Back to home

Privacy Policy

Effective Date: February 22, 2026

1. Who We Are

Gigi (usegigi.ai) is operated by MVPHub LLC (“Controller”), with registered address at 1111B S Governors Ave STE 29827, Dover, DE 19904, United States. We act as the data controller for personal data processed through our Service. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable data protection law.

2. Data We Collect

2.1 Data You Provide

  • Account information: Name, email address, company name, billing information
  • Campaign configuration: Your offer description, ideal customer profile, targeting criteria, tone preferences
  • LinkedIn connection: OAuth tokens or session credentials via Unipile (we never store your LinkedIn password)

2.2 Prospect Data (Collected Automatically)

When you initiate a campaign, the Service collects publicly available LinkedIn profile data of your specified prospects, including:

  • Name, job title, company, headline, summary/about section
  • Work history, education, skills, endorsements
  • Recent posts and activity (if publicly visible)
  • Profile photo URL (not stored)

2.3 AI-Generated Data

Based on prospect data, our AI generates:

  • Personality and communication style analyses
  • Prospect-offer fit scores (0–10)
  • Draft message sequences with reasoning explanations

These analyses are probabilistic assessments and do not constitute definitive personality profiling. They are used solely to improve the relevance of outreach messages.

2.4 Usage and Technical Data

  • Log data (IP address, browser type, pages visited, timestamps)
  • Campaign analytics (messages sent, acceptance rates, reply rates)
  • Cookies and similar tracking technologies (see Section 9)

3. Legal Basis for Processing (GDPR Article 6)

We process personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing your account data and campaign data to deliver the Service
  • Legitimate interest (Art. 6(1)(f)): Processing publicly available LinkedIn data of prospects for B2B outreach personalization. Our legitimate interest is enabling our users to conduct relevant, personalized business communication. We have conducted a balancing test and determined that this processing does not override the rights of data subjects, as: (a) the data is already publicly shared by the prospect on LinkedIn, (b) the purpose is limited to professional B2B outreach, (c) data subjects can opt out at any time, and (d) no sensitive data categories are processed
  • Consent (Art. 6(1)(a)): For cookies, marketing communications, and any optional data processing
  • Legal obligation (Art. 6(1)(c)): Where required by law (e.g., tax records, regulatory requests)

4. AI-Based Profiling and Automated Decision-Making

The Service uses AI to analyze prospect profiles and generate communication insights. Per GDPR Article 22, we clarify that: (a) AI analyses are used solely to draft message suggestions for the user; (b) no automated decisions with legal or significant effects are made about prospects; (c) all messages require human approval before sending; (d) AI analyses are advisory in nature and do not result in automated actions; and (e) the user (not the AI) makes all decisions about whether to contact a prospect and what to send. Prospects may exercise their rights under Section 7 to object to this processing.

5. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To generate AI-powered prospect analyses and message drafts
  • To process payments and manage credit purchases
  • To send transactional communications (account confirmations, billing, service updates)
  • To monitor and enforce acceptable use
  • To aggregate anonymized analytics for product improvement

6. Data Sharing and Sub-Processors

We share personal data only with the following categories of recipients, all bound by data processing agreements:

  • OpenAI (USA): LLM provider for AI analysis and message generation. Data processed under Standard Contractual Clauses (SCCs) for EU-US transfers
  • Anthropic (USA): Alternative LLM provider. Same transfer safeguards apply
  • Unipile (France): LinkedIn API integration provider. Processes LinkedIn session data
  • Payment processor: Stripe, for secure payment processing of credit pack purchases
  • Hosting provider: Cloud infrastructure for data storage and application hosting

We do not sell personal data to third parties. We do not use prospect data for advertising purposes.

7. Your Rights (GDPR Articles 15–22)

Both users and prospects whose data is processed have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Restrict processing under certain conditions
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after termination
  • Prospect data and AI analyses: Retained for 90 days after the campaign ends, then automatically deleted
  • Billing records: Retained for at least 5 years (or longer where required by applicable tax law)
  • Usage logs: Retained for 12 months for security and analytics, then anonymized

9. Cookies

We use strictly necessary cookies for authentication and session management. We may use analytics cookies (with your consent) to understand how the Service is used. You can manage cookie preferences through your browser settings or our cookie consent banner. We do not use advertising or tracking cookies.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS) and at rest, access controls and role-based permissions, regular security assessments, and secure API communications with all sub-processors. While we strive to protect your data, no method of electronic storage or transmission is 100% secure.

11. International Data Transfers

Some of our sub-processors (OpenAI, Anthropic) are located in the United States. We ensure appropriate safeguards for EU-US data transfers through Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, supplementary measures. Details of our transfer mechanisms are available upon request.

12. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect data from minors. If we discover that we have inadvertently collected data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The “Effective Date” at the top indicates the latest revision.

14. Contact Us

For privacy inquiries, data subject requests, or complaints:

Data Controller: MVPHub LLC, 1111B S Governors Ave STE 29827, Dover, DE 19904, United States

Email: [email protected]

Supervisory Authority: Your local supervisory authority (in the EU/EEA, the authority in your member state)