Privacy Policy

LYNK ID (“we”, “our”, “us”) operates the platform at www.lynk-id.com and associated mobile applications. We provide NFC-based identity verification, contractor check-in/check-out, guardian safety tags, and related services.

For questions about this policy or to exercise your privacy rights, contact us at privacy@lynk-id.com.

Account & Profile Data

• Name, email address, and password (hashed)
• Phone number and company name
• Profile photo
• Trade / profession
• Emergency contact name and phone number
• Medical information (blood type, allergies, notes) — entered voluntarily

Job & Activity Data

• Job records: title, address, client name, client phone, scheduled times, status
• SMS consent records — timestamp of when consent was given
• Check-in / check-out events tied to NFC tag scans
• Verification records and associated documents
• API keys and webhook configurations

Device & Scan Data

• NFC tag scan events, including approximate geolocation when a tag is scanned
• Device type and browser information collected at scan time
• IP address associated with scan requests

Usage & Analytics Data

With your consent, we use Vercel Analytics to collect anonymised page-view and performance data. No personally identifiable information is included in analytics events. You may decline analytics via the cookie banner on your first visit.

• Operate and deliver our platform and NFC-based services
• Authenticate your identity and secure your account
• Send SMS check-in / check-out notifications to clients (only with their explicit consent)
• Send guardian-mode SMS alerts to the tag owner's emergency number
• Sync jobs to Google Calendar when you connect that integration
• Process badge and hardware orders
• Detect fraud and enforce our Terms of Service
• Comply with applicable laws and respond to legal requests
• Improve the platform using aggregated, anonymised analytics

If you are located in the European Economic Area or United Kingdom, we process your personal data under these legal bases:

• Contract performance — to provide the services you signed up for
• Consent — for analytics cookies and SMS notifications (withdrawable at any time)
• Legitimate interests — platform security, fraud prevention, and service improvement
• Legal obligation — where required by applicable law

We send automated SMS messages in two scenarios:

• Check-in / check-out alerts to a client's phone number — only sent when the contractor has checked the consent box confirming the client agreed to receive these messages
• Guardian-mode safety alerts to your own emergency number — by saving that number in your profile you consent to receive these alerts

Message and data rates may apply. You may opt out of guardian-mode SMS at any time by removing your emergency number from your profile. Clients can opt out by contacting the contractor who submitted their number; the contractor is responsible for honouring that request by removing the phone number from the job record.

We do not sell your personal information. We share data only with the following categories of service providers, solely to operate the platform:

• Firebase (Google) — authentication, database, and file storage (USA, EU data-processing terms available)
• Twilio — SMS delivery for check-in/out notifications and guardian alerts
• Vercel — hosting, edge functions, and opt-in web analytics
• Google Calendar API — calendar sync, only when you explicitly connect your Google account
• Stripe (if applicable) — payment processing for hardware orders

Each provider is contractually bound to process data only as instructed and in accordance with applicable data-protection law. We may also disclose information if required by law, court order, or to protect the safety of any person.

We use a single first-party cookie (lynk_cookie_consent) to remember your cookie preference. No tracking cookies are set until you click “Accept” on the consent banner.

If you accept, Vercel Analytics loads and collects anonymised, aggregated performance data. No cross-site tracking or advertising cookies are used. You can change your preference at any time by clearing your browser's local storage for this site.

We retain your personal data for as long as your account is active. When you delete your account via Dashboard → Profile → Danger Zone, we permanently delete:

• Your profile document
• All job, verification, tag, badge, API key, and webhook records you own
• Your Firebase Authentication account

Certain records may be retained in anonymised or aggregated form for up to 90 days in backup systems, after which they are purged. We retain transaction records where required by law (e.g., for tax purposes).

GDPR / UK GDPR (EEA & UK residents)

• Art. 15 — Right of access: request a copy of your data
• Art. 16 — Right to rectification: correct inaccurate data via your profile
• Art. 17 — Right to erasure: delete your account and all data (Dashboard → Profile → Danger Zone)
• Art. 18 — Right to restriction: request we pause processing while a dispute is resolved
• Art. 20 — Right to data portability: download all your data as JSON (Dashboard → Export → Download My Data)
• Art. 21 — Right to object: opt out of analytics via the cookie banner
• Right to lodge a complaint with your national supervisory authority

PIPEDA (Canadian residents)

• Right to access — request a copy of the personal information we hold about you
• Right to correction — request we correct inaccurate or incomplete personal information
• Right to withdraw consent — you may withdraw consent to our collection or use of your personal information at any time, subject to legal or contractual restrictions
• Right to lodge a complaint — you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
• To exercise any of these rights, email privacy@lynk-id.com. We will respond within 30 days.

CCPA / CPRA (California residents)

• Right to know what personal information is collected and how it is used
• Right to delete — use Dashboard → Profile → Danger Zone
• Right to correct inaccurate personal information
• Right to data portability — use Dashboard → Export → Download My Data
• Right to opt out of the sale or sharing of personal information — we do not sell or share personal information for advertising
• Right to non-discrimination for exercising your privacy rights

To exercise any right not directly available in the dashboard, email privacy@lynk-id.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

LYNK ID does not sell, rent, or share personal information with third parties for their own marketing or advertising purposes. Vercel Analytics processes anonymised, aggregated data only and does not constitute a “sale” or “sharing” under CCPA.

If you wish to confirm this or submit a formal opt-out request, email privacy@lynk-id.com with the subject line Do Not Sell My Information.

We use industry-standard measures to protect your data, including:

• TLS encryption in transit for all data
• Firebase Security Rules restricting database access to authenticated users
• Server-side Firebase Admin SDK access limited to authenticated API routes
• TOTP (time-based one-time password) secrets encrypted at rest using AES-256
• Regular dependency audits and security reviews

No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by law.

Our contractor and professional identity services are not directed at children under 13 (US) or under 16 (EEA/UK). We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us at privacy@lynk-id.com and we will delete it promptly.

For school, daycare, or youth-program deployments of guardian-mode tags, a parent or guardian must provide explicit consent on behalf of the child.

LYNK ID is based in the United States. If you access our services from the EEA, UK, Canada, or other regions with data-protection laws, your data is transferred to and processed in the US. Firebase (Google) and Vercel offer data-processing agreements and Standard Contractual Clauses (SCCs) to cover these transfers. Contact us if you require a copy of applicable transfer mechanisms.

Canadian residents: Your personal information may be transferred to and stored in the United States, where it is subject to US law. By using our services, you consent to this transfer. We take steps to ensure your information receives a comparable level of protection to that required under PIPEDA, including through contractual obligations with our service providers (Firebase/Google, Vercel, Twilio, Stripe).

We may update this Privacy Policy periodically. When we do, we will revise the “Effective” date at the top of this page. For material changes we will notify you by email or by a prominent notice in the dashboard. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Privacy requests, questions, or complaints:

• Email: privacy@lynk-id.com
• Response time: within 30 days for GDPR requests, 45 days for CCPA requests

You also have the right to lodge a complaint with your local data-protection authority — for example, the ICO (UK), the DPC (Ireland), or the relevant EU supervisory authority.