Privacy Policy — Unlimited Gig Ltd
Updated: 1 May 2026

Privacy
Policy

We are committed to protecting your personal data. This Privacy Policy explains how Unlimited Gig Ltd collects, uses, stores, and safeguards the information you share with us.

Compliance

UK GDPR & DPA 2018

Security

PCI-DSS & Encrypted

Your Rights

Full GDPR control

Encrypted

At rest & in transit

No Sale

Data never sold

Transparent

Clear data practices

Privacy Policy

Unlimited Gig Ltd

Section 2.1

Introduction & Controller Details

2.1.1 Who We Are

Unlimited Gig Ltd (Company No. 17154502), registered at 66 Paul Street, London, EC2A 4NA, is the data controller responsible for your personal information collected via the Unlimited Gig platform (website and mobile apps).

2.1.2 Scope

This Privacy Policy applies to all users of the platform — including Customers who book services and Professionals who offer them. It describes how we collect, process, store, and share your personal data, and explains the rights available to you under UK GDPR and the Data Protection Act 2018.

2.1.3 Your Consent

By creating an account or using the platform, you acknowledge that you have read and understood this Privacy Policy. Where consent is required as a legal basis for processing, we will obtain it explicitly and you may withdraw it at any time without affecting prior processing.

Section 2.2

Personal Data We Collect

Category Data Types Source
Identity Full name, date of birth, profile photo, government ID (Professionals only) You, directly
Contact Email address, phone number, home or service address You, directly
Financial Payment method details (tokenised via Stripe), bank account details for payouts (Professionals), transaction history You, via Stripe
Usage Booking history, search queries, platform interactions, session duration, device type, IP address Automatically collected
Communications Messages exchanged on platform, support tickets, reviews and ratings submitted You, directly
Verification DBS check results, professional certifications, right-to-work documents (Professionals only) Third-party verification providers
Technical Device identifiers, browser type, operating system, crash logs, cookies and similar technologies Automatically collected

We do not collect special category data (as defined under UK GDPR Article 9) unless explicitly required for a specific legal or safety purpose, in which case we will obtain your explicit consent.

Section 2.3

How We Use Your Data

2.3.1 Platform Operation

To create and manage your account; facilitate bookings between Customers and Professionals; process payments and payouts via Stripe; send booking confirmations, receipts, and service updates; and enable in-app messaging between parties.

2.3.2 Safety & Verification

To verify the identity and credentials of Professionals (including DBS checks); detect and prevent fraud, abuse, and prohibited conduct; monitor for suspicious activity; and enforce our Terms and Conditions.

2.3.3 Customer Support

To respond to enquiries, complaints, and disputes; investigate platform issues; and improve the resolution process through case history review.

2.3.4 Service Improvement

To analyse platform usage patterns, optimise user experience, develop new features, conduct internal research, and improve our matching algorithms and recommendation engine. All analytical processing uses aggregated or pseudonymised data where possible.

2.3.5 Marketing Communications

With your consent, we may send promotional emails, platform updates, and service recommendations. You may opt out of marketing communications at any time via the unsubscribe link in any email or by updating your notification preferences in the app.

2.3.6 Legal Compliance

To comply with legal obligations, respond to lawful requests from regulatory or law enforcement authorities, maintain financial records as required by HMRC, and exercise or defend legal claims.

⚖️
Section 2.4

Legal Basis for Processing

2.4.1 Contract Performance

The majority of our processing is necessary to perform our contract with you — creating your account, processing bookings, handling payments, and providing platform functionality. Without this processing, we cannot deliver our services.

2.4.2 Legitimate Interests

We process certain data on the basis of our legitimate interests, including fraud prevention, platform security, service analytics, and improvement of our recommendations. We always balance these interests against your rights and freedoms.

2.4.3 Consent

Where we send marketing communications or use non-essential cookies, we do so on the basis of your freely given, specific, and informed consent. You may withdraw consent at any time without detriment.

2.4.4 Legal Obligation

We process certain data to comply with legal obligations, including tax record-keeping under HMRC requirements, responding to court orders, and complying with financial regulations applicable to our business.

Section 2.5

Data Sharing & Disclosure

2.5.1 Between Platform Users

When a booking is made, limited profile information (name, profile photo, service area, ratings) is shared between Customer and Professional to facilitate the service. Full contact details are only shared where strictly necessary for service delivery (e.g. address for on-site services).

2.5.2 Service Providers

We share data with trusted third-party processors who act strictly on our instructions: Stripe (payment processing), Google Firebase (authentication, database, storage), DBS check providers, email delivery services, and customer support tools. All processors are bound by data processing agreements.

2.5.3 Legal Disclosure

We may disclose your personal data to law enforcement, regulators, courts, or other authorities where required by law or to protect the rights, safety, or property of Unlimited Gig, its users, or the public. We will notify you of such disclosures where legally permitted to do so.

2.5.4 No Sale of Data

We will never sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Data shared with partners is used solely to provide services to you on our behalf.

2.5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified in advance and, where required, given the opportunity to object or delete your data prior to the transfer.

Section 2.6

Data Retention

Data Category Retention Period Reason
Account & profile data Duration of account + 30 days post-deletion Service delivery
Transaction & payment records 7 years from transaction date HMRC legal requirement
Booking history & messages 3 years from booking date Dispute resolution & legal claims
Marketing preferences & consent logs Until withdrawal of consent + 1 year Proof of consent
Technical & analytics logs 13 months Security monitoring & platform improvement
Support & complaint records 3 years from resolution Legal claims & quality assurance

After the applicable retention period, data is securely and permanently deleted or anonymised so it can no longer be attributed to you. Retained data is stored in encrypted, access-restricted archives and is not used for any active processing or commercial purposes.

Section 2.7

Your Data Rights

Under UK GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at privacy@unlimitedgig.com. We will respond within 30 days.

👁️
Right of Access
Request a copy of all personal data we hold about you (Subject Access Request).
✏️
Right to Rectification
Request correction of any inaccurate or incomplete personal data.
🗑️
Right to Erasure
Request deletion of your data where there is no overriding legal reason to retain it.
⏸️
Right to Restrict
Request restriction of processing in certain circumstances (e.g. while a dispute is ongoing).
📦
Right to Portability
Receive your data in a structured, machine-readable format to transfer to another provider.
🚫
Right to Object
Object to processing based on legitimate interests or for direct marketing at any time.

Complaint to the ICO: If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

🍪
Section 2.8

Cookies & Tracking Technologies

We use cookies and similar technologies to operate the platform, remember your preferences, and understand how users interact with our services. You can manage your cookie preferences at any time via your browser settings or in-app preferences.

Session cookies are deleted when you close your browser. Persistent cookies remain for the duration specified in our Cookie Policy, which is available in full at unlimitedgig.com/cookies.

Section 2.9

Data Security

2.9.1 Technical Measures

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption via Google Firebase's infrastructure. Payment data is tokenised and handled exclusively by Stripe's PCI-DSS Level 1 certified systems — we never store raw card numbers on our own servers.

2.9.2 Access Controls

Access to personal data is restricted on a strict need-to-know basis. Internal staff access is logged, monitored, and subject to role-based permissions. Privileged access undergoes multi-factor authentication and regular audit review.

2.9.3 Data Breach Response

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, in accordance with UK GDPR Article 33. We will also notify affected individuals without undue delay where required under Article 34.

2.9.4 Your Responsibilities

You are responsible for keeping your login credentials secure and for any activity on your account. We recommend using a strong, unique password and enabling two-factor authentication where available. Please notify us immediately at support@unlimitedgig.com if you suspect unauthorised account access.

Section 2.10

International Data Transfers

2.10.1 Transfer Safeguards

Some of our third-party processors (including Google Firebase and Stripe) may process data outside the UK or EEA. We ensure such transfers are protected by appropriate safeguards, including UK Adequacy Regulations, Standard Contractual Clauses (SCCs), and the UK International Data Transfer Agreements (IDTAs) where applicable.

2.10.2 Data Residency

Where technically feasible and where you are a UK-based user, we configure our services to prefer UK and EEA data centre regions. Firebase Firestore data residency is configured to comply with UK GDPR requirements where such regional controls are available.

🔞
Section 2.11

Children's Privacy

2.11.1 Age Restriction

The Unlimited Gig platform is strictly for users aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will take immediate steps to delete that information and close the relevant account.

2.11.2 Reporting

If you believe a minor has registered on our platform, please contact us immediately at privacy@unlimitedgig.com with relevant details so we can investigate and act promptly.

Section 2.12

Third-Party Links & Services

2.12.1 External Links

Our platform may contain links to third-party websites or services (for example, links to Professional websites or external resources). Once you leave our platform, this Privacy Policy no longer applies. We have no control over and are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party sites you visit.

🔄
Section 2.13

Changes to this Privacy Policy

2.13.1 Updates

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or platform features. The date at the top of this page shows when it was last revised.

2.13.2 Notification

We will notify you of any material changes via email at least 14 days before they take effect. For significant changes affecting how we process your data, we may also display a prominent notice on the platform and request renewed consent where required.

2.13.3 Continued Use

Your continued use of the platform after the effective date of an updated Privacy Policy constitutes acceptance of the changes. If you do not agree with any material change, you may close your account prior to the changes taking effect.

Section 2.14

Contact Us & Data Protection

2.14.1 Privacy Enquiries

For all privacy-related questions, Subject Access Requests, or to exercise any of your data rights, please contact our Data Protection team at privacy@unlimitedgig.com. We aim to respond within 30 calendar days.

2.14.2 General Support

For platform, booking, or account queries, contact our support team at support@unlimitedgig.com or through the in-app Help Centre.

2.14.3 Registered Address

Unlimited Gig Ltd — Data Controller
66 Paul Street, London, EC2A 4NA, United Kingdom
Company No. 17154502 | Registered in England & Wales

This Privacy Policy was last updated on 1 May 2026. For privacy questions contact us at privacy@unlimitedgig.com.
Unlimited Gig Ltd — Company No. 17154502 — 66 Paul Street, London, EC2A 4NA.