Saint Lucia Create Event Sign in
Home Events For Organizers Contact Us
Create Event Sign in
your data, your rules,

Privacy Policy

We collect the minimum we need to run a tickets platform โ€” your name, email, what you bought, and where you want to go next. We don't sell it. We don't share it with advertisers. And you can take it all back, any time.

Last updated 15 March 2026 GDPR & Saint Lucia DPA aligned Download PDF
ยง 01

The short version

If you don't want to read the whole thing, here's what matters:

  • We collect what's needed to sell you a ticket and get you into the event.
  • We never sell your data to advertisers or data brokers. Full stop.
  • Organizers of events you buy tickets to see your name and email โ€” that's it.
  • You can download, correct, or delete everything from Settings โ†’ Privacy.
  • We use cookies for cart, login, and honest product analytics. No tracking pixels for ad networks.
in plain english

Your data runs Link Up for you. It doesn't run Link Up's revenue model. If that ever changes, we'll tell you loud and clear, 30 days ahead.

ยง 02

What we collect

Account info

Name, email, phone, date of birth, country. You give us this when you sign up.

Payment info

Handled by our PCI-DSS processor. We see the last 4 digits, never your full card number.

Event activity

Tickets you buy, events you save, check-ins at the door, refund requests.

Device & location

IP address, browser, approximate city (for local events). We never use precise GPS without permission.

What we don't collect

We don't scan your messages, read your address book, track you across other websites, or buy extra data from brokers to "enrich" your profile. If we wouldn't want it done to us, we don't do it to you.

ยง 03

Why we collect it

To run your account
Log in, remember your preferences, show your ticket history. (Contract)
To sell tickets
Process payment, issue QR code, verify at the door, pass the essentials to the organizer. (Contract)
To improve the product
Aggregated, de-identified analytics โ€” what pages break, what searches fail. (Legitimate interest)
To email you
Order confirmations (always). Event reminders (always). Product news (only if you opt in). (Consent for marketing)
Fraud & safety
Detect stolen cards, scalping bots, spam accounts. (Legitimate interest)
Legal obligations
Anti-money-laundering checks, tax records, law-enforcement requests with valid warrants. (Legal)
ยง 04

Who we share it with

A short list, because we keep it short:

  • The organizer of an event you bought a ticket to โ€” name, email, and ticket tier so they can get you in and contact you if the event changes.
  • Payment processors (currently FAC & Stripe) โ€” to charge your card and handle refunds.
  • Email delivery (Postmark) โ€” so confirmations actually land in your inbox.
  • Product analytics (PostHog, self-hosted on our servers) โ€” not Google, not Meta.
  • Law enforcement โ€” only with a valid warrant or court order, and we publish an annual transparency report.
never shared with

Advertisers. Data brokers. Facebook / Meta. Third-party ad networks. Political campaigns. Insurers. Employers. Nope.

ยง 05

Cookies & tracking

Three buckets, and you control the last two:

Strictly necessary
Login session, cart contents, checkout state, security tokens. Can't be turned off โ€” the site won't work without them.
Analytics (optional)
Page views, button clicks, error tracking. Self-hosted, no cross-site tracking. Opt out any time in cookie settings.
Marketing (opt-in only)
We don't run any yet. If that changes, we'll ask you first with a clear toggle โ€” off by default.

Manage cookie preferences โ†’

ยง 06

Your rights

Under the Saint Lucia Data Protection Act and GDPR (if you're in the EU or UK), you have these rights โ€” and we make them one-click where possible:

01

Access

See everything we hold about you. Download it as JSON or CSV from Settings โ†’ Privacy โ†’ Download my data.

02

Correct

Fix anything that's wrong. Most profile fields are self-serve; for the rest, email us.

03

Delete

Close your account and we'll delete everything within 30 days โ€” except what we're legally required to keep (see ยง08).

04

Port

Take your data to another platform. We'll give you a clean export in a common machine-readable format.

05

Object

Say no to any processing we do under "legitimate interest" โ€” we'll stop unless there's a compelling reason not to.

06

Complain

If we mess up, tell us at dpo@linkup.lc. You can also complain to the Saint Lucia Data Protection Commissioner or your local equivalent.

ยง 07

How we protect it

  • Everything in transit is TLS 1.3. Everything at rest is AES-256 encrypted.
  • Passwords are hashed with bcrypt โ€” even we can't see them.
  • Payments go straight to PCI-DSS Level 1 processors. We never touch your full card.
  • Only a handful of engineers can access production data, and every access is logged.
  • We run a bug bounty. Report a security issue to security@linkup.lc.

If we're ever breached, we'll notify affected users within 72 hours โ€” and publish a post-mortem.

ยง 08

How long we keep it

Account & profile
For as long as your account is open. Deleted within 30 days of you closing it.
Ticket & payment records
7 years after the event โ€” tax and fraud-investigation law requires this.
Support emails
2 years, then anonymised and kept for analytics.
Analytics events
25 months max โ€” then deleted entirely.
Marketing lists
Until you unsubscribe. Unsub takes effect within 24 hours.
ยง 09

Children

Link Up isn't for under-13s. We don't knowingly collect data from children under 13. If you think your child has an account, email dpo@linkup.lc and we'll delete it the same day.

For 13โ€“17s, a parent or guardian must consent โ€” we ask for this at signup and again at first ticket purchase.

ยง 10

Contact our DPO

We have a named Data Protection Officer who reads every email.

Email
dpo@linkup.lc โ€” we reply within 72 hours
Post
DPO, The St Lucian Hub Ltd., Suite 12 Baywalk Mall, Rodney Bay, Gros Islet, Saint Lucia
Regulator
Office of the Data Protection Commissioner, Saint Lucia โ€” dataprotection.gov.lc
Version 3.1 ยท Published 15 March 2026 Previous: v3.0 (Jan 2026), v2.4 (Oct 2025). Material changes get a 30-day email heads-up before they kick in.
privacy question?

Email the DPO. A real person replies.

No form fields, no ticketing queue. dpo@linkup.lc goes straight to our Data Protection Officer in Rodney Bay.

Email the DPO Download my data