Privacy

Privacy Policy

How Link Centre collects, uses, and protects your personal information.

Last updated 2 May 2026

Draft for review. This policy is a starting draft tailored for Link Centre and has not been reviewed by a lawyer. Please obtain independent legal review before relying on it.

1. Introduction

This Privacy Policy explains how Link Centre ("we", "us", "our") collects, uses, and protects information about you when you use the Link Centre service, including our website, dashboard, public profile pages, and related apps and features (together, the "Service").

We are the data controller responsible for your personal data under the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. Our registered office is at [Registered Address] (company number [Company Number]).

If you have any questions about this policy or how we handle your data, please contact us at privacy@link-centre.com.

2. Information we collect

We collect personal data in the following ways:

Information you give us

  • Account information: name, email address, password (stored hashed), and any organisation details you provide when creating an account.
  • Profile content: the information you choose to display on your public profile, such as job title, photo, biography, contact details, and social or website links.
  • Billing information: when you subscribe to a paid plan, payment details are collected and processed by our payment processor, Stripe. We do not store full card details on our servers.
  • Wallet pass information: if you generate an Apple Wallet or Google Wallet pass, we send the relevant profile data to Apple or Google to issue the pass.
  • Support communications: messages you send us through our contact form, email, or other channels.

Information we collect automatically

  • Technical data: IP address, device type, browser type and version, operating system, and other diagnostic data needed to deliver and secure the Service.
  • Usage data: pages viewed, features used, and approximate timing of those interactions.
  • Profile analytics: when someone views your public profile, we record aggregate metrics (view counts, link clicks, approximate location, device type) so you can see how your profile is performing.
  • Cookies and similar technologies: see our Cookie Policy for details.

3. How we use your information

We use your personal data to:

  • Provide, maintain, and improve the Service, including hosting your profile and generating QR codes and wallet passes;
  • Manage your account, authenticate you, and provide customer support;
  • Process payments and prevent fraud;
  • Send you transactional communications about your account, billing, and changes to the Service;
  • Send you product updates and marketing communications where you have opted in (you can unsubscribe at any time);
  • Monitor, secure, and protect the Service against abuse, fraud, and unauthorised access;
  • Comply with our legal and regulatory obligations.

4. Lawful bases for processing (UK GDPR)

Under the UK GDPR, we rely on the following lawful bases when processing your personal data:

  • Contract: processing necessary to provide the Service you have signed up for, including hosting your profile and processing payments.
  • Legitimate interests: processing necessary to operate, secure, and improve the Service, prevent fraud, and communicate with you about your account. We have assessed that these interests are not overridden by your rights and freedoms.
  • Consent: for non-essential cookies, optional marketing communications, and any other processing where we ask for your explicit agreement. You can withdraw consent at any time.
  • Legal obligation: where we must process data to meet a legal requirement, such as keeping financial records or responding to lawful requests.

5. Third-party processors

We work with carefully selected third-party providers to deliver the Service. These providers process personal data on our behalf under written agreements that require them to keep your data secure and use it only for the purposes we specify.

  • Stripe — payment processing for subscriptions and one-off payments. See stripe.com/privacy.
  • Apple Wallet — issuing and updating Apple Wallet passes when you choose to add your profile to Apple Wallet. See apple.com/legal/privacy.
  • Google Wallet — issuing and updating Google Wallet passes when you choose to add your profile to Google Wallet. See policies.google.com/privacy.
  • Hetzner Online GmbH — hosting and infrastructure services within the European Union. See hetzner.com/legal/privacy-policy.
  • Email delivery provider ([Provider Name]) — sending transactional and account-related emails on our behalf.

6. International transfers

Our hosting infrastructure is located within the European Union, and we aim to keep your data within the UK or EEA wherever possible. However, some of our processors (such as Stripe, Apple, and Google) may transfer your data outside the UK and EEA — for example, to the United States.

Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards required by the UK GDPR, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions issued by the UK Government.

7. Data retention

We keep your personal data for only as long as we need it for the purposes set out in this policy:

  • Account and profile data: for as long as your account is active. If you delete your account, we will delete or anonymise your account and profile data within 30 days, except where we are required to keep it for legal reasons.
  • Billing and tax records: at least 7 years from the end of the relevant tax year, in line with UK statutory record-keeping requirements.
  • Support communications: typically up to 2 years after the last interaction, to help us answer follow-up questions and improve our service.
  • Backups: data may persist in encrypted backups for a limited period after deletion before being overwritten in the normal backup rotation.

8. Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to ask us to delete your personal data in certain circumstances.
  • Right to restrict processing — to ask us to limit how we use your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, commonly used format, or to have it transferred to another provider.
  • Right to object — to object to processing based on legitimate interests, or to direct marketing.
  • Rights related to automated decision-making — we do not currently make decisions about you based solely on automated processing that has legal or similarly significant effects.

To exercise any of these rights, please contact us at privacy@link-centre.com. We will respond within one month, as required by the UK GDPR.

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. We would, however, appreciate the chance to address your concerns first.

9. Children

Link Centre is not directed at children under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at privacy@link-centre.com and we will take appropriate steps to delete it.

10. Security

We take the security of your personal data seriously. We use industry-standard technical and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit using TLS;
  • Encryption at rest where supported by our infrastructure providers;
  • Hashing and salting of passwords;
  • Access controls limiting employee and contractor access to personal data on a need-to-know basis;
  • Regular review of our security practices and infrastructure.

No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and the ICO as required by law.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. The "Last updated" date at the top of this page will always show when the latest version came into effect. For significant changes, we will notify you by email or through a prominent notice on the Service before the changes take effect.

12. Contact us

If you have any questions about this Privacy Policy or our data practices, please get in touch: