Last updated: 1 June 2026
Performers and agents trust this portal with sensitive business information. This page explains the security approach expected when GigFinder OS is hosted online.
Access Controls
Access should be limited to approved users. Agency records should be separated so each agency can only view its own clients, jobs, performers, invoices, documents and applications. Performer accounts should only show the performer information and work details intended for that performer.
Passwords And Login Security
Passwords are checked using one-way password hashing, so plain text passwords should not be stored. Users should choose strong passwords and avoid sharing accounts.
Hosting And HTTPS
When hosted online, the site should use HTTPS so data is encrypted in transit between the browser and the server. Hosting should be kept patched and protected with strong database credentials and restricted server access.
Uploaded Documents
Insurance documents, risk assessments, contracts and performer files may contain sensitive information. These files should only be available to authorised users and should be reviewed regularly so old or unnecessary files are not kept indefinitely.
Backups
Backups should be protected, access-limited and tested. Backup copies should follow the same retention and deletion expectations as the main system.
Breach Response
If data is accidentally exposed, lost or accessed by someone who should not have access, the issue should be investigated quickly. Some personal data breaches may need to be reported to the ICO within 72 hours.
Practical User Responsibilities
- Use a strong password and do not share it.
- Only download files when needed for legitimate work.
- Do not send portal data to people who should not receive it.
- Tell the agency if you spot incorrect data, unusual account activity or an accidental disclosure.