Acceptable Use Policy — GigVerify™

Who this applies to: This Acceptable Use Policy ("AUP") governs all verifier partners and API users accessing the GigVerify™ API. By obtaining API credentials or using the GigVerify™ API, you agree to this AUP. It forms part of your Verifier Agreement.

1. The Consent Requirement — Non-Negotiable

Every GigVerify™ API query must be accompanied by a valid consent token issued by the worker being queried. There are no exceptions.

Consent must be obtained through the GigVerify™ consent widget or Hosted Flow — you may not claim consent via other mechanisms
Consent tokens are non-transferable — a token for worker A cannot be used to query worker B
Storing and reusing consent tokens beyond the permitted scope is prohibited
You must honor consent revocations immediately — a consent_revoked response means you must not attempt to re-query or circumvent the revocation

2. Prohibited Uses

Violation of these prohibitions will result in immediate API key revocation and may result in legal action.

✗

Using GigVerify™ as a consumer report — GigVerify™ data must not be used as the sole basis for adverse action in credit, insurance, employment, or housing decisions without independent underwriting analysis. GigVerify™ is a supplemental income signal, not a credit report.

✗

Querying workers without consent — Attempting to query the API without a valid, worker-issued consent token is a violation of this AUP and applicable law.

✗

Bulk or speculative queries — Querying workers speculatively, without a specific pending transaction or application from that worker, is prohibited.

✗

Storing raw GigVerify™ responses beyond permitted retention — You may store the query result for the purposes of the specific transaction. You may not build a parallel database of worker income data.

✗

Re-selling or sub-licensing GigVerify™ data — You may not sell, license, or provide GigVerify™ query results to any third party, including data brokers, marketing firms, or other financial institutions.

✗

Using GigVerify™ for employment screening — GigVerify™ is not authorized for use in employment decisions. It is authorized for financial services (lending, insurance, tenancy) use cases only.

✗

Circumventing consent revocation — If a worker revokes consent, you must not attempt to obtain a new consent token from that worker through coercive or deceptive means as a condition of service.

✗

Reverse engineering or scraping — You may not attempt to reverse engineer the GigVerify™ API, scrape worker profiles, or probe for data beyond what your API key is authorized to access.

✗

Sharing API keys — Your API keys are for your organization only. You may not share sandbox or production keys with third parties, clients, or other organizations.

✗

Using the API in jurisdictions where prohibited — You are responsible for ensuring your use of GigVerify™ complies with all applicable local laws in the jurisdictions where you operate.

3. Required Disclosures to Workers

If you use GigVerify™ data as part of an adverse action decision (e.g., loan denial), you must notify the worker of the data source. We recommend including in your adverse action notice: "This decision was made in part based on income verification data obtained from GigVerify™ (Mavvrixx.ai Inc.) with your prior consent."

You must provide workers with the ability to dispute the data by directing them to disputes@gigid.ai or gigid.ai/vault.

4. Rate Limits and Technical Use

Starter plan: 60 requests/minute, 1,000 queries/month
Growth plan: 120 requests/minute, 10,000 queries/month
Scale plan: Custom limits per agreement

Exceeding rate limits will result in 429 rate_limit_exceeded responses. Sustained abuse of rate limits, or attempting to circumvent them, will result in key suspension.

5. Security Requirements

Your API keys must be stored server-side only — never in client-side code, mobile apps, or version control
All API calls must be made over TLS 1.2 or higher
You must notify us within 48 hours of any suspected compromise of your API keys at security@gigid.ai
You must implement appropriate access controls limiting who within your organization can access GigVerify™ responses

6. Enforcement

Mavvrixx.ai reserves the right to:

Suspend or revoke API access for violations of this AUP, with or without prior notice
Audit API usage logs to detect violations
Require remediation of violations as a condition of reinstatement
Pursue legal remedies for material violations

7. Reporting Violations

If you believe another verifier is misusing GigVerify™ data, or if a worker reports unauthorized use of their GigID data, please contact us at compliance@gigid.ai.

8. Updates

We may update this AUP at any time. Material changes will be communicated via email to the technical contact registered on your Verifier account with 14 days' notice. Continued API use after the effective date constitutes acceptance.

Compliance & Legal

API compliance: compliance@gigid.ai

Security incidents: security@gigid.ai

Worker disputes: disputes@gigid.ai

Legal: legal@mavvrixx.ai

Mavvrixx.ai Inc. · 850 New Burton Road, Suite 201, Dover, DE 19904