Timegigs Maximalist Privacy Policy and Data Protection Statement

Effective Date: December 07, 2025

This Comprehensive Privacy Policy details the strict commitment of Timegigs (the "Platform," "we," "us," or "our") to protect your personal information. Timegigs acts as a Data Controller in respect to the personal data processed under this policy. This document supersedes all prior versions and applies to all users (Earners and Advertisers) of our services, designed to meet the highest international standards of transparency and data protection, including principles derived from GDPR (EU) and NDPR (Nigeria).

By registering for or utilizing any Timegigs service, you explicitly and unambiguously consent to the collection, processing, and disclosure of your information as described herein.

1. Scope and Applicability of this Policy

This policy governs the processing of all Personal Data collected via the Timegigs website, mobile applications, APIs, and any related services. Personal Data is defined as any information relating to an identified or identifiable natural person (Data Subject).

2. Information We Collect and Sources of Data Acquisition

We collect and process various categories of Personal Data necessary for service operation, payment management, and stringent platform security.

A. Data Directly Provided by the User

This data is mandatory for account creation and service functionality:

Identity and Contact Data: Full Legal Name, Preferred Email Address, Date of Birth (for mandatory age verification to confirm users are 18+), Encrypted Password (stored using irreversible cryptographic hashing), and Primary Residential Country/Region.
Payout & Financial Data: Bank Account Name, Full Bank Name, Account Number (required for Naira payouts), Mobile Money wallet details, and Tax Identification Number (TIN) or equivalent required for compliance purposes related to earning thresholds.
Verification and Social Media Data: Specific Social Media Profile URLs (e.g., Twitter handle, YouTube channel link) required to execute and verify micro-gigs. These are collected only when a task necessitates them.

B. Data Automatically Collected (Security, Activity, and Log Data)

This data is continuously collected upon access and is fundamental for our Legitimate Interests in Fraud Prevention and Platform Integrity:

Device & Connection Data: Persistent and Non-Persistent Identifiers (Unique User ID, Device IDs such as IMEI, Advertising ID), IP Address (and historical IP addresses), User Agent strings, Browser Type, Operating System, Time Zone, and Network Connection details.
Usage & Behavioral Data: Detailed transactional history, Log Data including access times, referral source, pages viewed, time spent per task page, mouse clicks, key presses, scrolling data, application error logs, and task interaction patterns.
Precise and Approximate Geolocation Data: General location (country, city, and derived ISP location) obtained from your IP address, strictly used for targeted offer delivery and high-level geo-fencing for fraud analysis.
Transaction and Proof Records: Detailed acceptance/rejection log for all Gigs and Offers, Completion Timestamps, Earning Balance ledger, comprehensive Withdrawal Request history, and storage of uploaded Proof of Completion Screenshots for auditing purposes.

C. Data Received from Third Parties (Advertisers and Sub-processors)

Offer Completion Status (From Offer Walls): We receive server-to-server confirmation data from third-party advertising partners (Offer Walls, Survey Aggregators, Game Publishers). This data is the sole basis for crediting the Earner and includes: a unique, non-identifying tracking identifier (Sub-ID tied to your Timegigs account), the name and category of the completed offer, and the exact corresponding payout value.
Task Verification Feedback (From Advertisers): Advertisers may provide structured feedback regarding task validity (e.g., "Verification failed due to unfollow within the audit window," or "Duplicate account detected"). This feedback is stored and impacts your account standing.

3. Lawful Basis for Data Processing

We adhere to rigorous legal bases for all data processing activities:

Performance of Contract (Article 6(1)(b) GDPR equivalent): Processing is essential for fulfilling the contractual obligation to the user (Earner) for task completion and payment, and to the Advertiser for task dissemination and verification.
Legitimate Interests (Article 6(1)(f) GDPR equivalent): We process data for the overriding legitimate interests of Timegigs, primarily:
- Fraud Mitigation and Security: Analyzing behavioral and device data to protect the Platform's financial integrity against bot networks, VPN abuse, and fraudulent earning schemes.
- Business Operations: Analyzing usage data to improve service features, optimize the flow of high-margin offers, and manage business risks.
Legal Obligation (Article 6(1)(c) GDPR equivalent): Processing necessary to comply with Nigerian (NDPR), tax, anti-money laundering (AML), and other international regulatory obligations.
Consent (Article 6(1)(a) GDPR equivalent): Used when processing data that falls outside the above bases, such as receiving non-essential marketing communications, for which explicit user consent is obtained.

4. Detailed Data Usage and Purpose Specification

The data we collect is processed for the following specific and transparent purposes, outlining the precise activity and the lawful basis upon which the processing occurs:

A. Account Management and Authentication

Detailed Processing Activity: We use Identity and Contact Data for the creation, maintenance, and secure authentication of your user account, including the personalized presentation of your earning dashboard.
Legal Basis: Performance of Contractual Necessity, as this is essential to provide you access to the Timegigs Platform.

B. Financial Processing and Regulatory Reporting

Detailed Processing Activity: We validate Earner bank details and mobile money wallets, initiate Naira payouts for completed Gigs, handle billing and campaign funding for Advertisers, and generate financial statements and records.
Legal Basis: Performance of Contractual Necessity (to pay you/bill advertisers) and Legal Obligation (to comply with tax, banking, and anti-money laundering (AML) requirements).

C. Task Allocation and Opportunity Targeting

Detailed Processing Activity: We process Geolocation, Device Type, and Usage Data to intelligently match you with relevant, high-conversion offers and Gigs that you qualify for (e.g., regional surveys or device-specific app downloads).
Legal Basis: Legitimate Interests (to optimize earnings for the user and conversion rates for the platform) and Contractual Necessity (to provide the earning service).

D. Fraud Prevention, Security, and Auditing

Detailed Processing Activity: This is a core function. We cross-reference IP history, device IDs, and task completion speed against known fraud patterns, continuously monitor behavioral data, and maintain a permanent audit log of all transaction proofs and Proof of Completion Screenshots.
Legal Basis: Overriding Legitimate Interests (Security, Fraud Mitigation, and protecting the financial integrity of the platform for all users and advertisers).

E. Platform Improvement and Optimization

Detailed Processing Activity: We conduct internal research and statistical analysis on aggregated and anonymized data to identify bottlenecks, optimize feature performance, increase system speed, and enhance reliability.
Legal Basis: Legitimate Interests (Continuous improvement of the service offering).

F. Mandatory Legal Compliance

Detailed Processing Activity: We process necessary data to respond to lawful and verified requests from Nigerian or international law enforcement agencies, courts, or regulatory bodies regarding platform activity, financial reporting, or user conduct.
Legal Basis: Legal Obligation.

5. Cookies and Detailed Tracking Technologies

We use cookies (small text files stored on your device) and other tracking technologies (pixel tags, web beacons) to achieve functionality and tracking integrity.

Necessity Cookies: These are vital for enabling core features such as login status, balance display, and session management. Disabling these will make the service unusable.
Performance Cookies: Used to monitor site performance and load times.
Targeting/Affiliate Tracking Cookies: CRITICAL for ensuring you get paid for high-value offers. These cookies track your journey from Timegigs to the third-party offer page and back, ensuring the Sub-ID is correctly transmitted and credit is applied. Without these, we cannot accurately credit your account for survey/offer completions.

Your Control: You can manage or block cookies via your browser settings; however, disabling tracking or affiliate cookies will prevent you from earning credit from third-party offers.

6. Disclosure to Third-Party Data Processors

We do not sell your Personal Data. We share it only with verified partners who act as Data Processors or Sub-processors under our instruction and who are required to meet the same stringent data protection standards.

Payment Gateways: (e.g., Paystack, Flutterwave, or local bank partners): Receive Payout & Financial Data to execute fund transfers.
Offer Walls/Affiliate Networks: Receive only the unique, non-identifying tracking identifier (Sub-ID) to confirm offer completion and assign revenue to Timegigs.
Cloud Hosting Providers: (e.g., AWS, Google Cloud): Store all application and database data, including Personal Data, under contractually secured environments.
Analytics Providers: (e.g., Google Analytics): Receive anonymized Usage Data to analyze platform performance.

International Data Transfer: Your data may be transferred to and processed in jurisdictions outside of Nigeria (e.g., where our servers or Offer Walls are located). We ensure all data transfers comply with the NDPR and other applicable laws, relying on contractual clauses or approved certification mechanisms to protect your rights.

7. Data Security, Incident Response, and Breach Notification

We are committed to maintaining the highest level of security.

Security Measures: We employ industry-leading security practices, including: data minimization, pseudonymization where possible, mandatory SSL/TLS encryption for all data-in-transit, robust firewalls, regular security audits, and strict access controls to Payout Data.
Incident Response: In the event of a security breach involving Personal Data, we have a detailed protocol to contain the incident, assess the risk, and restore system integrity.
Breach Notification: If a breach is determined to pose a high risk to your rights and freedoms, we will notify affected users and the relevant data protection authority (e.g., NITDA in Nigeria) without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

8. Data Retention and Deletion Policy

We retain Personal Data only for the period necessary to fulfill the purposes for which it was collected.

Active Accounts: Data is retained indefinitely while the account remains active, to maintain complete transaction history and fraud prevention logs.
Account Deletion: Upon request for deletion, Identity Data will be purged or fully anonymized. However, we must retain Financial Records, Task Proofs, and Fraud/Activity Logs (IPs, Device IDs, and Sub-IDs) for a minimum of five (5) to seven (7) years. This retention period is mandatory to comply with global tax and anti-fraud regulations, and to maintain the integrity of our security and blacklisting systems.

9. Your Data Protection Rights

You have robust rights regarding your Personal Data, which we commit to honoring:

The Right to Access (SAR): You can request confirmation of whether we are processing your data and receive a copy of that data.
The Right to Rectification: You can correct inaccurate or incomplete Personal Data.
The Right to Erasure ("Right to be Forgotten"): You can request deletion of your data, subject to the mandatory retention periods outlined in Section 8.
The Right to Restriction of Processing: You can request that we temporarily limit processing of your data under specific conditions.
The Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format.
The Right to Object: You can object to processing based on legitimate interests, including profiling and direct marketing.
The Right to Lodge a Complaint: You have the right to file a complaint with the relevant supervisory authority (e.g., NITDA in Nigeria).

To exercise any of these rights, please submit a formal request through our designated support channels (Section 14).

10. Third-Party Links and External Services

Our platform links to Advertiser websites and third-party Offer Walls. We are not responsible for the privacy practices, security, or content of these external services. Your activity on external sites is governed by their respective privacy policies.

11. Business Transactions and Corporate Changes

In the event of a merger, acquisition, sale of assets, or bankruptcy, your Personal Data may be disclosed or transferred as part of that transaction. We will notify you via email or a prominent notice on the Platform of any such change in ownership or control.

12. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. We will provide notice of any material changes by posting the new policy, updating the Version number and Effective Date. Continued use of the Platform after the effective date constitutes acknowledgment and acceptance of the revised policy.

13. Governing Law and Dispute Resolution

This Privacy Policy is governed by and construed in accordance with the laws of [Insert Governing Country, e.g., The Federal Republic of Nigeria]. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in [Insert Governing City, e.g., Lagos, Nigeria].

14. Contact Us

For any inquiries, requests concerning your data rights, or questions regarding this comprehensive policy, please contact our dedicated Data Protection Officer (DPO) and support team:

Timegigs Data Protection Office

Email: privacy@timegigs.com