Legal
Privacy Policy
Last updated: 2026-05-11
1. Who we are
GigGrab Ltd (“GigGrab”, “we”, “us”) is a voice-first hiring platform registered in England & Wales. We are the data controller for personal data processed through our website, hotline, and voice agent.
Contact: privacy@giggrab.io
2. Data we collect
- Identity & contact: name, mobile phone number, email address, country, language preference.
- Profile data:trade, years of experience, certifications & tickets, recent jobs, location and travel preferences, availability, pay expectations, deal-breakers.
- Call & voice data: audio of your calls with our AI recruiter, transcripts of those calls, call metadata (start/end times, duration, phone number, CallSid).
- Authentication data: Firebase user ID, the identity provider you used (Google, Microsoft, email link, phone), and verification timestamps.
- Technical data: IP address, device type, browser, request logs.
3. How we collect it
- You submit it via our website (e.g. the intake form on /start).
- You speak it during a phone call to our hotline or an outbound call we place to you.
- You speak it via the browser microphone flow at /voice.
- Your authentication provider returns it when you sign in.
4. Why we use it (purposes & legal basis)
| Purpose | Legal basis (UK GDPR Art. 6) |
|---|---|
| Run the intake call and build your CV | Contract — taking steps at your request to provide the service |
| Match you to live job roles | Contract |
| Send you SMS or email with your profile link and matches | Contract; Consent for marketing emails (you can unsubscribe) |
| Authenticate you and secure the service | Legitimate interests — service security and abuse prevention |
| Improve speech recognition and matching quality | Legitimate interests — kept under review; you can object |
| Comply with legal obligations (e.g. fraud, AML, court orders) | Legal obligation |
5. Call recording
Calls to and from our hotline, and conversations through the browser microphone flow, are recorded and transcribed so we can build your profile and surface matches. The agent announces this at the start of every call. If you do not want to be recorded, please end the call.
6. Automated decision-making
We use AI to transcribe your voice, extract a structured profile from the transcript, and rank job matches. Matching ranks are decision support — final hiring decisions are made by employers, not by GigGrab. You have the right to request human review of any automated processing that produces legal or similarly significant effects on you (UK GDPR Art. 22).
7. Who we share data with (subprocessors)
We use the following processors. Each is bound by a written data-processing agreement and is only permitted to use data on our instructions.
| Processor | Purpose | Region |
|---|---|---|
| Twilio | Telephony, SMS, phone verification | EU / US |
| Anthropic (Claude) | Profile extraction, matching reasoning | US |
| Deepgram | Speech-to-text | US |
| Groq | Real-time conversational LLM | US |
| Cartesia | Text-to-speech | US |
| Render | Voice-agent hosting | EU (Frankfurt) |
| Google Cloud / Firebase | API hosting, database, authentication, web hosting | EU (London) / Global |
We do not sell your personal data and we do not share it with employers without your explicit decision to apply.
8. International transfers
Some processors above operate in the United States. Where personal data leaves the UK, we rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, the UK Extension to the EU-US Data Privacy Framework where applicable, or another lawful transfer mechanism.
9. How long we keep it
- Profile data: while your account is active, plus 12 months after your last interaction.
- Call recordings: 90 days, then deleted.
- Transcripts: 24 months from the call.
- Authentication / security logs: 12 months.
You can request earlier deletion at any time (see “Your rights” below).
10. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased (“right to be forgotten”).
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time, where consent is the basis.
- Lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
To exercise any of these, email privacy@giggrab.io. We respond within one month.
11. Cookies
We use only strictly necessary cookies (authentication session, CSRF). We do not use advertising or third-party analytics cookies at this time. If that changes we will update this policy and surface a cookie banner before any non-essential cookie is set.
12. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to a small number of authorised engineers and audit-logged. Our database connections use TLS with strong cipher suites.
13. Children
GigGrab is not directed at children. You must be at least 18 years old, or the legal age to work in your country, to use the service.
14. Changes
We’ll update this policy when our practices change. Material changes are notified by email or prominent in-app notice at least 14 days before they take effect.
15. Contact
Questions, requests, or complaints: privacy@giggrab.io.
See also our Terms of Service.