GigPaper ("GigPaper", "we", "us") is a tool for freelancers and independent contractors to send proposals, contracts, and invoices and to get paid. This policy explains what we collect, how we use it, and the choices you have. GigPaper is operated by 10bit. Questions? Email info@gigpaper.app.
The short version. We collect the minimum needed to run your account and process payments. Your client book, rates, and documents are
end-to-end encrypted on your device — our servers store only ciphertext, so we cannot read them. Card payments are handled by Stripe; we never see or store full card numbers, and money goes straight to your account. We do not sell your data.
Information we collect
- Account information — your email address and name, used to create and secure your account and to send you transactional email (invoices, receipts, password and security notices).
- Authentication data — a securely hashed password, and, if you enable it, two-factor (TOTP) settings and backup codes. We never store your password in plain text.
- Your business content — clients, rates, drafts, time entries, and documents you create. This content is end-to-end encrypted: it is encrypted on your device with a key derived from your password (and your recovery methods), and our servers store only the encrypted result. We cannot decrypt or read it.
- Payment information — when you subscribe, or when your clients pay you by card, payments are processed by Stripe. Stripe collects and stores card details directly; GigPaper does not receive or store full card numbers. We store limited, non-sensitive billing metadata (such as your subscription status and Stripe customer/subscription identifiers).
- Usage and diagnostic data — basic logs needed to operate and secure the service (for example, request timestamps and error logs). We use this to keep the service running and prevent abuse.
How we use information
- To provide the service — store your encrypted data, generate documents, and deliver the links your clients open.
- To process subscriptions and to enable card payments to you (via Stripe).
- To send transactional email (invoices, receipts, signed-document and payment notices, security alerts).
- With your consent, to send occasional product updates. You can opt out anytime — every marketing email has an unsubscribe link, and turning off product emails in Settings does not stop invoices or documents people send you.
- To secure the service, prevent fraud and abuse, and comply with law.
How payments work
GigPaper uses Stripe to process subscription payments and, if you enable card payments, to collect payments from your clients. When a client pays an invoice, the funds settle to your connected account — GigPaper does not hold your money and takes 0% of your invoices. Stripe's handling of payment data is governed by Stripe's Privacy Policy.
How we share information
We do not sell your personal information. We share data only with service providers that help us run GigPaper, under contracts that limit their use of it:
- Stripe — payment processing and subscription billing.
- Amazon Web Services (AWS) — hosting, storage, and email delivery for the application and its (encrypted) data.
- App stores — Apple and Google process in-app purchases made through their platforms, subject to their own policies.
We may also disclose information if required by law, or to protect the rights, safety, and security of our users and the service.
Data retention
We keep your account and its encrypted data while your account is active. If you delete your account, we delete your account data; some records may be retained as required for legal, tax, accounting, or fraud-prevention purposes (for example, payment records held by Stripe). You can export your data at any time (see below).
Security
Your sensitive business content is end-to-end encrypted, so a breach of our servers exposes only ciphertext. Passwords are hashed, traffic is encrypted in transit (HTTPS), and you can enable Face ID / fingerprint unlock and two-factor authentication. No method of storage or transmission is 100% secure, but we design GigPaper so that we hold as little readable data about you as possible.
About your recovery code. Because your data is end-to-end encrypted, your recovery code (and any passkey or security questions you add) are the only way back into your encrypted vault if you forget your password. We cannot recover that data for you. Please store your recovery code somewhere safe.
Your choices and rights
- Access & export — export your clients, documents (PDF), and history (CSV) from the app at any time.
- Delete — you can delete your account; contact info@gigpaper.app if you need help.
- Email preferences — opt out of product/marketing email anytime via the unsubscribe link or Settings.
- Depending on where you live, you may have additional rights (access, correction, deletion, portability). Email us to exercise them.
Children
GigPaper is a business tool intended for users 18 and older. It is not directed to children, and we do not knowingly collect personal information from anyone under 13.
International users
GigPaper is operated from the United States, and your information may be processed there and in other countries where our service providers operate. By using GigPaper you understand your information may be transferred to and processed in the United States.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you in the app or by email.
Contact
GigPaper — operated by 10bit. Email info@gigpaper.app.