Privacy
Policy
We are committed to protecting your personal data. This Privacy Policy explains how Unlimited Gig Ltd collects, uses, stores, and safeguards the information you share with us.
Compliance
UK GDPR & DPA 2018
Security
PCI-DSS & Encrypted
Your Rights
Full GDPR control
Encrypted
At rest & in transit
No Sale
Data never sold
Transparent
Clear data practices
Privacy Policy
Unlimited Gig Ltd
Introduction & Controller Details
Unlimited Gig Ltd (Company No. 17154502), registered at 66 Paul Street, London, EC2A 4NA, is the data controller responsible for your personal information collected via the Unlimited Gig platform (website and mobile apps).
This Privacy Policy applies to all users of the platform — including Customers who book services and Professionals who offer them. It describes how we collect, process, store, and share your personal data, and explains the rights available to you under UK GDPR and the Data Protection Act 2018.
By creating an account or using the platform, you acknowledge that you have read and understood this Privacy Policy. Where consent is required as a legal basis for processing, we will obtain it explicitly and you may withdraw it at any time without affecting prior processing.
Personal Data We Collect
| Category | Data Types | Source |
|---|---|---|
| Identity | Full name, date of birth, profile photo, government ID (Professionals only) | You, directly |
| Contact | Email address, phone number, home or service address | You, directly |
| Financial | Payment method details (tokenised via Stripe), bank account details for payouts (Professionals), transaction history | You, via Stripe |
| Usage | Booking history, search queries, platform interactions, session duration, device type, IP address | Automatically collected |
| Communications | Messages exchanged on platform, support tickets, reviews and ratings submitted | You, directly |
| Verification | DBS check results, professional certifications, right-to-work documents (Professionals only) | Third-party verification providers |
| Technical | Device identifiers, browser type, operating system, crash logs, cookies and similar technologies | Automatically collected |
We do not collect special category data (as defined under UK GDPR Article 9) unless explicitly required for a specific legal or safety purpose, in which case we will obtain your explicit consent.
How We Use Your Data
To create and manage your account; facilitate bookings between Customers and Professionals; process payments and payouts via Stripe; send booking confirmations, receipts, and service updates; and enable in-app messaging between parties.
To verify the identity and credentials of Professionals (including DBS checks); detect and prevent fraud, abuse, and prohibited conduct; monitor for suspicious activity; and enforce our Terms and Conditions.
To respond to enquiries, complaints, and disputes; investigate platform issues; and improve the resolution process through case history review.
To analyse platform usage patterns, optimise user experience, develop new features, conduct internal research, and improve our matching algorithms and recommendation engine. All analytical processing uses aggregated or pseudonymised data where possible.
With your consent, we may send promotional emails, platform updates, and service recommendations. You may opt out of marketing communications at any time via the unsubscribe link in any email or by updating your notification preferences in the app.
To comply with legal obligations, respond to lawful requests from regulatory or law enforcement authorities, maintain financial records as required by HMRC, and exercise or defend legal claims.
Legal Basis for Processing
The majority of our processing is necessary to perform our contract with you — creating your account, processing bookings, handling payments, and providing platform functionality. Without this processing, we cannot deliver our services.
We process certain data on the basis of our legitimate interests, including fraud prevention, platform security, service analytics, and improvement of our recommendations. We always balance these interests against your rights and freedoms.
Where we send marketing communications or use non-essential cookies, we do so on the basis of your freely given, specific, and informed consent. You may withdraw consent at any time without detriment.
We process certain data to comply with legal obligations, including tax record-keeping under HMRC requirements, responding to court orders, and complying with financial regulations applicable to our business.
Data Sharing & Disclosure
When a booking is made, limited profile information (name, profile photo, service area, ratings) is shared between Customer and Professional to facilitate the service. Full contact details are only shared where strictly necessary for service delivery (e.g. address for on-site services).
We share data with trusted third-party processors who act strictly on our instructions: Stripe (payment processing), Google Firebase (authentication, database, storage), DBS check providers, email delivery services, and customer support tools. All processors are bound by data processing agreements.
We may disclose your personal data to law enforcement, regulators, courts, or other authorities where required by law or to protect the rights, safety, or property of Unlimited Gig, its users, or the public. We will notify you of such disclosures where legally permitted to do so.
We will never sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Data shared with partners is used solely to provide services to you on our behalf.
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified in advance and, where required, given the opportunity to object or delete your data prior to the transfer.
Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & profile data | Duration of account + 30 days post-deletion | Service delivery |
| Transaction & payment records | 7 years from transaction date | HMRC legal requirement |
| Booking history & messages | 3 years from booking date | Dispute resolution & legal claims |
| Marketing preferences & consent logs | Until withdrawal of consent + 1 year | Proof of consent |
| Technical & analytics logs | 13 months | Security monitoring & platform improvement |
| Support & complaint records | 3 years from resolution | Legal claims & quality assurance |
After the applicable retention period, data is securely and permanently deleted or anonymised so it can no longer be attributed to you. Retained data is stored in encrypted, access-restricted archives and is not used for any active processing or commercial purposes.
Your Data Rights
Under UK GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at privacy@unlimitedgig.com. We will respond within 30 days.
Complaint to the ICO: If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Cookies & Tracking Technologies
We use cookies and similar technologies to operate the platform, remember your preferences, and understand how users interact with our services. You can manage your cookie preferences at any time via your browser settings or in-app preferences.
Session cookies are deleted when you close your browser. Persistent cookies remain for the duration specified in our Cookie Policy, which is available in full at unlimitedgig.com/cookies.
Data Security
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption via Google Firebase's infrastructure. Payment data is tokenised and handled exclusively by Stripe's PCI-DSS Level 1 certified systems — we never store raw card numbers on our own servers.
Access to personal data is restricted on a strict need-to-know basis. Internal staff access is logged, monitored, and subject to role-based permissions. Privileged access undergoes multi-factor authentication and regular audit review.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, in accordance with UK GDPR Article 33. We will also notify affected individuals without undue delay where required under Article 34.
You are responsible for keeping your login credentials secure and for any activity on your account. We recommend using a strong, unique password and enabling two-factor authentication where available. Please notify us immediately at support@unlimitedgig.com if you suspect unauthorised account access.
International Data Transfers
Some of our third-party processors (including Google Firebase and Stripe) may process data outside the UK or EEA. We ensure such transfers are protected by appropriate safeguards, including UK Adequacy Regulations, Standard Contractual Clauses (SCCs), and the UK International Data Transfer Agreements (IDTAs) where applicable.
Where technically feasible and where you are a UK-based user, we configure our services to prefer UK and EEA data centre regions. Firebase Firestore data residency is configured to comply with UK GDPR requirements where such regional controls are available.
Children's Privacy
The Unlimited Gig platform is strictly for users aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will take immediate steps to delete that information and close the relevant account.
If you believe a minor has registered on our platform, please contact us immediately at privacy@unlimitedgig.com with relevant details so we can investigate and act promptly.
Third-Party Links & Services
Our platform may contain links to third-party websites or services (for example, links to Professional websites or external resources). Once you leave our platform, this Privacy Policy no longer applies. We have no control over and are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party sites you visit.
Changes to this Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or platform features. The date at the top of this page shows when it was last revised.
We will notify you of any material changes via email at least 14 days before they take effect. For significant changes affecting how we process your data, we may also display a prominent notice on the platform and request renewed consent where required.
Your continued use of the platform after the effective date of an updated Privacy Policy constitutes acceptance of the changes. If you do not agree with any material change, you may close your account prior to the changes taking effect.
Contact Us & Data Protection
For all privacy-related questions, Subject Access Requests, or to exercise any of your data rights, please contact our Data Protection team at privacy@unlimitedgig.com. We aim to respond within 30 calendar days.
For platform, booking, or account queries, contact our support team at support@unlimitedgig.com or through the in-app Help Centre.
Unlimited Gig Ltd — Data Controller
66 Paul Street, London, EC2A 4NA, United Kingdom
Company No. 17154502 | Registered in England & Wales
This Privacy Policy was last updated on 1 May 2026. For privacy questions contact us at
privacy@unlimitedgig.com.
Unlimited Gig Ltd — Company No. 17154502 — 66 Paul Street, London, EC2A 4NA.
