Privacy Policy

This Privacy Policy is published in multiple languages for your convenience. The English language version is the legally binding document. All other language versions are provided for reference purposes only and are not legally binding.

In the event of any conflict or discrepancy between the English version and any translation, the English version shall prevail and govern.

If you have questions about specific terms, please refer to the English version or contact support@gigzoro.com for clarification.

Effective: March 24, 2026

Controller: GigZoro LLC ("GigZoro") – www.GigZoro.com – support@gigzoro.com

This is a plain‑English overview. The legally binding details are set out below.

We collect contact and account details, identity and verification data, payment and transaction data, device and usage data, photo evidence including GPS coordinates and device metadata, communications, and Provider qualifications.

We use this information to operate the Platform, process bookings and payouts, prevent and detect fraud, provide AI-assisted features, personalize and improve the experience, support users, and comply with law.

We share information with Providers and Customers to fulfill bookings, with service providers acting on our instructions, and with authorities where required. GigZoro personnel may access customer-provider messages and photos for support, fraud prevention, and dispute resolution. We do not sell personal information.

Your controls include access, correction, deletion (subject to limitations for photo evidence), portability, objection or restriction in some cases, consent withdrawal where used, and opt‑outs for sale/share and targeted ads where applicable.

GigZoro LLC is the controller for personal information processed in connection with the Platform (www.GigZoro.com and our mobile applications). This notice applies to use of the Platform by Customers, Providers, visitors, and administrative personnel.

For payment services or certain Provider features, a GigZoro Payments or Provider Services entity may act as controller for those activities depending on your region and the specific service.

Identifiers and account data (name, email, phone, address, account settings, profile details).

Identity and verification data where permitted or required (for example government ID details, date of birth, verification selfies).

Payment and transaction data (payment instrument details, billing information, transaction amounts, payout information).

Device and usage data (IP address, device identifiers, app and browser events, diagnostics and crash logs, cookies and similar technologies).

Photo and media data: When you upload photos for rental check-in/check-out documentation, we automatically extract and store EXIF metadata embedded in your images, including GPS coordinates (latitude, longitude, altitude), timestamp of photo capture, device manufacturer and model, camera software version, and image dimensions and orientation. This metadata is stored separately from the visible photo content and is used for fraud prevention and dispute resolution.

Communications and support interactions: All messages exchanged through the Platform between Customers and Providers, including chat conversations, support tickets, and inquiry messages. Message content is stored in plaintext and may be processed by automated translation services to facilitate cross-language communication. GigZoro personnel have access to these communications for support, fraud prevention, dispute resolution, and platform safety purposes.

IP addresses and session data: Your IP address is logged when you access the Platform, send messages, or submit forms. This data is used for security, fraud prevention, and to comply with legal requirements.

For Providers, qualifications, licenses, and compliance information relevant to listings.

Sensitive data: we do not intentionally seek sensitive categories; if you choose to share such information, we will rely on consent or another lawful basis where required.

When you participate in equipment rental transactions, you may be asked to take photos for check-in and check-out documentation. These photos serve as evidence of equipment condition and are critical to our Rental Protection Program.

Photo Metadata Collection: For each photo captured through our Platform, we automatically extract and store the following metadata: (a) GPS coordinates (latitude, longitude, and altitude if available); (b) Capture timestamp from your device; (c) Device manufacturer and model; (d) Camera software version; (e) Image dimensions and orientation. This metadata is extracted using industry-standard EXIF data parsing.

Purpose: Photo metadata is collected exclusively for fraud prevention, dispute resolution, and verification of equipment condition claims. It helps establish when and where photos were taken, which is essential for processing damage claims fairly.

Photo Deletion: You may delete photos you have uploaded within 15 minutes of upload. After this 15-minute grace period, photos become locked and cannot be deleted by users. This limitation exists because photos serve as legal evidence for potential insurance claims and disputes. The seven-year retention period aligns with the statute of limitations for contract claims under Arizona law (A.R.S. § 12-548) and most other U.S. jurisdictions.

Access: Photos and associated metadata are accessible to: (a) The customer who uploaded them; (b) The provider associated with the rental; (c) GigZoro staff for dispute resolution, fraud investigation, and claims processing. Photos are stored in secure cloud storage with access controls.

Metadata Visibility: While photos are visible to both transaction parties, the extracted metadata (GPS coordinates, device information) is not displayed to users and is accessible only to GigZoro personnel for administrative and fraud prevention purposes.

Storage Location: Photos are stored in Azure Blob Storage with the following path structure: {orderId}/{lineItemId}/photos/{role}/{photoType}/. Metadata is stored as separate JSON files alongside each photo.

Operate, maintain, and improve the Platform; enable listings, bookings, messaging, payments, and Provider payouts; provide AI-assisted product search, content generation, and translation services; and personalize features and communications.

Authenticate users; detect, investigate, and prevent fraud, abuse, and security incidents; verify photo evidence authenticity using GPS and device metadata; enforce our Terms and policies; and protect the rights, safety, and property of users and GigZoro.

Comply with legal obligations including tax, anti‑money laundering, insurance claim documentation, and recordkeeping; respond to lawful requests; and handle disputes.

Conduct analytics, testing, and quality assurance to improve performance, reliability, and user experience.

We process personal information under these bases: contract (to provide the Platform and bookings), legitimate interests (such as security, fraud prevention, service improvement, and certain communications, subject to balancing), legal obligations (such as tax and AML), and consent where required (for example certain marketing or cookies). You may withdraw consent at any time without affecting prior processing.

With Providers and Customers as needed to fulfill a booking or support a service interaction.

With service providers acting on our instructions, including payment processors, hosting and cloud infrastructure, analytics, customer support, security providers, and AI service providers (Azure OpenAI for product search, translation, and content assistance).

With authorities, advisors, or third parties when required by law, to protect rights or safety, or in connection with a corporate transaction.

Platform Communications: GigZoro personnel may access, review, and respond to customer-provider chat messages and support tickets. This access is used for: (a) Providing customer support when requested; (b) Investigating fraud, abuse, or policy violations; (c) Resolving disputes between customers and providers; (d) Ensuring platform safety and compliance. GigZoro may, at its discretion, participate in chat threads as a third party to provide assistance, mediate disputes, or communicate important platform information.

We do not sell personal information. We may share aggregated or de‑identified information for research, benchmarking, or marketing consistent with your choices.

The Platform provides messaging features that allow Customers and Providers to communicate directly. All messages sent through the Platform are subject to monitoring and are not private end-to-end encrypted communications.

What We Collect: Message content (original text and any translations), sender and recipient identifiers, timestamp of each message, IP address from which messages are sent, and read receipt status.

Automatic Translation: Messages may be automatically translated using Azure Translator services to facilitate communication between users who speak different languages. Both the original message and the translated version are stored and displayed to recipients.

GigZoro Access: GigZoro staff have full access to all customer-provider messages through our administrative systems. Staff may read message content for: (a) Responding to support requests; (b) Investigating reported issues or policy violations; (c) Fraud prevention and detection; (d) Dispute resolution and evidence gathering. GigZoro staff may also respond directly in chat threads when necessary to resolve issues or provide platform-related information.

Message Retention: Chat messages between users are retained for two (2) years after the conversation ends, or for seven (7) years if the messages are associated with a booking that has an active or potential dispute, insurance claim, or legal hold. After the applicable retention period, messages are automatically deleted from our systems. You may request deletion of your chat messages at any time by contacting us at support@gigzoro.com or through your account settings. Deletion requests will be fulfilled within 30 days, subject to legal retention obligations.

Support Tickets: Support conversations follow similar practices. All support ticket content, including attachments and responses, is accessible to GigZoro support staff and may be used for training, quality assurance, and service improvement.

GigZoro uses artificial intelligence (AI) and machine learning technologies to enhance Platform functionality and user experience. This section describes how AI is used and how your data interacts with AI systems.

AI-Powered Features: We use AI for: (a) Product search and recommendations (GigZoro Assistant); (b) Provider content generation (descriptions, policies, pricing suggestions); (c) Message translation between customers and providers; (d) FAQ and policy information retrieval; (e) Provider onboarding assistance.

Data Sent to AI: When you use AI features, the following data may be sent to our AI service providers: Your query or search terms, your preferred language, your general location (country, state, city) if relevant to search, and contextual information about your request. We do NOT send personal identifiers, payment information, or sensitive account data to AI systems.

AI Service Provider: AI features are powered by Azure OpenAI Service (GPT-4o-mini model). Your queries are processed through a secure Azure Function and are not used to train AI models. Microsoft's data processing terms apply to AI-processed data.

No Automated Decision-Making: AI is used as an assistive tool only. AI does not make binding decisions about: insurance claim approvals or denials, account suspensions or terminations, payment processing or refunds, or dispute resolutions. All such decisions are reviewed and made by human personnel.

AI-Generated Content Disclosure: When providers use AI to generate product descriptions, policies, or other content, this content is presented to providers for review and approval before publication. Providers remain responsible for all published content, whether AI-assisted or manually created.

Data Retention for AI: Queries sent to AI services are not retained by the AI provider after processing. Request logs may be retained by GigZoro for up to 30 days for debugging and service improvement purposes, after which they are automatically deleted.

GigZoro uses cookies and similar technologies (pixels, web beacons, local storage) to operate the site, remember preferences, analyze usage, and serve relevant content. Categories of cookies used include:

Strictly Necessary: Required for site functionality (session management, security). Cannot be disabled.

Performance/Analytics: Help us understand how visitors interact with the site (e.g., usage analytics).

Functional: Enable enhanced features and personalization.

Targeting/Advertising: Used to deliver relevant ads and track campaign effectiveness.

You can manage your cookie preferences at any time through our cookie consent banner or by adjusting your browser settings.

Do Not Track Signals. Some web browsers transmit 'Do Not Track' (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, the Platform does not currently alter its data collection or use practices in response to DNT signals. We do honor Global Privacy Control (GPC) signals as described in the 'US Do Not Sell or Share and Targeted Ads' section.

GigZoro collects precise geolocation data only with your explicit opt-in consent. You will be prompted to grant location access before any GPS data is collected. You may revoke consent at any time through your device settings or by contacting us.

When consent is revoked, we will cease collecting precise geolocation data, though approximate location based on IP address may still be used for basic service functionality (e.g., showing listings in your area).

We do not sell personal information. Where our use of advertising or analytics constitutes "sharing" for cross‑context behavioral advertising or targeted advertising under state privacy laws, you may opt out using available controls or by contacting support. We honor required opt‑out preference signals where applicable.

GigZoro may send you service-related emails (booking confirmations, account notifications, security alerts) and, with your consent, promotional or marketing emails about Platform features, offers, and updates.

Unsubscribe: You may opt out of promotional emails at any time by clicking the 'unsubscribe' link at the bottom of any marketing email or by updating your email preferences in your account settings. Opt-out requests are processed within ten (10) business days. Opting out of promotional emails does not affect service-related communications necessary for the operation of your account.

All commercial emails from GigZoro include: the sender's identity (GigZoro LLC), a valid physical mailing address, and a functioning unsubscribe mechanism, in compliance with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.).

Depending on your location, you may have rights to request access, correction, deletion, and portability; to object to or restrict certain processing; to withdraw consent where processing is based on consent; and to appeal a denial. California and other US state laws may also provide opt‑outs for sale/share and targeted advertising.

Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used, machine-readable format (e.g., CSV or JSON). To request a data export, contact us at support@gigzoro.com. We will fulfill your request within 45 days.

Photo Evidence Limitations: Due to the evidentiary nature of rental documentation photos, your right to deletion is limited for photo data. You may delete photos within 15 minutes of upload. After this period, photos are locked and cannot be deleted until the standard retention period expires (7 years after rental end date). This limitation is necessary to preserve evidence for potential insurance claims and dispute resolution. If you believe photos were uploaded in error or contain inappropriate content, please contact support@gigzoro.com.

You can exercise rights through in‑product privacy controls or by contacting support@gigzoro.com. We may request information to verify your identity. We will not discriminate for exercising your rights.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected: Identifiers (name, email, phone, account ID) - Collected: Yes, Sold: No, Shared for Cross-Context Behavioral Advertising: No. Commercial information (transaction history, rental records) - Collected: Yes, Sold: No, Shared: No. Internet/network activity (browsing history, search history, interaction with site) - Collected: Yes, Sold: No, Shared: No. Geolocation data (GPS, IP-based location) - Collected: Yes (with consent), Sold: No, Shared: No. Professional/employment information (job title, employer if collected) - Collected: No, Sold: No, Shared: No. Inferences (profiles reflecting preferences, behavior) - Collected: Yes, Sold: No, Shared: No. Sensitive personal information (precise geolocation, account login credentials) - Collected: Yes (with consent), Sold: No, Shared: No.

Sources of Personal Information: We collect personal information from the following categories of sources: (a) directly from you (account registration, bookings, uploads, messages); (b) automatically from your device (cookies, usage data, IP address); (c) from third-party service providers (payment processors, identity verification services); and (d) from other users (provider reviews, dispute submissions).

Your California Consumer Rights: Right to Know - Request disclosure of the categories and specific pieces of personal information collected, sources, purposes, and third parties with whom personal information is shared. Right to Delete - Request deletion of personal information collected from you, subject to legal exceptions. Right to Correct - Request correction of inaccurate personal information. Right to Opt-Out of Sale/Sharing - Direct us to stop selling or sharing your personal information. Right to Limit Use of Sensitive Personal Information - Direct us to limit use of sensitive personal information to specified purposes.

Non-Discrimination: GigZoro will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest any of these will occur because you exercised a privacy right.

Financial Incentives: GigZoro does not currently offer financial incentives related to the collection of personal information.

Authorized Agent: You may designate an authorized agent to make a CCPA/CPRA request on your behalf. To do so, provide the agent with written, signed permission and verify your identity directly with us, or the agent must provide a power of attorney.

How to Submit Requests: You may submit CCPA/CPRA requests by emailing privacy@gigzoro.com or by writing to GigZoro LLC, Attn: Privacy Requests, 4539 N. 22nd St, Suite 6052, Phoenix, AZ 85016. We will verify your identity before fulfilling any request by matching information you provide against our records. We will respond to verifiable requests within 45 calendar days. If additional time is needed (up to 45 more days), we will notify you in writing.

Residents of certain other U.S. states have additional privacy rights under their respective state laws. These include:

Virginia Consumer Data Protection Act (VCDPA): Virginia residents have the right to access, correct, delete, obtain a copy (data portability), and opt out of targeted advertising, sale of personal information, and profiling. Appeal process: If we deny your request, you may appeal by contacting us at privacy@gigzoro.com. We will respond to appeals within 60 days.

Colorado Privacy Act (CPA): Colorado residents have the same core rights as Virginia residents, including the right to opt out of targeted advertising, sale of personal information, and profiling. We recognize universal opt-out mechanisms.

Connecticut Data Privacy Act (CTDPA): Connecticut residents have the same core rights as Virginia residents, including the right to opt out of targeted advertising, sale of personal information, and profiling.

Texas Data Privacy and Security Act (TDPSA): Texas residents have the right to access, correct, delete, obtain a copy, and opt out of targeted advertising, sale of personal information, and profiling.

Oregon Consumer Privacy Act (OCPA): Oregon residents have the right to access, correct, delete, obtain a copy, and opt out of targeted advertising, sale of personal information, and profiling. Oregon residents also have the right to obtain a list of specific third parties to whom their data has been disclosed.

Montana Consumer Data Privacy Act (MCDPA): Montana residents have the right to access, correct, delete, obtain a copy, and opt out of targeted advertising, sale of personal information, and profiling.

For all states: You may submit requests by emailing privacy@gigzoro.com or writing to GigZoro LLC, Attn: Privacy Requests, 4539 N. 22nd St, Suite 6052, Phoenix, AZ 85016. Response timelines are generally 45 days, extendable per statute. If we deny your request, you may appeal by contacting privacy@gigzoro.com. We will respond to appeals within the timeframe specified by your state's law.

In the event of a data breach involving your personal information, GigZoro will: (1) Notify affected users within 72 hours of confirming the breach, via email and/or in-app notification; (2) Notify applicable state Attorneys General as required by state law; (3) Provide a description of the breach, the categories of information involved, steps taken to mitigate harm, and recommended protective actions; (4) Offer identity monitoring or credit monitoring services where appropriate, based on the nature of the breach; (5) For users located in the European Economic Area or United Kingdom, notify the relevant supervisory authority within 72 hours of confirming the breach, as required by GDPR Article 33 and UK GDPR Article 33.

For questions about our security practices, contact us at privacy@gigzoro.com.

GigZoro is based in the United States. If you access the Platform from outside the U.S., your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data receives an adequate level of protection.

We conduct Transfer Impact Assessments (TIAs) to evaluate the legal framework of destination countries and implement supplementary measures where necessary to ensure an adequate level of protection for transferred data.

By using the Platform, you acknowledge and consent to the transfer and processing of your information as described in this Privacy Policy.

We retain personal information for different periods depending on the type of data and applicable legal requirements. Below are our standard retention periods:

Account Profile Data: Retained for the duration of your account plus 7 years after account closure to comply with tax and legal requirements. You may request deletion earlier subject to legal retention obligations.

Transaction Records & Orders: Retained for 7 years after the transaction date for tax compliance, financial auditing, and legal requirements. Order details, payment records, and invoices fall under this category.

Chat Messages & Communications: Retained for two (2) years after the conversation ends, or seven (7) years if associated with a booking that has an active dispute, insurance claim, or legal hold. Messages may be preserved after account deletion for dispute resolution, fraud prevention, and legal compliance purposes.

Photo Evidence (Check-in/Check-out): Retained for 7 years after the rental end date. Photos serve as legal evidence for insurance claims and disputes. GPS metadata and EXIF data are retained for the same period as the associated photos.

Geolocation Data: Precise GPS data collected during active sessions is retained for ninety (90) days for security and troubleshooting purposes, after which it is automatically deleted. Geolocation metadata extracted from photo evidence follows the Photo Evidence retention schedule (7 years after rental end date).

Support Tickets: Retained for 5 years after ticket closure for quality assurance, legal compliance, and dispute reference purposes.

Server Logs: Retained for ninety (90) days for security auditing, debugging, and fraud prevention, after which they are automatically deleted.

Push Notification Subscriptions: Active subscriptions are retained until you unsubscribe or your subscription expires. Expired subscriptions are automatically removed.

Notification History: In-app notifications expire and are automatically deleted 30 days after creation.

AI Interaction Logs: Queries to AI services are logged for up to 30 days for debugging purposes, then automatically deleted. The AI service provider does not retain your queries after processing.

Security & Access Logs: IP addresses, login events, and security logs are retained for 2 years for security auditing and fraud prevention.

Marketing Preferences: Retained for the duration of your account.

Anonymous & Aggregated Data: De-identified statistical data may be retained indefinitely for research, analytics, and service improvement.

Legal Hold: Any data subject to a legal hold, litigation, or regulatory investigation will be retained until the matter is resolved, regardless of standard retention periods.

After the applicable retention period, data is securely deleted or anonymized.

GigZoro uses the following categories of third-party service providers to process personal information on our behalf:

Cloud Hosting and Infrastructure: Microsoft Azure - Data storage, compute, blob storage, and serverless functions.

Payment Processing: Stripe, Inc. - Transaction processing, payouts, and financial compliance.

Analytics: Usage analytics to understand how visitors interact with the Platform.

AI Services: Azure OpenAI Service - Product search, content generation, translation assistance.

Maps and Location: Azure Maps - Geographic mapping, geocoding, and location services.

Identity and Authentication: Azure Active Directory B2C - User identity management and authentication.

CRM and Business Data: Microsoft Dynamics 365 Dataverse - Provider business data management.

A current list of subprocessors is available upon request at privacy@gigzoro.com.

Data Processing Agreements. GigZoro maintains Data Processing Agreements with its subprocessors to ensure appropriate safeguards for personal data. Providers who act as data controllers for their own customer data may request a DPA governing GigZoro's processing activities by contacting legal@gigzoro.com.

We employ administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest where appropriate, access logging, vetting of service providers, and periodic reviews of our controls. No method of transmission or storage is perfectly secure.

The Platform is not directed to children under 13, or under 16 in certain regions. We do not knowingly collect personal information from children. If you believe a child has provided information, contact us to request deletion.

We may update this notice from time to time. When we make changes, we will post the revised version and update the "Last Updated" date. Your continued use of the Platform after changes take effect means you accept the updated notice.

Questions or requests about this policy or your personal information can be sent to support@gigzoro.com or privacy@gigzoro.com.

GigZoro LLC, Attn: Privacy Requests, 4539 N. 22nd St, Suite 6052, Phoenix, AZ 85016.