GILD
TermsHome

Privacy Policy

Last updated: March 5, 2026

1. Introduction

GILD Inc. ("GILD," "we," "us," or "our") operates the GILD platform (the "Platform"), a booking, client management, and commerce platform for independent hair stylists. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Platform, whether as a stylist ("Seller"), client ("Buyer"), or visitor.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, profile photo, and business details during registration and onboarding
  • Stylist Profile Data: Business name, service offerings, pricing, availability, portfolio photos, bio, and professional credentials
  • Product Listings: Product names, descriptions, images, pricing, and brand information for storefront products (including Custom Products uploaded by Sellers)
  • Transaction Data: Purchase history, order details, shipping addresses, and communication between Buyers and Sellers
  • Communications: Messages, reviews, support requests, and feedback you submit through the Platform
  • Payment Information: Payment method details processed by Stripe (we do not store full credit card numbers)

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, click patterns, and interaction data
  • Device Information: Browser type, operating system, device identifiers, and screen resolution
  • Network Information: IP address, approximate location (city/region level), and referring URLs
  • Cookies & Tracking: Essential cookies for authentication and session management, analytics cookies for Platform improvement

2.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google or Apple, we receive your name, email, and profile photo from those services
  • Payment Processors: Transaction confirmations and limited payment details from Stripe
  • Analytics Providers: Aggregated usage data from Vercel Analytics and Sentry error monitoring

3. How We Use Information

  • To provide, maintain, and improve the Platform and its features
  • To process bookings, product orders, and payments
  • To facilitate transactions between Sellers and Buyers
  • To send transactional communications (booking confirmations, order updates, shipping notifications)
  • To send marketing communications (with your consent; you may opt out at any time)
  • To moderate product listings and enforce our Terms of Service
  • To detect, prevent, and address fraud, abuse, and security issues
  • To comply with legal obligations and respond to lawful requests
  • To analyze usage patterns and improve the user experience
  • To enforce our Terms of Service and protect our legal rights

4. How We Share Information

We do not sell your personal information. We may share data in the following circumstances:

  • Between Sellers and Buyers: Names, contact information, and order details necessary to fulfill bookings and product orders
  • Service Providers: Third-party services that help us operate the Platform (listed in Section 5)
  • Legal Requirements: When required by law, regulation, subpoena, or legal process
  • Safety & Rights: To protect our rights, privacy, safety, or property, and that of our users
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets
  • With Consent: When you have given explicit consent to share your information

5. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Authentication, database hosting, and file storage
  • Stripe — Payment processing via Stripe Connect
  • Resend — Transactional email delivery
  • Twilio — SMS notifications
  • Sentry — Error monitoring and performance tracking
  • Vercel — Application hosting and analytics
  • Google — OAuth authentication and image generation services

Each provider maintains their own privacy policy. We encourage you to review them. We select providers that maintain appropriate security and data protection standards.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security (RLS) policies on all database tables
  • Secure authentication with JWT token verification
  • Audit logging of all data access and modifications
  • Regular security assessments and monitoring

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. We may retain certain data as required by law or for legitimate business purposes, such as fraud prevention, dispute resolution, and audit compliance. Transaction records may be retained for up to 7 years for tax and accounting purposes. You may request deletion of your account and associated data at any time, subject to legal retention requirements.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data (subject to legal exceptions)
  • Portability — Request your data in a structured, machine-readable format
  • Restriction — Request restriction of processing in certain circumstances
  • Objection — Object to processing based on legitimate interests
  • Opt-out — Unsubscribe from marketing communications at any time
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@gild.app. We will respond to verified requests within 30 days (or as required by applicable law).

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to opt-out of the sale or sharing of personal information
  • The right to correct inaccurate personal information
  • The right to limit use of sensitive personal information
  • The right to non-discrimination for exercising CCPA/CPRA rights

We do not sell or share personal information as defined under the CCPA/CPRA. To submit a request, email privacy@gild.app with "CCPA Request" in the subject line.

10. GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations
  • Data Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards (Standard Contractual Clauses) are in place
  • DPO: You may contact our data protection representative at privacy@gild.app
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

11. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Analytics Cookies: Help us understand Platform usage to improve features and performance. Can be disabled.

You can control cookie preferences through your browser settings. The Platform does not currently respond to Do Not Track (DNT) signals due to lack of industry standard.

12. Children's Privacy

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@gild.app.

13. Marketplace-Specific Privacy Practices

As a marketplace platform, we have specific data practices related to product sales:

  • Buyer shipping addresses are shared with Sellers solely for order fulfillment purposes
  • Product listing images uploaded by Sellers are stored in our secure cloud storage and publicly accessible via the Platform
  • Order history and transaction records are maintained for both Buyers and Sellers
  • Product reviews and ratings are publicly visible and linked to your account name
  • Sellers may not use Buyer information for any purpose other than fulfilling orders placed through the Platform

14. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the updated policy on this page; (b) updating the "Last updated" date; and (c) sending an email notification for significant changes. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

15. Contact Information

For questions, requests, or complaints about this Privacy Policy or our data practices, please contact us: