Security

Data Protection

GigVerify employs multiple layers of security to protect your personal and financial data:

• Transport Security: All connections use TLS 1.3 with strong cipher suites
• Storage Encryption: Sensitive data is encrypted at rest using AES-256
• Authentication: Multi-factor authentication via Clerk with industry-standard protocols
• Payment Security: All payment processing handled by Stripe (PCI DSS Level 1 certified)

Platform Connections

When you connect gig economy platforms to GigVerify:

• Connections use OAuth or secure API tokens — we never see your passwords
• We request only the minimum permissions needed (read-only access to earnings data)
• You can revoke access to any connected platform at any time
• Connection tokens are stored encrypted and automatically expire

Infrastructure Security

Our platform is built on trusted, enterprise-grade infrastructure:

• Vercel: Enterprise-grade hosting with DDoS protection and edge network
• Convex: Fully managed database with automatic backups and encryption
• Clerk: Authentication platform with built-in bot protection and session management
• Stripe: PCI DSS Level 1 certified payment processing

Verification Report Integrity

Each income verification report generated by GigVerify includes a unique report ID and verification link. Reports are cryptographically signed to prevent tampering, and third parties can independently verify the authenticity of any report using the verification link provided.

Incident Response

In the unlikely event of a security incident, we have established response procedures including immediate containment, investigation, user notification within 72 hours, and remediation. We continuously monitor our systems for suspicious activity and potential threats.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly by emailing us at contact@gigverify.ai. We take all reports seriously and will respond promptly.