Privacy Policy
Last updated: 25 April 2026 · GigVault (Pty) Ltd
POPIA Compliant
GigVault (Pty) Ltd ("GigVault", "we", "us", or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and applicable international privacy laws including the GDPR where applicable.
This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the GigVault mobile application and related services.
1. Who We Are
GigVault (Pty) Ltd is a South African company that operates a platform connecting fans, artists, promoters, and artist managers in the live entertainment industry. For questions about this policy, contact our Information Officer at privacy@gigvault.co.za.
2. Information We Collect
We collect the following categories of personal information:
- Account Information: Full name, email address, phone number, role (fan, artist, promoter, manager), and profile picture.
- Identity Verification: Government-issued ID documents, business registration documents, and tax information (for verified accounts only).
- Financial Information: Bank account details (stored encrypted), payment history, and payout records.
- Location Data: Venue locations provided during booking and event creation. We do not collect continuous background location.
- Communications: Messages exchanged between users on the platform, booking notes, and support correspondence.
- Usage Data: App interactions, screen views, feature usage, and crash reports for improving the app.
- Device Information: Device type, operating system, push notification tokens.
3. How We Use Your Information
- To create and manage your account and verify your identity
- To process bookings, payments, and escrow transactions
- To connect fans with artists and facilitate event management
- To send booking confirmations, payment receipts, and important account notifications
- To improve, personalise, and secure our platform
- To comply with legal obligations under South African law
- To send marketing communications (only with your consent, which you may withdraw at any time)
4. Legal Basis for Processing
We process your personal information on the following grounds:
- Contract performance: To provide services you have requested
- Legal obligation: To comply with POPIA, FICA, and other applicable laws
- Legitimate interest: To improve platform security and prevent fraud
- Consent: For marketing communications and optional features
5. Sharing Your Information
We share personal information only in these circumstances:
- With other users: Your public profile (name, artist bio, social links) is visible to other platform users based on your settings.
- Service providers: Hosting (Microsoft Azure), payment processors, SMS/email providers — all bound by data processing agreements.
- Legal requirements: When required by South African law, court order, or to protect the rights and safety of our users.
- Business transfers: In the event of a merger or acquisition, with appropriate notice to you.
We do not sell your personal information to third parties.
6. Data Storage & Security
Your data is stored on Microsoft Azure servers. We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+) and at rest for sensitive fields
- Two-factor authentication (2FA) for all accounts
- Role-based access controls for staff
- Regular security reviews and vulnerability assessments
7. Data Retention
We retain your personal information for as long as your account is active and for a period thereafter as required by law (typically 5 years for financial records under FICA). When you delete your account, we anonymise your personal data within 30 days, except where retention is required by law.
8. Your Rights Under POPIA
You have the right to:
- Access the personal information we hold about you
- Correct inaccurate or outdated information
- Request deletion of your personal information (subject to legal obligations)
- Object to processing of your personal information
- Withdraw consent for marketing at any time
- Lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za
To exercise any of these rights, contact us at privacy@gigvault.co.za or use the account deletion page.
9. Children's Privacy
GigVault is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us immediately.
10. Third-Party Links
The app may contain links to artist social media profiles and external websites. We are not responsible for the privacy practices of those third-party services.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via the app or email. Continued use of GigVault after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related queries or to exercise your rights: