BigWheel IT
Privacy Policy

How BigWheel IT handles your information.

Last updated: 14 June 2026. This page explains what BigWheel IT collects when you use the Developer OS portal, what we do with it, and how we keep it safe.

Information we collect

  • Developer applications. Name, email, WhatsApp number, optional GitHub username, portfolio URL, country, skills, technology stack, availability, preferred project type, and the message you submit. Stored to evaluate whether to invite you into the platform.
  • Contact requests. Name, email, WhatsApp number, request type, optional subject, and message. Stored so BigWheel IT admins can respond from inside the portal.
  • Project information. When you become a developer, we record project assignment, agreements, signature, initials, comments, file uploads, screenshots, and payment ledger entries. All scoped per-project.
  • Uploaded files and screenshots. Stored privately, outside the public web root. Served only to authenticated users authorised to see them.
  • Email and notifications. Outbound mail subjects + safe statuses (sent / failed / category) are logged so admins can troubleshoot.
  • Audit log. Authentication events, agreements, signatures, status changes, payments, and deliveries are recorded with user, timestamp, IP, and user-agent.
  • Technical metadata. IP address and user-agent on submissions and on each authentication event.

How we use it

  • To review developer applications and decide whether to invite you in.
  • To answer contact requests and follow up on project enquiries.
  • To run the portal: assignments, agreements, payments, deliveries.
  • To maintain an audit trail of who did what, for security and accountability.

Security

  • Passwords are hashed with PHP's PASSWORD_DEFAULT (bcrypt). Plaintext passwords are never stored or logged.
  • Sessions use HttpOnly + SameSite=Lax cookies and rotate on login.
  • Every POST is CSRF-protected. All DB access uses prepared statements.
  • Uploaded files and signatures are stored outside the public web root and served via authorised routes only.
  • SMTP and GitHub credentials are stored in admin-only settings and never echoed back to the UI; raw upstream errors are sanitised before logging.

Data access

  • Admin: full access by role.
  • Developer: their own profile, their own assigned/posted projects, their own messages and notifications, and only those screenshots/links/technical details an admin has marked developer-visible or public.
  • Public: only landing-page content and screenshots explicitly marked public on a project that is also marked marketplace-public.
  • No public registration. Joining as a developer requires admin review and conversion of an application.

Retention

We keep applications, contact requests, and audit/email logs for as long as needed to operate the platform and meet legal or accounting obligations. Operational scrub of stale email and audit logs is at admin discretion.

Contact

Privacy questions, deletion requests, or concerns: itsupport@bigwheelit.com.

This is an operational privacy policy for the BigWheel IT Developer OS portal. It should be reviewed by legal counsel before public marketplace launch.