GigPrivacy Policy
This policy explains how we handle personal information on this Platform (gigz.co.za). We try to collect as little as necessary and be clear about what we do with what we keep.
1. Who we are
CDSoft Ltd is a South African company. We operate this Platform and are the responsible party under the Protection of Personal Information Act 4 of 2013 (POPIA).
Contact: legal@hasslebot.co.za
2. What we collect
For candidates:
- Name and email address (account creation)
- Career profile content you choose to publish (employment history, skills, education, summary)
- CV file if you upload one (stored securely, used only to populate your profile)
- Session data (login state, device type, browser — standard web auth)
For employers:
- Company name, contact name, email address
- Job listing content you post
For all users:
- Basic usage logs (pages visited, actions taken) — used for debugging and improving the Platform
- IP address — retained briefly for security purposes, not linked to your profile for analytics
3. What we don’t collect
- Payment card details (handled entirely by PayFast — we never see your card number)
- Location beyond what you choose to include in your profile
- Data from social networks unless you explicitly connect them
- Behavioural tracking across other websites
4. Why we collect it
| Data | Purpose |
|---|---|
| Email address | Account authentication, platform notifications |
| Profile content | Display to employers browsing the Platform |
| CV file | Extract and populate profile fields (you review before anything is published) |
| Usage logs | Debugging, platform reliability |
| Session data | Keep you logged in securely |
We do not sell personal information. We do not use profile content for advertising.
5. Profile visibility and how your data reaches employers
Visibility settings
Every candidate profile has a visibility setting — visible or hidden. When your profile is visible, employers with access to the platform can find and view it. You can change this setting at any time from your account. A hidden profile is not surfaced in searches, though job applications you submit are unaffected by this setting.
Passive discovery (employer browses the database)
If your profile is visible, an employer may find it while searching the candidate database and view or download your information. At that point the employer becomes an independent responsible party under POPIA for how they handle your data. We are not responsible for what employers do with information once they have accessed it.
Active application (you apply to a listing)
When you apply to a job listing, your profile and any material you include are transmitted to the employer who posted that role. This is a deliberate action on your part and constitutes consent to that transfer. Once the employer has received your application data, they hold it under their own POPIA obligations.
6. Who we share data with
We use a small number of infrastructure providers to operate the Platform:
- Cloudflare — hosting, database, CDN, DDoS protection. Data may be processed on servers outside South Africa. Cloudflare is a POPIA-compliant data processor under a data processing agreement.
- Resend — transactional email delivery (account confirmations, notifications). Your email address is shared only to send emails you’ve requested.
- PayFast — payment processing for paid employer features. Gigz passes you to PayFast’s secure environment to complete payment. We do not receive or store your card details.
- Anthropic (Claude API) — when you upload a CV, its content is sent to Anthropic’s API to extract structured information (job titles, skills, dates) and populate your profile. This processing is covered by Anthropic’s data processing terms. Anthropic does not use your data to train its models under our agreement. No CV content is retained by Anthropic beyond the immediate API response.
We do not share your data with recruiters, employers, or third parties beyond what you choose to publish on your profile or submit in a job application.
7. Cross-border transfers
Cloudflare and Anthropic operate globally. Your data may be processed outside South Africa. This is permitted under POPIA Section 72 where the recipient is subject to equivalent protection obligations — both Cloudflare and Anthropic satisfy this requirement through their respective data processing agreements.
8. How long we keep your data
| Data | Retention |
|---|---|
| Active account | Held while your account is active |
| Deleted account | Profile and CV removed within 30 days of deletion |
| Usage logs | 90 days rolling |
| Payment records | 5 years (SARS compliance) |
If your account has been inactive for 12 months, we will email you before deleting it.
9. Your rights under POPIA
You have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to correct inaccurate information
- Deletion — ask us to delete your account and associated data
- Objection — object to specific processing (e.g. marketing emails)
- Complaint — lodge a complaint with the Information Regulator at inforeg.org.za
To exercise any of these rights, email legal@hasslebot.co.za. We will respond within 30 days.
10. Security
Connections to the Platform are encrypted (HTTPS). Data at rest is encrypted by Cloudflare’s storage infrastructure. Access to production systems is restricted to authorised personnel.
No system is completely immune to breach. If a breach occurs that poses a material risk to your rights, we will notify you and the Information Regulator as required by POPIA.
11. Children
The Platform is not directed at anyone under 18. We do not knowingly collect information from minors.
12. Changes to this policy
If we make material changes to how we handle your personal information, we will notify active users by email at least 14 days before the change takes effect.
Information Officer: Brent Greeff — legal@hasslebot.co.za