Privacy Policy

Table of Content

• I. Introduction and Scope
  • 1.1 Purpose and Commitment
  • 1.2 Scope of the Policy
  • 1.3 Linktude's Data Role
  • 1.4 Third-Party Services
• II. Data Controller and Contact Information
  • 2.1 Data Controller Status
  • 2.2 Corporate Identity and Registration
  • 2.3 Designated Contact Point
• III. Data Collection: What We Collect
  • 3.1 Data Collected from Vendors (Data Controller Role)
  • 3.2 Data Collected from Customers (Data Processor Role)
  • 3.3 Data We Do Not Collect
• IV. Data Usage: Why We Collect It (Legal Basis)
  • 4.1 Performance of a Contract (Contractual Necessity)
  • 4.2 Legitimate Interests
  • 4.3 Legal Obligation
  • 4.4 Consent
• V. Data Sharing and Disclosure
  • 5.1 Sharing with Payment Service Providers (PSPs)
  • 5.2 Sharing with Vendors (Data Processor Role)
  • 5.3 Third-Party Service Providers
  • 5.4 Legal and Regulatory Disclosures
• VI. International Data Transfers
  • 6.1 Necessity of Transfers
  • 6.2 Safeguards for Data Transfers
  • 6.3 Vendor Acknowledgment
• VII. Data Subject Rights
  • 7.1 Rights Applicable to All Data Subjects
  • 7.2 Vendor-Specific Rights
  • 7.3 Limitations
• VIII. Data Security and Retention
  • 8.1 Data Security Measures
  • 8.2 Data Retention Policy
• IX. Children’s Privacy
• X. Changes to this Policy

I. Introduction and Scope

1.1 Purpose and Commitment

This Privacy Policy explains how Linktude Limited ("Linktude," "we," "us," or "our") collects, uses, protects, and discloses your personal data when you use the Linktude Service. We are committed to protecting the privacy of our Vendors (Users) and their Customers, and handling all personal data in accordance with applicable laws, including the principles of the Nigeria Data Protection Regulation (NDPR) and the General Data Protection Regulation (GDPR).

1.2 Scope of the Policy

This Policy applies to:

• Vendors (Users): Individuals or entities who register an account to use the Service, including those who create a Link Path and use our payment facilitation tools.
• Customers: Individuals who initiate a transaction (e.g., payment, booking, download) through a Vendor’s Link Path.

1.3 Linktude's Data Role

• For Vendor (User) Data: Linktude acts as the Data Controller for the data we collect about you when you register, subscribe, and use the dashboard. We determine the purposes and means of processing this data.
• For Customer Data: Linktude typically acts as a Data Processor on behalf of the Vendor (who is the Merchant of Record). We process customer data (such as payment details, email addresses, and transaction logs) strictly according to the Vendor's instructions and for the purpose of fulfilling the Service (i.e., processing the payment and providing analytics).

1.4 Third-Party Services

This Policy does not apply to the data collection practices of our third-party Payment Service Providers (PSPs) (e.g., Flutterwave) or other external links found on our platform. We encourage you to review the privacy policies of any third parties before submitting your personal data.

II. Data Controller and Contact Information

2.1 Data Controller Status

For the data we collect about our Vendors (Users), Linktude Limited acts as the Data Controller. We are responsible for determining the purposes and means of processing that personal data.

2.2 Corporate Identity and Registration

Entity	Detail
Operational Name	Linktude Limited
Founding Base (Primary)	Lagos, Nigeria (CAC Registered)
Future/Holding Base	United States (Delaware, for international financial compliance)

2.3 Designated Contact Point

For all privacy-related matters, including requests to exercise data subject rights (as defined in Section VII), please contact our Data Protection Officer (DPO) or designated Privacy Team using the following details:

Contact Method	Detail
Support Ticket	Open Ticket
Address	Sterling Cooperative Estate, Ilaje – Lekki, Lagos, Nigeria.

Note: Please allow 15–30 business days for a complete response to any formal data subject access requests.

III. Data Collection: What We Collect

We collect personal data in two primary contexts: data about the Vendor (User) who registers and data about the Customer who transacts through a Link Path.

3.1 Data Collected from Vendors (Data Controller Role)

We collect the following data necessary for contract execution, compliance, and service delivery:

• Identity & Account Data: Full name, email address, phone number, and password (hashed).
• Financial & KYC Data: Bank account details (for NGN settlement), USDC wallet address (for USD settlement), and verification documents (if required for higher tiers or compliance checks).
• Subscription & Billing Data: Payment history, subscription tier, and billing information (handled by our external billing processor).
• Service Usage Data: IP address, device information, browser type, login stamps, and usage metrics related to the Linktude dashboard and API access.

3.2 Data Collected from Customers (Data Processor Role)

We collect data from customers when they interact with a Vendor's Link Path, solely for the purpose of executing the transaction and providing services to the Vendor. This data is processed on behalf of the Vendor, who remains the primary Merchant of Record:

• Transaction Data: Price paid, date/time of transaction, items/services purchased, and currency used (NGN or USD).
• Customer Identification: Customer name, email address, and any required information captured via Link Templates (e.g., shipping address for a Product Sales Link, or brief for a Web Form Link).
• Payment Details: Payment method information (e.g., card type, masked card number, expiration date). Note: Linktude explicitly does not store full raw card data; this sensitive data is handled directly by our certified Payment Service Providers (PSPs), such as Flutterwave.
• Technical Data: Customer IP address and device information at the time of purchase for fraud monitoring and geo-analytics (provided to the Vendor in the Professional Tier).

3.3 Data We Do Not Collect

Linktude does not collect or store sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data, unless required by specific, unforeseen legal compliance.

IV. Data Usage: Why We Collect It (Legal Basis)

We process your personal data based on the following legal grounds, ensuring that every collection has a legitimate purpose:

4.1 Performance of a Contract (Contractual Necessity)

This is the primary reason we process data—to deliver the Linktude Service that you, the Vendor, have signed up for. This includes processing necessary to:

• Create, maintain, and secure your Vendor Account.
• Process subscription payments and calculate Linktude fees.
• Facilitate the settlement of funds (NGN and USDC) to your verified accounts.
• Provide the core software, tools, and Link Templates necessary for your commerce gateway.

4.2 Legitimate Interests

We rely on legitimate interests to operate, improve, and protect our service, provided your rights and freedoms do not override these interests. These interests include:

• Platform Security and Fraud Prevention: Monitoring usage patterns and technical data (IP addresses, device information) to identify and prevent fraud, money laundering, and other Prohibited Activities.
• Service Improvement: Using aggregated and anonymized usage data to analyze service performance, fix bugs, and develop new features (e.g., new Link Templates).
• Business Operations: Analyzing our financial performance, managing our relationship with PSPs, and internal reporting.

4.3 Legal Obligation

We may process and disclose your data where we have a mandatory legal obligation, such as:

• Responding to valid requests from law enforcement, regulatory bodies (e.g., CBN, NDPR), or courts.
• Complying with AML/CTF reporting requirements.
• Fulfilling tax, accounting, or audit requirements.

4.4 Consent

We may occasionally rely on your explicit consent to process data for certain non-essential activities, such as sending marketing communications about new Linktude features, outside of those essential to the contract. You always have the right to withdraw this consent.

V. Data Sharing and Disclosure

We share your personal data only when strictly necessary, and we require all third parties to respect the security of your data and treat it in accordance with the law. We do not sell your personal data.

5.1 Sharing with Payment Service Providers (PSPs)

To execute payment transactions, we must share transaction and payment data (Section 3.2) with our licensed third-party Payment Service Providers (e.g., Flutterwave) and other financial institutions.

• Purpose: To authorize and settle payments, prevent fraud, comply with AML/CTF obligations, and facilitate the settlement of funds (NGN and USDC) to the Vendor.
• Limitation: Our PSPs act as separate data controllers or processors and handle the full raw card data. Linktude only retains transaction identifiers, not raw card numbers.

5.2 Sharing with Vendors (Data Processor Role)

When you, the Vendor, use our services, we share the following information collected from your Customers with you:

• Customer Identification: Name and email address.
• Transaction Details: Amount, item purchased, time of purchase, and status.
• Analytics: Technical data (e.g., Geo-IP location, source URL) to allow the Vendor to perform advanced conversion analytics.
• Vendor Responsibility: The Vendor is responsible for the privacy and security of the Customer data we share with them and must comply with their own data protection obligations.

5.3 Third-Party Service Providers

We use other trusted third parties to assist us in operating our business and providing the Service. These may include providers for:

• Cloud Hosting: Storing our application and data securely.
• Analytics: Providers that help us analyze website and dashboard usage (excluding customer transaction details).
• Legal/Compliance: Consultants and legal advisors.

5.4 Legal and Regulatory Disclosures

We will disclose your personal data if we are required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, or valid regulatory request.
• Protect and defend the rights or property of Linktude.
• Act in urgent circumstances to protect the personal safety of Users, Customers, or the public.
• Comply with AML/CTF requirements, including reporting Suspicious Activity Reports (SAR) to the relevant authorities.

VI. International Data Transfers

6.1 Necessity of Transfers

Linktude is a global FinTech utility. As a result, the personal data we collect may be transferred to, stored in, and processed in countries outside of your country of residence, including the United States (where our holding entity is/will be incorporated) and other international jurisdictions where our Payment Service Providers (PSPs) and cloud infrastructure providers are located.

6.2 Safeguards for Data Transfers

When transferring personal data across international borders, we ensure that appropriate safeguards are in place to protect that data, meeting or exceeding the standards required by the NDPR, GDPR, and other applicable laws. These safeguards include:

• Contractual Necessity: Transfers are necessary for the performance of the contract between the Vendor and Linktude (i.e., settling USD to a USDC wallet or processing international card payments).
• Standard Contractual Clauses (SCCs): Where required by law (e.g., for EU data subjects), we will implement Standard Contractual Clauses or other approved legal mechanisms with our international data processors to protect the data.
• PSP Compliance: We rely on the established compliance framework and security certifications (e.g., PCI-DSS and ISO certifications) of our major global PSP partners.

6.3 Vendor Acknowledgment

By using the Linktude Service, you acknowledge and consent to the international transfer of your and your Customers' personal data as described in this Policy, recognizing that data protection laws in other jurisdictions may differ from those in your country.

VII. Data Subject Rights

As a Vendor or Customer, you have specific rights regarding your personal data. Linktude is committed to honoring these rights in accordance with applicable laws.

7.1 Rights Applicable to All Data Subjects

You have the following rights, which can be exercised by contacting our Privacy Team by Opening a Support Ticket:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to obtain a copy of that data.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data. We will honor this request unless we have a legal obligation to retain the data (e.g., transaction records for tax or AML compliance).
• Right to Object to Processing: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (Section IV) and where that processing impacts your fundamental rights and freedoms.

7.2 Vendor-Specific Rights

As a Vendor, you can manage much of your data directly through your Linktude dashboard, including:

• Data Portability: You can request a copy of the personal data you provided to us in a structured, commonly used, and machine-readable format.
• Correction: You can update and correct most of your account information at any time via the settings panel.

7.3 Limitations

Please note that exercising these rights may be limited:

• Customer Data: As a Data Processor for customer data, Linktude will direct all Customer rights requests to the relevant Vendor (the Data Controller/Merchant of Record) for appropriate action.
• Legal Obligation: We may be required to retain certain financial or transactional data for audit, legal, or AML/CTF purposes, even after a request for erasure.

VIII. Data Security and Retention

8.1 Data Security Measures

Linktude takes the security of your data seriously and implements commercially reasonable technical and organizational measures designed to protect personal data from unauthorized access, accidental loss, disclosure, alteration, or destruction. Key measures include:

• Encryption: Data is encrypted both in transit (using SSL/TLS encryption for all communications between your browser and our servers) and at rest (using industry-standard encryption protocols for database storage).
• Non-Custodial Payment Model: We do not store sensitive raw customer payment data (such as full card numbers or CVVs). This highly sensitive information is handled exclusively by our Level 1 PCI-DSS certified Payment Service Providers (PSPs) like Flutterwave.
• Access Controls: Access to personal data is restricted only to Linktude employees and contracted personnel who require it for the performance of their duties and who are bound by strict confidentiality obligations.
• Founder Expertise: We leverage our expertise in full-stack security and e-commerce architecture to build a resilient and hardened infrastructure.

8.2 Data Retention Policy

We retain personal data only for as long as is necessary to fulfill the purposes for which we collected it, including for the purpose of satisfying any legal, accounting, or reporting requirements.

• Account Data: Retained for the duration of your active Vendor status and for a period thereafter (typically 12 months) to allow for account reactivation and to comply with legal obligations.
• Transaction Records: Financial transaction data is subject to mandatory retention periods required by our PSPs, local tax authorities (e.g., Nigerian law), and anti-money laundering (AML) regulations. This data may be retained for up to seven (7) years after the transaction date, even if your account is closed.
• Inactive Data: Data that is no longer necessary for our operations but must be retained for legal compliance is securely archived and protected from further processing.

IX. Children’s Privacy

Linktude is an adult-focused financial and commerce utility. Our Service is not directed to individuals under the age of eighteen (18), nor do we knowingly collect personal data from them.

• Prohibition: If you are under 18, you are not permitted to use the Linktude Service.
• Removal of Data: If we become aware that we have inadvertently collected personal data from a child under 18 without parental consent, we will take immediate steps to delete that information from our records. If you believe a minor has provided us with personal data, please contact us immediately by Opening a Support Ticket.

X. Changes to this Policy

The legal and regulatory landscape for data protection and FinTech changes rapidly. We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons.

• Notification: We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of the document.
• Major Changes: For major changes, we will provide you with reasonable advance notice, such as through email notification or a prominent notice on the Linktude dashboard, before the changes become effective.
• Your Acceptance: Your continued use of the Linktude Service after the effective date of the revised Privacy Policy constitutes your acceptance of the new terms.