Back to Home
Ventur Logo

Gigged.ai

Vendor Risk Assessment Report

Comprehensive vendor risk analysis covering financial, cybersecurity, regulatory, and operational risks

Executive Summary

Overall Risk Level

Medium

Balanced risk profile with areas requiring attention

Classification

High

High-risk vendor due to sensitive data handling

Business Use Case

Recruitment Platform

AI-powered talent matching and skills intelligence

Summary

Gigged.ai presents a balanced risk profile. Financially, they are stable with recent funding, and reputational risk is low due to strong customer satisfaction. However, a medium risk is identified across cybersecurity, regulatory, SLA, BCP, and AI due to a lack of comprehensive certifications (beyond Cyber Essentials), undocumented continuity plans, undefined SLA specifics, and limited explicit AI governance documentation, despite their commitment to data privacy and compliance.

Detailed Risk Analysis

Financial Risk

Medium

Gigged.ai has demonstrated recent financial stability with significant funding rounds, including a £1.6 million seed round in January 2023 and an additional £1 million over the 10 months leading to July 2025, totalling $4.14M. Their valuation was £6.4M as of December 2022, with estimated annual revenue of $633.6k. No significant debt, lawsuits, bankruptcies, or financial scandals were identified.

Risk Rationale: The vendor shows active investment and reasonable revenue for its stage, indicating a healthy financial outlook. However, as a startup, long-term financial stability remains a consideration, leading to a medium risk classification rather than low.

Cybersecurity Risk

Medium

Gigged.ai's Privacy Policy (June 11, 2024) commits to UK DPA and EU GDPR compliance, with strong data governance and limited data access. They display a 'Certified Cyber Essentials' badge on their homepage. However, specific certifications like SOC 2 or ISO 27001 were not identified, and no past incidents were reported.

Risk Rationale: While the vendor demonstrates a commitment to data protection and possesses a baseline Cyber Essentials certification, the absence of more robust industry-standard certifications (e.g., SOC 2, ISO 27001) for a high-risk vendor handling sensitive PII prevents a low rating.

Regulatory Risk

Medium

Gigged.ai explicitly states compliance with the UK's Data Protection Act and the EU's General Data Protection Regulation (GDPR), acting as a data controller. No information regarding third-party regulatory compliance audits, legal actions, fines, or violations was found.

Risk Rationale: The explicit commitment to UK DPA and EU GDPR compliance is positive. However, the lack of information on independent third-party regulatory audits or external validation of compliance practices introduces a moderate level of risk.

Service Level Agreement (SLA) Risk

Medium

No specific uptime SLA or details on penalty clauses for service failures were identified. Customer reviews on G2 and Gartner Peer Insights, however, praise responsive and helpful customer support.

Risk Rationale: The absence of a clearly defined uptime Service Level Agreement and details on remedies for service failures creates uncertainty regarding service continuity guarantees, despite positive feedback on customer support.

Business Continuity Planning (BCP) Risk

Medium

No documented business continuity or disaster recovery plans were found. Key third-party dependencies include Microsoft Azure and Azure OpenAI API, among others. Data export or service exit options are not explicitly detailed beyond account closure.

Risk Rationale: The lack of documented Business Continuity Planning (BCP) or Disaster Recovery (DR) plans presents a moderate risk, as it's unclear how service disruptions or major incidents would be managed to ensure continued operations.

Artificial Intelligence (AI) Risk

Medium

AI is central to Gigged.ai's platforms for skills intelligence and talent matching, relying on Microsoft Azure and Azure OpenAI API. Their Privacy Policy addresses consent for AI model training. However, no specific documentation on AI model transparency, fairness, or explicit compliance with regulations like the EU AI Act or NIST AI RMF was found.

Risk Rationale: Given AI's central role, the absence of explicit documentation outlining AI model transparency, fairness, and compliance with emerging AI regulations (e.g., EU AI Act, NIST AI RMF) poses a moderate risk.

Reputation Risk

Low

Gigged.ai holds high ratings of 4.7/5 on G2 (4.9/5 in some mentions) and 5/5 on Gartner Peer Insights, with customers commending ease of use, quality of vetted talent, and responsive support. Minor complaints relate to specific features, not overall service or ethics. No major PR incidents or social media backlash were found.

Risk Rationale: Consistently high customer satisfaction ratings and the absence of any significant negative PR incidents or social media backlash indicate a strong and positive public reputation for the vendor.

Recommendations

Next Steps

Collect vendor compliance documentation annually to ensure ongoing risk management and compliance verification.

  • Request updated security certifications (SOC 2, ISO 27001)
  • Obtain business continuity and disaster recovery documentation
  • Review SLA terms and penalty clauses
  • Validate AI governance and compliance documentation