Cockpit
Features Pricing Contact
Sign in Join the waitlist ↗
Features Pricing Contact Sign in

Legal

Privacy Policy

Effective July 4, 2026

This policy explains how Gigantic LLC (“Gigantic,” “we,” “us”), based in Seattle, Washington — the studio behind itsgigantic.com — collects, uses, and protects information when you use Cockpit (the “Service”). The short version: we collect what the product needs to work, we don’t run ad trackers, and we never sell your data.

1. What we collect

  • Account information. When you sign in with Google: your name, email address, and profile photo. We never see your Google password.
  • Team & site data. Team names, member roles, and metadata about the Webflow sites you connect (site names, domains, page and CMS structure, publish history, health-check results).
  • Webflow & Google tokens. OAuth tokens you authorize, stored encrypted (AES-256-GCM). We use them only to perform the actions you request or configure.
  • Scanned page content. Our content scanner fetches your publicly published pages to check for issues. Findings (issue type + URL) are stored; the page HTML itself is processed in memory and not retained.
  • Billing. Payments run through Stripe. We store your subscription status and Stripe identifiers — never card numbers.
  • Messages you send us. Contact-form submissions and access requests (name, email, message).
  • Basic logs. Standard server logs (IP, timestamps, requests) for security and debugging, retained briefly.

2. What we don’t do

  • No selling or renting of personal data. Ever.
  • No advertising trackers or third-party analytics cookies. The app uses only strictly-necessary cookies (session and security).
  • No reading of your site content beyond what the features you use require.

3. How we use information

To provide and improve the Service: authenticating you, monitoring the sites you connect, running the scans and publishes you request, sending the alerts you configure, processing payments, responding to messages, and keeping the Service secure. Legal bases (where GDPR applies): performance of contract for the core product, legitimate interests for security and product improvement, and consent where we ask for it.

4. Who we share it with

Only service providers that host or power the product (“subprocessors”):

  • Railway — application & database hosting (US)
  • Stripe — payment processing
  • Google — sign-in; Google Sheets when you connect it
  • Webflow — the site APIs the product is built on
  • Resend — transactional email delivery (alerts), when enabled

Each receives only what its function requires. We may also disclose information if required by law, or as part of a merger or acquisition (we’d notify you).

5. Retention

Account and team data is kept while your account is active. Health-check and scan logs are trimmed on a rolling basis. If you delete your account or team, we delete the associated data within 30 days, except minimal records we must keep (e.g., billing records required for tax law).

6. Security

All traffic is encrypted in transit (TLS). OAuth tokens are encrypted at rest with AES-256-GCM. Access to production systems is restricted and audited. No system is perfectly secure — if a breach affects your data, we will notify you as required by law.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, reach us via the contact page — we respond to all requests, regardless of jurisdiction.

8. International transfers

We are based in Seattle, Washington, and our infrastructure is hosted in the United States. Where data is transferred from other regions, we rely on our providers’ standard contractual safeguards.

9. Children

The Service is not directed at children under 16, and we don’t knowingly collect their data.

10. Changes

We’ll update this policy as the product evolves and note the new effective date at the top. For material changes we’ll notify you by email or in-app first.

11. Contact

Privacy questions or requests: the contact page, or write to Gigantic LLC, Seattle, WA via itsgigantic.com.

Cockpit by Gigantic
Features Pricing Contact Terms Privacy
© 2026 Gigantic. All rights reserved.