Gigdesk
Install command
View on GitHub
GuidesPlatform
Log in Request invite → →
Legal

Privacy Policy

Effective: July 17, 2026 Last updated: July 17, 2026

This policy explains what information Gigdesk collects, how we use and protect it, and the specific commitments we make about Google account data when you connect a Gmail inbox to your AI secretary.

Contents

  1. Who we are
  2. Scope of this policy
  3. Data we collect
  4. Google user data & Gmail
  5. Google Limited Use commitment
  6. How we use data
  7. Legal bases
  8. How data is shared
  9. Sub-processors
  10. Data retention
  11. Security
  12. Your rights & choices
  13. Revoking access & deleting data
  14. International transfers
  15. Children
  16. Changes to this policy
  17. Contact us

1.Who we are

Gigdesk (the "Service") is operated by Gigdesk, Inc., a Delaware corporation ("Gigdesk", "we", "us", or "our"). Gigdesk is an operating system for freelancers: workspaces, task queues, portfolios, AI agents, and an optional AI secretary that helps you manage your own email inbox. For our registered address and how to reach us, see our Company & contact page.

For the purposes of applicable data-protection law (including the EU/UK GDPR), Gigdesk is the data controller of the personal data described here, except where we act as a processor on behalf of a client who invites you to a workspace.

2.Scope of this policy

This policy covers the Gigdesk website (gigdesk.cc), the Gigdesk web application, and our APIs. It does not cover third-party services you connect to or reach through Gigdesk, which have their own privacy policies — including Google (Gmail), Dollar Platoon (the gig marketplace and on-chain payouts that power task queues), and any AI model provider whose API key you supply. Links to another site or service are not endorsements, and we are not responsible for their practices.

3.Data we collect

Account data

When you join Gigdesk we collect your email address and a display name (defaulted from your email, editable by you). If you set a password we store it only as a salted hash. Login can be passwordless: we email you a one-time code that expires in 10 minutes and is discarded once used.

Workspace & usage data

Content you create or import — workspaces, project briefs, bookmarks, AI-agent prompts, portfolios, notifications and their tags, invite codes, and connection metadata. If you connect an AI model provider, the API key you enter is stored so your agents can call that provider on your behalf.

Email gateway data

If you connect an email inbox (see Google user data), we process the messages that flow through the gateway so the secretary can read and respond to them, and we keep a limited operational record of gateway activity. Details and retention are in the Data retention section.

Technical data

Standard server logs from our infrastructure provider (IP address, timestamps, request paths, user agent) used to operate and secure the Service. Gigdesk does not run third-party advertising or cross-site tracking cookies; we use only the cookies/local storage strictly necessary to keep you signed in.

4.Google user data & Gmail

The Gigdesk secretary is an optional feature. If you choose to connect a Gmail account, Google shows you a consent screen listing the exact permissions requested. With your authorization, Gigdesk can, on your behalf:

  • Read messages and their metadata in the connected inbox, so the secretary can triage and understand what needs a reply.
  • Compose and send replies and messages that you or your secretary prepare — as your own individual correspondence.
  • Manage labels, drafts, and read/unread state to keep the inbox organized.

We access only the Google data needed to provide the features you turn on. Authorization is granted via Google OAuth and can be revoked at any time (see Revoking access). Within Gigdesk, access to a connected inbox is brokered by revocable gateway tokens, so you can cut off any single integration without disconnecting the whole account.

5.Google Limited Use commitment

Gigdesk's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, in relation to data obtained through Google APIs (including Gmail), Gigdesk does not:

  • use it for serving advertisements, or transfer it to data brokers or for any advertising purpose;
  • sell it, or share or transfer it except to provide or improve the user-facing features you requested, for security or legal compliance, or as part of a merger/acquisition with notice to you;
  • use it to train, fine-tune, or develop generalized or non-personalized AI/ML models; and
  • allow humans to read it, except where you give explicit consent for specific messages, where it is necessary for security or to comply with the law, or where the data has been aggregated and anonymized for internal operations.

Any AI processing of your Gmail data is performed solely to deliver the secretary features to you, on your inbox, at your direction.

6.How we use data

  • To provide, maintain, and secure the Service and your account.
  • To operate the features you enable — workspaces, agents, portfolios, notifications, and the email secretary.
  • To communicate with you about your account, security, and service changes (transactional email).
  • To detect, prevent, and investigate fraud, abuse, and violations of our Terms of Use.
  • To comply with legal obligations and enforce our agreements.

7.Legal bases (EU/UK)

Where GDPR applies, we rely on: performance of a contract (to give you the Service you signed up for); consent (for connecting a Gmail inbox and any optional integrations — you may withdraw it at any time); legitimate interests (to secure and improve the Service, balanced against your rights); and legal obligation (to comply with applicable law).

8.How data is shared

We do not sell your personal data. We share it only:

  • With sub-processors that run the Service under contract (see below), limited to what they need to perform their function.
  • With a client who invited you to a workspace, for the collaboration you both joined — and, conversely, a gigworker you invite can see the resources you shared with them.
  • At your direction, when you connect an integration, forward a message, or hand out a gateway or notification token.
  • For legal reasons, to comply with law, enforce our terms, or protect the rights, safety, and security of users and the public.
  • In a business transfer, as part of a merger, acquisition, or sale of assets, with notice to you consistent with this policy.

9.Sub-processors

We rely on a small set of infrastructure and service providers:

  • Amazon Web Services (AWS) — cloud hosting, storage, and databases (our primary infrastructure).
  • Google LLC — Gmail API, only for inboxes you explicitly connect.
  • Resend — delivery of transactional email such as your login codes.
  • Dollar Platoon — the gig marketplace and on-chain (USDC) payout rails behind task queues.
  • AI model providers you choose — reached with the API key you supply, to power your agents and secretary.

10.Data retention

We keep personal data only as long as needed for the purposes above, then delete or anonymize it. Concretely:

DataRetention
Account & workspace records (profile, workspaces, projects, bookmarks, agents, notifications)Kept for the life of your account; deleted on account deletion or verified request.
One-time login codesExpire after 10 minutes and are deleted immediately on use.
Portfolio / editor image uploadsAutomatically expire 180 days after upload.
Email gateway metadata (sender, recipient, subject, timestamps for filtering)Automatically expires after 90 days.
Email & webhook gateway event records (operational activity log)Automatically expires after 365 days.
Full captured message envelopes (retained for security, abuse-prevention, and support)Automatically expires after 365 days.

If you disconnect a Gmail account, we stop accessing it immediately. We may retain limited records beyond the windows above only where required to comply with law, resolve disputes, or enforce our agreements.

11.Security

Data is encrypted in transit (TLS) and at rest. Storage buckets and databases are encrypted with managed keys, private message captures are not publicly accessible, passwords are stored only as salted hashes, and API and gateway access is scoped to revocable tokens. No system is perfectly secure, but we work to protect your data with industry-standard safeguards and least-privilege access.

12.Your rights & choices

Depending on where you live, you may have rights to access, correct, export, restrict, or delete your personal data, to object to certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and delete, and to not be discriminated against for exercising them — and note that Gigdesk does not sell or "share" personal information as those terms are defined. To exercise any right, contact us using the details in Contact us; we may need to verify your identity first.

13.Revoking access & deleting data

  • Revoke Gmail access at any time from your Google Account under Security → Third-party access, or by disconnecting the inbox inside Gigdesk.
  • Revoke a gateway or notification token inside Gigdesk to cut off a single integration without disconnecting your whole account.
  • Delete your account and data by contacting us; we will delete your personal data except where retention is legally required.

14.International transfers

Gigdesk is operated from the United States and our infrastructure is hosted there. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

15.Children

Gigdesk is not directed to children and is intended for users aged 18 and older. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

16.Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.

17.Contact us

Questions or requests about this policy or your data? Email privacy@gigdesk.cc, or write to us at the address on our Company & contact page. Highlighted fields such as Gigdesk, Inc. are placeholders pending completion of our corporate registration details.

Gigdesk

The operating system for gigworkers selling services via specialized AI agents.

Platform
Marketplace Workspaces Secretary Portfolios
For VAs
Overview Freelancers guide Request invite
Guides
All guides For freelancers For clients
Company
Company & contact Privacy policy Terms of use
© 2026 GIGDESK · BUILT ON DOLLARPLATOON LEGAL