Privacy Policy

Effective Date: March 13, 2026

Last Updated: March 13, 2026

1. Overview and Scope

This Privacy Policy explains how GoatBird Inc. (“GoatBird,” “we,” “us,” or “our”), a California corporation, collects, uses, discloses, and protects information in connection with the GigLedgerPro mobile application (the “Service”). GoatBird’s registered address is 2108 N ST STE N, Sacramento, CA 95816, USA.

This Privacy Policy applies to all users of the Service, including users located in the United States, the European Economic Area (“EEA”), the United Kingdom (“UK”), Canada, and Australia. Where applicable, jurisdiction-specific rights and obligations are described in dedicated sections below.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Service.

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked to or integrated with the Service. We encourage you to review the privacy policies of any third-party services you use.

2. Data Controller and Contact Information

For purposes of applicable data protection laws (including GDPR, UK GDPR, PIPEDA, and the Australian Privacy Act), GoatBird Inc. is the data controller with respect to personal information we collect from you during onboarding and for marketing communications.

For personal information you enter about your clients and business contacts that is stored locally on your device or in your iCloud account, you are the data controller, and GoatBird generally acts as a data processor only to the very limited extent it processes such data (as further described in our Data Processing Addendum).

To contact us about privacy matters:

GoatBird Inc.
2108 N ST STE N, Sacramento, CA 95816, USA
Email: support@gigledgerpro.app

We do not currently have a designated Data Protection Officer. Questions or requests regarding your personal information should be directed to support@gigledgerpro.app.

3. Information We Collect

We collect limited personal information in the following categories:

3.1 Information You Provide During Onboarding

When you first launch the Service, we collect:

  • First name and last name
  • Email address
  • Your marketing communications preference (opt-in or opt-out)

This information is used to: (a) link your subscription entitlements with your Apple account via RevenueCat; and (b) if you opt in, to send you marketing communications via ConvertKit. We do not use this information for any other purpose without your consent.

3.2 Business Profile and Invoice Data (Stored Locally)

To use the Service’s core features, you may enter:

  • Your business profile information (name, email, phone number, business address) for use on invoices
  • Client information (names and contact details)
  • Project and invoice data (dates, line items, amounts, payment status)

This data is stored locally on your device. If you enable iCloud sync, it syncs via your personal iCloud account. GoatBird does not operate servers that store this data and does not have access to it. You are the controller of this data.

3.3 Subscription and Entitlement Data

When you subscribe to the Service, Apple processes your payment and may share limited subscription status information (such as subscription entitlement status and identifiers) with us and our subscription infrastructure provider, RevenueCat. GoatBird does not collect or store payment card numbers or financial account information.

3.4 Analytics Data (Anonymous)

We use TelemetryDeck to collect anonymous, aggregated data about feature usage and app performance. TelemetryDeck is designed to be privacy-respecting:

  • It does not track individual users across apps or websites
  • It does not store raw IP addresses; IP addresses are immediately hashed/anonymized on TelemetryDeck’s servers before storage
  • Analytics data is not linked to your name, email, or other identifying information
  • TelemetryDeck is GDPR-compliant

Analytics data we collect through TelemetryDeck may include: which features are used, how frequently, app performance metrics, and crash/error reports. This data is used solely to improve the Service.

3.5 Information We Do Not Collect

GoatBird does not collect or store:

  • Payment card numbers, bank account details, or other financial account information
  • IP addresses (TelemetryDeck anonymizes IP addresses immediately; we do not log IP addresses independently)
  • Precise geolocation data
  • Biometric data (Face ID is handled entirely by iOS and Apple; we receive only a success/failure result)
  • Data from your device’s camera, microphone, contacts, or other sensors beyond what you explicitly enter

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and operate the Service, including invoice generation and project tracking
  • To manage your subscription and entitlements (via Apple and RevenueCat)
  • To respond to your support requests and communicate with you about the Service
  • To improve app performance, reliability, and features using anonymous analytics (via TelemetryDeck)
  • To send you marketing communications about GigLedgerPro, but only if you have given explicit opt-in consent (via ConvertKit)
  • To comply with applicable legal obligations

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Legal Bases for Processing (EEA and UK Users)

If you are located in the EEA or UK, we process your personal information under the following legal bases under the GDPR and UK GDPR:

  • Performance of a contract (Article 6(1)(b) GDPR): Processing your name, email, and subscription information is necessary to provide the Service under our Terms of Service.
  • Legitimate interests (Article 6(1)(f) GDPR): We process anonymous analytics data based on our legitimate interest in maintaining, securing, and improving the Service. We have conducted a legitimate interests assessment and concluded that this processing does not override your rights and freedoms, given the anonymous and aggregated nature of the data.
  • Consent (Article 6(1)(a) GDPR): We rely on your explicit opt-in consent for sending marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Compliance with legal obligations (Article 6(1)(c) GDPR): We may process your information as required by applicable law.

You have the right to withdraw consent at any time for processing activities based on consent, without affecting the lawfulness of processing before withdrawal. To withdraw consent for marketing communications, use the unsubscribe link in any marketing email or contact us at support@gigledgerpro.app.

6. How We Share Your Information

We do not sell your personal information. We do not share personal information with third parties for their own marketing purposes. We share information only as follows:

6.1 Service Providers (Sub-processors)

We share limited information with the following third-party service providers, each acting as our processor or sub-processor, solely to provide the Service:

  • Apple Inc. – App Store billing, subscription management, and optional iCloud storage/sync. Apple’s privacy policy is available at apple.com/privacy.
  • RevenueCat, Inc. – Subscription infrastructure and entitlement management. RevenueCat receives your name, email address, and subscription identifiers. RevenueCat’s privacy policy is available at revenuecat.com/privacy.
  • TelemetryDeck GmbH – Anonymous, aggregated analytics. TelemetryDeck does not receive personally identifiable information. TelemetryDeck’s privacy policy is available at telemetrydeck.com/privacy.
  • ConvertKit, LLC – Marketing email communications, only if you opt in to marketing. ConvertKit receives your name and email address. ConvertKit’s privacy policy is available at convertkit.com/privacy.

6.2 Legal Disclosures

We may disclose your information if we believe disclosure is necessary or appropriate to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce these Terms of Service; (c) protect the rights, property, or safety of GoatBird, our users, or others; or (d) detect, prevent, or address fraud, security, or technical issues.

6.3 Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, your information may be transferred to a successor entity. We will notify you of any such transfer and any material changes to this Privacy Policy that result from it.

6.4 With Your Consent

We may share your information with third parties for any other purpose with your explicit consent.

7. Exported Content and Your Responsibility

The Service allows you to export invoices and reports using iOS sharing functionality (e.g., email, messaging, AirDrop, cloud storage apps). Once you export data from the Service, GoatBird is not responsible for that data’s security, confidentiality, or distribution. Exported documents may contain personal information about you and your clients; you are responsible for handling such exports in accordance with applicable privacy laws and your obligations to your clients.

8. Local Storage and iCloud Sync

Your project and invoice data is stored locally on your device and is not transmitted to GoatBird’s servers. If you enable iCloud sync in your device settings, your data will sync via your personal iCloud account subject to Apple’s iCloud terms of service and privacy policy.

Apple provides security measures for iCloud, including encryption in transit and at rest. For users who enable Advanced Data Protection, Apple provides end-to-end encryption for iCloud data, meaning GoatBird and Apple cannot access the content of that data. We encourage you to enable iCloud Advanced Data Protection for the strongest available protections.

If you delete the app or disable iCloud sync, your locally stored data will be deleted from your device. GoatBird cannot recover deleted locally-stored data.

9. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy:

  • Onboarding information (name, email) retained in RevenueCat: for the duration of your subscription plus a reasonable period thereafter for entitlement verification and fraud prevention, generally not exceeding 3 years after subscription termination unless required by law.
  • Marketing list data in ConvertKit (name, email): retained until you unsubscribe or request deletion.
  • TelemetryDeck analytics data: retained in anonymous/aggregated form in accordance with TelemetryDeck’s retention policies; GoatBird does not retain separately.
  • Project and Invoice Data stored locally: controlled entirely by you; retained until you delete it or delete the app.

You may request deletion of personal information we hold by contacting us at support@gigledgerpro.app. We will respond within the timeframe required by applicable law (see Section 12 for jurisdiction-specific rights).

10. Security

We take reasonable administrative and technical measures to protect the personal information we process. Specifically:

  • The Service supports device-level protections, including Face ID and passcode (if enabled on your device). GoatBird does not control device-level security; it is your responsibility to maintain secure device access.
  • If you enable iCloud sync, your data benefits from Apple’s security measures, including encryption in transit and at rest, and optionally end-to-end encryption through Advanced Data Protection.
  • Our service providers – RevenueCat, ConvertKit, and TelemetryDeck – maintain their own security programs appropriate to the data they process.

No method of transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

11. Children’s Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. While certain features of the Service may be useful to teenagers (13–17), access by users under 18 requires parental or guardian consent and supervision, as described in our Terms of Service.

If you are a parent or guardian and believe your child under the age of 13 has provided personal information to us without your consent, please contact us at support@gigledgerpro.app. We will take prompt steps to delete such information.

In the United States, the Children’s Online Privacy Protection Act (“COPPA”) applies to online services directed to children under 13. The Service is not directed to children under 13 for COPPA purposes.

12. Your Privacy Rights

12.1 All Users

Regardless of your location, you may:

  • Update or correct your name and email address by contacting us at support@gigledgerpro.app
  • Opt out of marketing communications at any time using the unsubscribe link in any marketing email or by contacting us
  • Delete locally-stored project and invoice data by deleting the app or clearing app data on your device

12.2 EEA and UK Users (GDPR / UK GDPR Rights)

If you are located in the EEA or UK, you have the following rights under the GDPR and/or UK GDPR:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): You may request deletion of your personal data, subject to applicable legal exceptions.
  • Right to restriction of processing: You may request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority. In the EU, find your local authority at edpb.europa.eu. In the UK, contact the Information Commissioner’s Office (ico.org.uk).

To exercise your GDPR/UK GDPR rights, contact us at support@gigledgerpro.app. We will respond within 30 days (with an extension of up to two additional months for complex requests, with notice).

12.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of personal information we have collected, subject to legal exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising as defined by California law. You do not need to submit an opt-out request.
  • Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights.
  • Right to limit use of sensitive personal information: We do not process sensitive personal information as defined by CPRA beyond what is necessary for providing the Service.

To exercise your California rights, contact us at support@gigledgerpro.app. We will respond within 45 days, with up to a 45-day extension with notice. You may designate an authorized agent to submit requests on your behalf; we may require verification of the agent’s authorization.

California Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.

12.4 Canadian Users (PIPEDA)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial privacy laws, including:

  • The right to access personal information we hold about you
  • The right to request correction of inaccurate personal information
  • The right to withdraw consent to the collection, use, or disclosure of your personal information, subject to legal and contractual restrictions

To exercise these rights, contact us at support@gigledgerpro.app. We will respond within 30 days.

12.5 Australian Users (Privacy Act 1988)

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”), including:

  • The right to access personal information we hold about you
  • The right to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information
  • The right to make a complaint to the Office of the Australian Information Commissioner (oaic.gov.au) if you believe we have breached the APPs

To exercise these rights or to make a complaint, contact us at support@gigledgerpro.app. We will respond within 30 days.

13. International Data Transfers

GoatBird is based in the United States. Our third-party service providers (Apple, RevenueCat, ConvertKit, and TelemetryDeck) may process personal information in the United States and other countries.

For transfers of personal data from the EEA or UK to the United States or other countries that have not been granted an adequacy decision by the European Commission or UK authorities, we rely on appropriate transfer mechanisms, including:

  • Standard Contractual Clauses (“SCCs”) approved by the European Commission or equivalent UK International Data Transfer Agreements (“IDTAs”) incorporated into our agreements with sub-processors where required
  • Other lawful transfer mechanisms as made available by our service providers

By using the Service from outside the United States, you acknowledge that your information may be transferred to and processed in the United States and other countries, which may have different data protection laws than your country of residence.

14. Third-Party Links and Services

The Service may contain links to or integrations with third-party websites, applications, or services (including Apple, RevenueCat, ConvertKit, and TelemetryDeck). This Privacy Policy does not apply to third-party services, and GoatBird is not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

15. Apple App Store and iOS Platform

The Service is available exclusively through the Apple App Store. Apple may collect information about your use of the App Store and your device in accordance with Apple’s own privacy policy. GoatBird is not responsible for Apple’s data collection or use. Information about Apple’s privacy practices is available at apple.com/privacy.

The Service uses iOS platform features including Face ID/Touch ID (for access security, handled entirely by iOS), iCloud (for optional data sync), and the iOS share sheet (for exporting documents). GoatBird does not receive biometric data from Face ID/Touch ID.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. If we make material changes, we will provide notice through the Service (such as an in-app notification), by email (if we have your email address), or by updating the “Last Updated” date at the top of this policy. For material changes affecting how we use personal information, we will provide at least 30 days’ advance notice where feasible.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service following the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

17. Data Processing Addendum

If you are located in the EEA, UK, Canada, Australia, or any other region with applicable data protection laws requiring a data processing agreement, our Data Processing Addendum (“DPA”) is incorporated by reference into this Privacy Policy and our Terms of Service. The DPA is available at gigledgerpro.app/dpa and governs our respective roles and obligations as data controller and/or processor.

18. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise any privacy rights described in this Policy, please contact us:

GoatBird Inc.
2108 N St STE N
Sacramento, CA 95816, USA
Email: support@gigledgerpro.app

EEA/UK users who are not satisfied with our response to a privacy complaint have the right to contact their national data protection supervisory authority.

Australian users who are not satisfied with our response may contact the Office of the Australian Information Commissioner at oaic.gov.au.

Canadian users may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Stay in the loop

New features, tips, and updates. No spam.