LinkUpp
Join LinkUpp
Privacy Policy - LinkUpp

Privacy Policy

Your privacy is important to us. This policy explains how we handle your data.

Effective: June 25, 2026 Β· Version: 1.0 (draft, pending legal review)

LinkUpp Ltd. ("LinkUpp", "we", "us") is headquartered in Accra, Ghana, and operates the LinkUpp platform globally. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over it.

We comply with the data-protection laws of the countries we operate in, including: Ghana's Data Protection Act 2012 (Act 843), Nigeria's NDPR 2019 and Nigeria Data Protection Act 2023, South Africa's POPIA, Kenya's Data Protection Act 2019, and where applicable the EU's GDPR and the UK GDPR.

1. Data We Collect

We collect:

  • Account data β€” name, email, phone number, country, locale, password (stored hashed).
  • Profile content β€” anything you publish: posts, comments, articles, products, invoices, projects.
  • Payment data β€” for subscriptions we receive only a transaction reference from our payment providers (Paystack, Flutterwave, Stripe, PayPal); we never store full card numbers.
  • Usage data β€” pages viewed, features used, device + browser metadata, IP address, approximate location derived from IP.
  • Cookies + similar β€” see our Cookie Policy.

2. How We Use Your Data

  • To operate the platform: authenticate you, render your content, send notifications.
  • To process payments: forward transaction info to our payment providers.
  • To improve LinkUpp: anonymous analytics, debugging, fraud detection.
  • To communicate: service announcements, replies to your support requests.
  • To comply with law: respond to lawful requests from regulators or courts.

We do not sell your personal data. We do not use your private posts to train AI models. We do not send marketing emails unless you opt in.

3. Legal Basis for Processing

  • Contract β€” processing necessary to provide the service you signed up for.
  • Consent β€” where you have given us permission (e.g. marketing emails).
  • Legitimate interest β€” preventing fraud, securing the service, improving features.
  • Legal obligation β€” tax records, regulator requests, fraud investigations.

4. Who We Share Data With

  • Payment processors β€” Paystack, Flutterwave, Stripe, PayPal β€” only the data needed to settle a transaction.
  • Email infrastructure β€” our transactional email provider, to deliver notification emails.
  • Hosting β€” our cloud host stores our database and your uploads.
  • Other LinkUpp users β€” only the content you choose to make visible (profile, public posts, etc.).
  • Authorities β€” where required by law, with the minimum information necessary.

Every third-party processor we use is bound by a data-processing agreement that requires equivalent protection of your data.

5. Your Rights

You have the right to:

  • Access β€” request a copy of the data we hold about you. Use the in-app Account area or POST to /api/user/export_data.
  • Correct β€” update inaccurate data via your Profile settings.
  • Delete β€” request erasure of your account and content via /api/user/delete_account or by writing to us.
  • Object / Restrict β€” tell us to stop or limit certain processing.
  • Portability β€” download your data in a structured, machine-readable format (JSON).
  • Withdraw consent β€” for any processing based on consent.
  • Complain β€” lodge a complaint with your country's data-protection authority: Ghana DPC (dataprotection.org.gh), Nigeria NDPC (ndpc.gov.ng), South Africa Information Regulator (inforegulator.org.za), Kenya ODPC (odpc.go.ke).

6. Data Retention

We retain your account and content for as long as your account is active, plus a reasonable grace period after deletion (typically 30 days) so accidental deletions can be reversed. Some records (financial transactions, fraud-prevention logs) are retained longer to comply with tax and AML regulations: typically 6 years in Ghana / Nigeria, 5 years in South Africa, 7 years in Kenya. Anonymous, aggregated usage data may be retained indefinitely.

7. Data Transfers

LinkUpp is operated from Ghana. Where data is transferred outside your country of residence (for example to our cloud hosting providers in Europe or the United States), we rely on Standard Contractual Clauses or equivalent safeguards approved by the relevant regulator. Specifically:

  • NDPR / NDP Act 2023 (Nigeria): transfers outside Nigeria are made subject to the National Data Protection Commission's adequacy decisions or SCCs.
  • POPIA (South Africa): transfers comply with sections 71–72, including ensuring the recipient country offers equivalent protection.
  • Kenya DPA: transfers comply with section 48 and the Data Commissioner's adequacy lists.

8. Security

We protect your data with industry-standard measures: HTTPS everywhere, password hashing (bcrypt), CSRF and XSS defenses, server-side input validation, audit logging, and least-privilege access for our team. No system is perfectly secure; we will notify affected users and regulators of any material breach within the timelines required by the laws applicable to you (72 hours under GDPR; "reasonable steps" without delay under POPIA; etc).

9. Children

LinkUpp is not directed at children under 16 (or under the relevant age of digital consent in your country). We do not knowingly collect data from children under that age. If you believe we have, contact us and we will delete it.

10. Contact & DPO

Data Protection Officer: privacy@mylinkupp.com
Postal: LinkUpp Ltd., [registered address β€” LEGAL REVIEW REQUIRED], Accra, Ghana.

Contact Us

If you have any questions or concerns about our privacy policy, please contact us.