Working draft — for legal review only
Legal

Privacy Policy

Last updated: June 11, 2026

We know GigShift handles sensitive information — identity documents, biometric verification, and real-time location. This page explains exactly what we collect, why, and the rights you have over it, with extra detail for U.S. state and Canadian provincial privacy laws.
Jump to section

1. Who We Are & Scope

In short

This Privacy Policy explains what personal information GigShift collects from businesses and workers who use the platform and related website (together, the "Platform") — why we collect it, who we share it with, and the choices and rights you have — including rights specific to where you live in the United States or Canada.

GigShift is a product of Compunnel, Inc.("Compunnel," "we," "us," or "our"). GigShift is the technology platform Compunnel uses to operate this informational website and the GigShift mobile application for iOS and Android (collectively, the "Platform"). Accounts are created and managed only in the mobile app — this website does not offer sign-up, sign-in, or any account features. This Policy applies to:

  • Workers — individuals who create a profile in the GigShift app to find, accept, and complete shifts, and who, after completing onboarding with Compunnel, are employed by Compunnel (its Employer of Record) to perform that work.
  • Businesses — companies and their authorized users who post shifts and manage staffing through the Platform.
  • Website visitors — anyone who visits this marketing website. We process only limited technical and analytics data about visitors (see Section 5); the website itself does not collect account information.

Compunnel is the Employer of Record for Workers engaged through the Platform. GigShift is the technology Compunnel uses to deliver the Platform and to manage that employment relationship — including identity verification, scheduling, location/geofencing for time and attendance, performance scoring (the Worker Reliability Score), and payroll. Where this Policy describes those activities, they are performed using GigShift as part of Compunnel's relationship with its Worker-employees.

By creating an account or using the Platform, you acknowledge that your information will be handled as described in this Policy. If you do not agree, please do not use the Platform.

⚠ Attorney review needed

Confirm the exact legal entity name, state of incorporation, and registered business address for Compunnel, Inc. (the Employer of Record and operator of GigShift) before publishing, and confirm whether any separate or affiliated entity should also be named as a party to this Policy.

2. Information We Collect

In short

We collect the information you give us (like your name, contact details, and ID documents), information generated by using the app (like your location during a shift and a short identity-verification selfie), and basic technical data about your device.

2.1 Information you provide to us

  • Account information: name, email address, phone number, password, and profile photo.
  • Identity & verification documents:government-issued ID (driver's license, passport, or work permit), date of birth, and Social Security Number / Social Insurance Number or equivalent tax identifier, used to verify your identity and work eligibility.
  • Work history & qualifications: resume details, certifications, skills, references, and availability (workers); company details, tax ID, and billing contacts (businesses).
  • Payment information: bank account or card details, processed through our payment processors (we do not store full card numbers).
  • Communications: messages you send through the Platform, support requests, and survey responses.

2.2 Information collected automatically

  • Biometric & identity-verification data:a live selfie ("liveness check") and facial geometry data captured during onboarding and at shift clock-in, and data extracted from your ID document via optical character recognition. This data is used solely to confirm you are a real person and that you match your verified identity. Your consent to collect this data is obtained as part of the onboarding flow before any biometric data is captured.
  • Precise location (geolocation) data:GPS location used to (a) show you driving directions and a map route to the worksite ahead of a shift you've accepted, and (b) once you are clocked into a shift, confirm you are at the assigned worksite (geofencing) and, for businesses, provide live shift-coverage visibility. We do not track worker location outside of getting you to, and verifying your presence during, your shifts.
  • Device & usage data: IP address, device identifiers, browser type, operating system, app version, pages viewed, and crash/diagnostic logs.
  • Reliability & performance data: shift attendance, punctuality, ratings, and other metrics used to calculate your Worker Reliability Score.

⚠ Attorney review needed

The standalone Biometric Consent Form referenced above is a separate onboarding document and is not drafted as part of this iteration. Confirm it is finalized and presented to Workers before any biometric data is captured, and that this Privacy Policy's description remains consistent with that document's terms.

2.3 Information from third parties

  • Background check providers: criminal history and employment eligibility results, where permitted by law and with your consent. Background checks are conducted only after you receive and sign the standalone Background Check Disclosure & Authorization required under the Fair Credit Reporting Act (FCRA) and applicable state law, as described in Section 4 of our Terms of Use.
  • Identity verification providers: match/no-match results from document and biometric verification vendors.
  • Payroll, tax, and payment partners: confirmation of payment status and tax-form data (e.g., Form W-2 / T4 details, reflecting Workers' status as Compunnel employees).
  • Businesses you work with: shift feedback, ratings, and incident reports.

2.4 If you don't provide this information

Providing certain information is required to use the Platform. If you do not provide the identity, verification, work-eligibility, or payment information described above — and, for Workers, the profile photo and skills required to complete onboarding — we may not be able to verify you, and you may not be able to create an account, accept shifts, post shifts, or receive payment. Some information (such as marketing preferences) is optional and will not affect your ability to use core Platform features.

3. How We Use Your Information

In short

We use your information to run the Platform — matching workers with shifts, verifying identity and eligibility, processing payments, keeping the Platform safe, and meeting legal obligations like background-check and tax laws.

GigShift provides the features below to keep the Platform safe, trustworthy, and reliable for everyone who uses it. For Workers — who are Compunnel's employees — features such as identity verification, scheduling, geofencing/location during shifts, the Worker Reliability Score, and payroll also support Compunnel's management of its employment relationship, which is what gives Compunnel the basis to process that information about its Worker-employees.

  • Create and manage your account and verify your identity and eligibility to work.
  • Match workers to relevant shifts and businesses to available, verified workers.
  • Operate geofencing and live shift-tracking features.
  • Calculate Worker Reliability Scores and provide ratings/feedback between workers and businesses.
  • Process payments, generate invoices, and issue required tax documents.
  • Provide customer support and respond to your requests.
  • Send service notifications (shift confirmations, schedule changes, payment receipts) and, where you've opted in, marketing communications.
  • Detect, investigate, and prevent fraud, abuse, safety incidents, and violations of our Terms of Use.
  • Comply with background-check, employment-eligibility, wage-and-hour, tax, and other applicable laws in the U.S. and Canada.
  • Improve and develop the Platform, including through aggregated and de-identified analytics.

We do not use biometric data for any purpose other than identity verification and shift clock-in confirmation, and we do not sell biometric data.

4. How We Share Your Information

In short

We share information only as needed to run the Platform: with the businesses or workers on the other side of a shift, with service providers who help us operate (background checks, payments, hosting), and when required by law. We do not sell your personal information to third parties for their own marketing.

  • Between workers and businesses:when a worker accepts a shift, the business receives the worker's name, profile photo, contact details, verification status, and reliability score. Workers receive the business name, shift location, and point-of-contact details.
  • Service providers: identity-verification vendors, background-check providers, cloud hosting (e.g., Microsoft Azure), payment processors, customer-support tools, and analytics providers — each bound by contract to use your data only to provide services to us. Certain AI-powered features of the Platform — including job description drafting, skills screening, job requirement question generation, and dress code generation — are processed by Eximius AI, a third-party AI provider engaged by Compunnel; Eximius AI processes only the data necessary to deliver these features and is bound by contract to use that data solely for that purpose.
  • Legal & safety: when required to comply with law, respond to legal process, or to protect the rights, property, or safety of Compunnel, GigShift, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
  • With your consent: for any other purpose disclosed to you at the time of collection.

5. Cookies & Tracking Technologies

In short

Our website uses cookies and similar technologies for things like keeping you logged in, remembering preferences, and understanding how visitors use the site. You can control most cookies through your browser settings.

  • Essential cookies: required for login, security, and core site functionality.
  • Performance & analytics cookies: help us understand how the site is used so we can improve it.
  • Preference cookies: remember choices like language or display settings.

Where required by law, we will request your consent before placing non-essential cookies and provide a way to manage your preferences.

6. Data Retention

In short

We keep your information for as long as your account is active and for as long as needed to meet legal, tax, and record-keeping requirements afterward.

  • Account and profile data: retained while your account is active and for a limited period after closure to handle disputes and legal obligations.
  • Identity verification and background-check records: retained as required by applicable employment-eligibility, wage-and-hour, and recordkeeping laws.
  • Payment and tax records: retained for the period required by tax authorities (typically several years).
  • Location/geofence data: retained for the period needed for shift verification, payroll, and dispute resolution, after which we delete or de-identify it.

We are continuing to build automated tooling to apply these retention periods on a scheduled basis across all of the markets we serve. In the meantime, you can ask us to delete your information at any time as described in Sections 8 and 14, and we will do so except where we are required to retain it (for example, payroll, tax, and background-check records).

7. How We Protect Your Information

In short

We use industry-standard technical and organizational safeguards — encryption, access controls, and monitoring — to protect your information. No system is 100% secure, so we also ask you to use a strong password and keep it confidential.

  • Encryption of data in transit (TLS) and at rest for sensitive fields, including biometric and identity data.
  • Role-based access controls limiting employee access to personal information on a need-to-know basis.
  • Regular security reviews of our infrastructure and third-party providers.
  • Incident-response procedures, including notification to affected users and regulators where required by law.

8. Your Privacy Choices & Rights

In short

Depending on where you live, you generally have the right to access, correct, download, or delete your personal information, and to opt out of certain uses. Section 9 (U.S.) and Section 10 (Canada) below describe additional rights specific to your state or province.

  • Access & portability: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: request deletion of your account and associated personal information, subject to legal retention requirements (e.g., tax and background-check records).
  • Marketing opt-out: unsubscribe from marketing emails at any time using the link in those emails, or by adjusting your notification settings in the app.
  • Withdraw consent: where we rely on your consent (e.g., biometric verification or location tracking), you may withdraw it — though this may limit your ability to use certain Platform features, such as shift clock-in.
  • Non-discrimination: we will not deny you services, charge you a different price, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, contact us using the details in Section 15. We will verify your identity before fulfilling your request and respond within the timeframe required by applicable law.

If we deny a request, in whole or in part, you may appeal that decision by replying to our response or contacting us using the details in Section 15. We will review the appeal and respond within the timeframe required by applicable law, and will explain how to escalate the matter to a state or provincial regulator if your appeal is denied.

9. Notice for U.S. State Residents

In short

Several U.S. states give residents specific privacy rights. Because GigShift collects biometric data (face-scan liveness checks) and precise location data, the laws below are especially relevant — please read the box for your state.

California — CCPA / CPRA

California residents have the right to:

  • Know what categories of personal information (including sensitive personal information such as biometric identifiers, precise geolocation, and government ID numbers) we collect, use, and disclose.
  • Request access to and deletion of personal information, and correction of inaccurate information.
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. GigShift does not sell personal information and does not share it for cross-context behavioral advertising. Where we use analytics or advertising cookies that would be subject to an opt-out, we honor browser-based opt-out preference signals (such as Global Privacy Control) as that support becomes available on our website.
  • Limit the use and disclosure of sensitive personal information to what is necessary to provide the Platform (e.g., identity verification, geofencing).
  • Not be discriminated against for exercising these rights.

To submit a CCPA/CPRA request, see Section 15 (Contact Us). You may also designate an authorized agent to submit a request on your behalf.

Because Workers are employees of Compunnel (the Employer of Record) rather than independent contractors, some of the information described in this Policy may constitute "employment-related personal information" under California law. CCPA/CPRA rights generally extend to employees, though some exemptions and timing rules differ for HR-related data.

⚠ Attorney review needed

Confirm how California's employee-privacy provisions under the CCPA/CPRA (including any "Notice at Collection for Employees" obligations) apply to Compunnel, Inc. as the Employer of Record, and whether a separate employee-facing privacy notice is required in addition to this Policy.

Biometric Privacy Laws — Illinois (BIPA), Texas (CUBI), Washington

GigShift captures a brief facial scan ("liveness check") during onboarding and shift clock-in, and processes facial geometry from your government ID. If you are a resident of Illinois, Texas, or Washington, the following applies:

  • We will obtain your written consent before collecting biometric identifiers or biometric information.
  • We will provide notice of the purpose and length of time biometric data will be collected, stored, and used.
  • Biometric data is stored using reasonable security measures and is not sold, leased, traded, or otherwise profited from.
  • Biometric data is permanently destroyed when the initial purpose for collection has been satisfied or, at the latest, within the period required by applicable law (e.g., 3 years of your last interaction with the Platform under Illinois BIPA).

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) and other comprehensive privacy law states

If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state with a comprehensive consumer privacy law, you generally have the right to:

  • Confirm whether we process your personal data and access that data.
  • Correct inaccuracies and request deletion of your personal data.
  • Obtain a portable copy of your data.
  • Opt out of targeted advertising and the sale of personal data (GigShift does not sell personal data or use it for targeted advertising).
  • Request additional information about, and a human review of, automated decisions that produce legal or similarly significant effects — including how the Worker Reliability Score affects which shifts you can see or accept — and appeal the outcome using the process described in our response to your request.
  • Appeal a decision regarding your privacy request (where applicable, using the appeal process described in our response to your request).

All other U.S. states

Even if your state does not yet have a comprehensive privacy law, GigShift applies the same core practices nationwide: we do not sell your personal information, we limit use of biometric and location data to identity verification and shift operations, and we will honor reasonable requests to access or delete your information as described in Section 8.

10. Notice for Canadian Residents

In short

GigShift complies with Canadian federal privacy law (PIPEDA) and applicable provincial laws, including Quebec's Law 25. Canadian users have rights to access, correct, and request deletion of their information, and additional protections around automated decision-making and biometric data.

PIPEDA (federal)

  • We collect, use, and disclose personal information only with consent (or as otherwise permitted by law) and only for purposes a reasonable person would consider appropriate.
  • You may access your personal information, challenge its accuracy, and request correction.
  • You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
  • Concerns can be directed to our Privacy Officer (Section 15) or to the Office of the Privacy Commissioner of Canada.

Quebec — Law 25 (Bill 64)

  • We maintain a designated person responsible for the protection of personal information (our Privacy Officer, Section 15).
  • Where GigShift uses automated decision-making that affects you (for example, certain elements of shift matching or the Worker Reliability Score), you may request information about the personal information used, the reasons and main factors leading to the decision, and the right to have that information corrected.
  • You have the right to data portability for personal information you have provided, in a structured, commonly used technological format, where technically feasible.
  • A privacy impact assessment is conducted for projects involving sensitive data such as biometric identity verification.

Alberta & British Columbia — PIPA

For users in Alberta and British Columbia, GigShift's collection, use, and disclosure of personal information (including any employee personal information collected for staffing purposes) is conducted in accordance with each province's Personal Information Protection Act, including providing notice of purposes for collection and reasonable access/correction rights.

⚠ Attorney review needed

The EOR structure for Canadian Workers (i.e., whether Compunnel, Inc., a Canadian affiliate, or a separate Canadian EOR partner serves as the employer for Workers in Canada) needs separate confirmation with counsel. This may affect which entity is the "organization" for purposes of PIPEDA, Quebec Law 25, and the provincial PIPA statutes referenced above. The substantive analysis in the PIPEDA, Quebec Law 25, and Alberta/BC PIPA cards above is not changed by the U.S. EOR decision and remains to be reviewed separately.

11. Children's Privacy

In short

GigShift is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18.

The Platform is not directed to individuals under the age of 18, and workers must meet the minimum legal working age in their jurisdiction. If we learn that we have collected personal information from someone under 18, we will take steps to delete it promptly.

12. Cross-Border Data Transfers (U.S. & Canada)

In short

GigShift operates in both the United States and Canada, and your information may be stored or processed in either country, with appropriate safeguards in place.

Because GigShift provides services to businesses and workers in both the U.S. and Canada, personal information may be transferred between, and stored in, data centers located in either country. Where required by Canadian law (including Quebec Law 25), we conduct an assessment to confirm that information transferred outside Canada receives a comparable level of protection, and we use contractual safeguards with our service providers accordingly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this page, and your continued use of the Platform after an update takes effect means you accept the revised Policy. Where a change is material and the law requires it, we will also provide notice — for example, by email or through an in-app notice — before the change takes effect.

14. How to Delete Your Account

In short

You can permanently delete your GigShift account directly from the app — no need to contact support. Go to Profile → Delete Account, confirm, and your account is deleted immediately.

In the GigShift app

  1. Open the GigShift app and go to your Profile tab.
  2. Tap Delete Account (near Sign out).
  3. Review what happens, optionally tell us why you're leaving, then tap Delete My Account.
  4. Confirm by tapping Delete in the dialog that appears.

Once confirmed, your account is deleted immediately: your profile, account details, and activity history are removed, and you are signed out of this device. This action is irreversible — to use GigShift again, you'll need to create a new account.

What gets deleted, and what we keep

  • Deleted immediately: your profile information, login credentials, and account details.
  • Retained for a limited time, as required by law:payroll and tax records, background-check results, and shift/timecard history connected to completed work — kept only for the periods described in Section 6 (Data Retention), which, for Workers, reflect Compunnel's recordkeeping obligations as Employer of Record (e.g., payroll, tax, and employment records), then deleted or de-identified.

Can't access the app?

If you're unable to use the in-app option, you can request deletion by emailing our Privacy Office at the address in Section 15 (Contact Us). We will verify your identity and process the request within the timeframe required by applicable law.

15. Contact Us

In short

Questions, requests to access/correct/delete your data, or privacy complaints can be sent to our Privacy Officer using the details below.

GigShift Privacy Office (operated by Compunnel, Inc.)
Email: gigshift-privacy@compunnel.com
Mail: 4390 Route 1 North, Suite 302, Princeton, NJ 08540, USA

Canadian residents may also contact the Office of the Privacy Commissioner of Canada, and California residents may also contact the California Privacy Protection Agency, if you believe your privacy rights have not been adequately addressed.