 2008-12 sur la Protection des Données à Caractère Personnel.
Nigeria: Nigeria Data Protection Act 2023 (NDPA).

Where this Policy refers to “applicable data protection law,” it means the law(s) applicable to you based on your location.

By accessing or using the Platform, you acknowledge that you have read and understood this Policy. This Policy may change from time to time; any changes will be posted on the Platform, and we will take any additional steps required by applicable law, including notifying you about material changes. Changes are effective as of the stated “Last updated” date. We recommend that you review this Policy periodically.

Contact details of the data controller:

GigGap Ltd. (Head Office), 5 Waterford Place, Heald Green, Cheadle, England, SK8 3PR
Email: contact@gig-gap.com

GigGap Senegal (Branch), Golf Sud Hamo 2, Dakar, Senegal

2. Information We Collect

2.1 Information You Provide

Account information: When you register, we collect your name, email address or phone number, date of birth (optional), gender (optional), profile picture (optional), and country/city of residence.
Profile information: If you register as a skilled worker, we additionally collect your occupation, service description, and related professional details.
Communications: Messages exchanged between customers and skilled workers through our in-app chat feature.
Payment information: To process transactions, we collect payment-related details. We do not store payment card details on our servers; payments are processed securely through third-party payment processors.
Support requests: Information you provide when contacting our customer support team.

2.2 Information Collected Automatically

When you use the Platform, we automatically collect certain technical and usage information:

Device information: Device type, operating system, unique device identifiers, and mobile network information.
Usage data: Pages and features accessed, time spent on the Platform, search queries, interactions with skilled worker profiles, and other usage patterns.
Location data: Country and city based on your IP address or, with your consent, more precise location data from your device.
Log data: IP address, browser type, access times, referring URLs, and crash reports.

2.3 Information from Third Parties

Payment processors: Transaction confirmation and status from our payment service providers.
Analytics providers: Aggregated and anonymised usage insights.

We collect and process personal data only to the extent necessary for the purposes described in Section 3. Each category of personal data listed above is used in connection with one or more of those purposes and processed in accordance with the applicable legal bases described in Section 3.

3. How We Use Your Information

We process your personal data only when we have a valid legal basis to do so. The table below explains each purpose and its corresponding legal basis. References to GDPR articles apply to users covered by UK GDPR or EU GDPR. Equivalent legal bases apply under Senegal’s Loi n° 2008-12 and Nigeria’s NDPA where applicable:

Purpose	Legal Basis
Creating and managing your account	Performance of contract (Art. 6(1)(b))
Facilitating service requests, bookings, and payments between customers and skilled workers	Performance of contract (Art. 6(1)(b))
Enabling in-app communication between customers and skilled workers	Performance of contract (Art. 6(1)(b))
Providing customer support	Performance of contract (Art. 6(1)(b))
Sending service-related notifications (e.g. booking confirmations, payment receipts)	Performance of contract (Art. 6(1)(b))
Improving and optimising the Platform, fixing bugs, and analysing usage patterns	Legitimate interest (Art. 6(1)(f))
Ensuring the security and integrity of the Platform, preventing fraud	Legitimate interest (Art. 6(1)(f))
Measuring the effectiveness of our advertising campaigns (see Section 5)	Consent (Art. 6(1)(a))
Complying with legal obligations (e.g. tax, anti-money laundering)	Legal obligation (Art. 6(1)(c))
Sending marketing communications (where you have opted in)	Consent (Art. 6(1)(a))

4. How We Share Your Information

We share your personal data only as described below:

Between users: Service providers (skilled workers) and service seekers (customers) can see each other’s relevant profile information as necessary to facilitate bookings and service delivery.
Payment processors: We share transaction details with our third-party payment processors to process payments securely. We do not collect or store full payment card details or financial account credentials. Payment information is processed directly by our third-party payment processors, who act as independent data controllers for payment processing activities.
Cloud infrastructure providers: Your data is stored on servers operated by Amazon Web Services (AWS) in Ireland (EU). Data is not stored locally in African jurisdictions.
Analytics and advertising partners: With your consent, we share certain data with Meta (Facebook/Instagram) for advertising measurement and optimisation, as described in Section 5 below.
Legal authorities: We may disclose your data when required by law, in response to valid legal requests, or to protect the rights, safety, or property of GigGap, our users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

Our key service providers include:

Cloud hosting providers (e.g. Amazon Web Services)
Payment processors (e.g. Stripe, Paystack, mobile money providers)
Analytics and advertising partners (e.g. Meta Platforms)
Customer support and communication tools

These providers process personal data on our behalf under contractual agreements that include data protection obligations.

We do not sell your personal data to third parties.

5. Advertising Measurement and Tracking

5.1 What We Use

We use the following tools from Meta Platforms, Inc. (“Meta”) to measure the effectiveness of our advertising campaigns on Facebook and Instagram:

Meta SDK: Integrated into our mobile app, this software collects device-level identifiers and logs certain in-app events (such as app installs, registrations, searches, and bookings) to help us understand which advertisements led users to our Platform.
Meta Conversions API (CAPI): A server-side integration that sends event data directly from our servers to Meta for advertising measurement and campaign optimisation.
SKAdNetwork (iOS): Apple’s privacy-preserving framework that provides aggregated install attribution data. SKAdNetwork does not rely on device-level identifiers or personal data, and operates entirely within Apple’s privacy framework.

5.2 What Data Is Shared with Meta

When you consent to advertising measurement, the following data may be shared with Meta. Both client-side (SDK) and server-side (Conversions API) tracking rely on your consent; our servers will only send events to Meta via the Conversions API if you have provided consent for advertising measurement.

Examples of events we track include: account registration, search activity, viewing skilled worker profiles, initiating service requests, and completed bookings.

Via the Meta SDK (from your device): Device advertising identifier (IDFA on iOS, GAID on Android), Facebook anonymous ID, and in-app event data (e.g. that a registration, search, profile view, or booking occurred).
Via the Conversions API (from our servers): Hashed versions of your email address, phone number, first name, last name, city, country, date of birth, and gender, along with event data. This data is hashed using SHA-256 to reduce identifiability before transmission. Meta uses these hashed values to match events to user accounts on its platform for advertising measurement.

We may send the same event from both your device and our servers using a shared identifier (event ID) to improve accuracy. Meta uses this identifier to avoid counting duplicate events. We also share a pseudonymous identifier (such as a hashed user ID or event ID) to enable Meta to link client-side and server-side events for accurate measurement.

5.3 How Meta Uses This Data

Meta uses the data described above to:

Attribute app installs and in-app actions to specific advertising campaigns.
Optimise ad delivery to reach people most likely to be interested in our services.
Provide us with aggregated advertising performance reports.

Under applicable data protection law, GigGap and Meta Platforms Ireland Limited (for EEA users) or Meta Platforms, Inc. (for UK and other users) act as joint controllers for the collection and transmission of this data to Meta (in accordance with Meta’s Business Tools Terms and Controller Addendum). GigGap is responsible for collecting and transmitting event data to Meta. Meta is responsible for processing this data on its platform. You may exercise your data protection rights with either GigGap or Meta. Meta acts as an independent controller for any further processing of this data on its platform.

We have entered into data processing and data transfer agreements with Meta and our service providers to ensure compliance with applicable data protection laws.

For more information about how Meta processes your data, please see Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/.

5.4 Your Consent and Control

Advertising measurement data is only collected and shared with your explicit consent. We will ask for your consent within the app before activating any Meta tracking. This consent requirement applies to all users regardless of location, and satisfies the explicit and informed consent requirements under Senegal’s Loi n° 2008-12, Nigeria’s NDPA, UK GDPR, and EU GDPR.

On iOS, you will also be asked via Apple’s App Tracking Transparency prompt whether you allow our app to track your activity across other companies’ apps and websites.
On Android, consent is managed through our in-app consent mechanism.

You can withdraw your consent at any time through the app’s privacy settings. If you withdraw consent:

We will stop sending your data to Meta via the SDK on your device. Our servers will also stop sending events to Meta via the Conversions API; our backend checks your consent status before transmitting any data.
Previously collected data may still be retained by Meta in accordance with their data retention policies.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You can use the Platform fully without consenting to advertising measurement. Declining does not affect your access to any features or services.

5.5 International Data Transfers

Your personal data is stored on servers in Ireland (EU) and may be transferred to the United States when shared with Meta. Depending on your location, the following transfer mechanisms apply:

Africa (Senegal, The Gambia, Nigeria) to Ireland: Your data is transferred from your country of residence to our servers in Ireland. Under Senegal’s Loi n° 2008-12, cross-border transfers are permitted to countries providing an adequate level of data protection; EU member states (including Ireland) are generally considered adequate. Under Nigeria’s NDPA, transfers are permitted where adequate safeguards are in place, which we ensure through our technical and organisational security measures and contractual obligations with our infrastructure providers.
Ireland to US (Meta): When data is shared with Meta, it may be transferred to Meta’s servers in the United States. For users covered by UK GDPR, these transfers rely on Meta’s Data Processing Terms and the UK International Data Transfer Agreement (IDTA). For users covered by EU GDPR, these transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
EEA to UK: The European Commission has granted an adequacy decision for the United Kingdom, meaning data can be transferred between the EEA and the UK without additional safeguards.

6. Cookies and Similar Technologies

Our mobile app and website may use cookies and similar technologies to enhance your experience. These include:

Strictly necessary cookies: Required for the Platform to function. These do not require consent.
Analytics cookies: Help us understand how users interact with the Platform. Used only with your consent.
Advertising cookies: Used for advertising measurement as described in Section 5. Used only with your consent.

You can manage your cookie preferences through the settings provided on the Platform.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law. Specifically:

Account data: Retained for the duration of your account and for up to 3 years after account deletion, unless longer retention is required by law (e.g. for tax or legal compliance).
Transaction data: Retained for the period required by applicable tax and commercial law (typically 6 years in the UK under HMRC requirements, or longer where required by the laws of the user’s jurisdiction).
Communication data: Retained for the duration of your account and deleted upon account deletion, subject to legal retention requirements.
Advertising measurement data: Retained by Meta in accordance with their own data retention policies. Data retained on our servers for this purpose is deleted within 90 days.

8. Your Rights

Regardless of your location, you have the right to access, correct, and delete the personal data we hold about you, and to withdraw any consent you have given. The specific rights available to you depend on the data protection law applicable in your jurisdiction:

For users covered by UK GDPR or EU GDPR:

Right of access (Art. 15): You can request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You can request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): You can request deletion of your data, subject to legal retention obligations.
Right to restriction (Art. 18): You can request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20): You can request your data in a structured, commonly used, machine-readable format.
Right to object (Art. 21): You can object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds. You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you do so, we will stop processing your data for such purposes.
Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

For users in Senegal:

You have the right to access, correct, and delete your personal data, and to object to its processing, under Senegal’s Loi n° 2008-12. You may lodge a complaint with the Commission des Données Personnelles (CDP) at https://www.cdp.sn/.

For users in Nigeria:

You have the right to access, correct, and delete your personal data, and to withdraw consent, under the Nigeria Data Protection Act 2023 (NDPA). You may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

For all users:

In addition to the authorities listed above, users in the UK may lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/. Users in the EEA may lodge a complaint with the supervisory authority in their country of residence.

We may use automated systems, including risk scoring and fraud detection tools, to monitor transactions and prevent abuse of the Platform. These systems do not make decisions that produce legal or similarly significant effects without human involvement. You may contact us if you wish to obtain more information about such processing.

To exercise any of these rights, please contact us at contact@gig-gap.com. We will respond to your request within one month (or within the timeframe required by your applicable data protection law).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments. In the event of a personal data breach, we will notify affected users and relevant authorities where required by applicable law.

However, no method of transmission or storage is entirely secure. We encourage you to use strong passwords and protect your login credentials.

10. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or the features of our Platform. We will notify you of material changes by posting the updated Policy on the Platform and, where appropriate, by email or in-app notification. Please review it periodically for updates.

12. Contact Us

If you have questions or concerns regarding this Privacy Policy, your data, or wish to exercise your rights, please contact us:

GigGap Ltd. (Head Office), 5 Waterford Place, Heald Green, Cheadle, England, SK8 3PR
Email: contact@gig-gap.com

GigGap Senegal (Branch), Golf Sud, Hamo 2, Dakar, Sénégal