This Privacy Policy explains how Linkyt Technologies ("Linkyt", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit our marketing website, create an account on our platform, use our commerce and customer-engagement services, or otherwise interact with us.

Linkyt provides an agentic commerce platform that may include online storefronts, bookings, payments, CRM, productivity tools, API integrations, and WhatsApp AI agent capabilities. Because we serve merchants globally and process data on their behalf, this policy describes both our role as a data controller (for account, billing, and website data) and, where applicable, as a data processor (for personal data merchants submit about their own customers).

We are committed to handling personal data in line with the EU General Data Protection Regulation ("GDPR"), the UK GDPR (where applicable), and other laws that apply to our operations, including the Protection of Personal Information Act ("POPIA") in South Africa.

1. Who we are

Data controller: Linkyt Technologies, operating from Estonia, with a regional presence in South Africa.

Registered address: Kelmiküla, Tallinn, Estonia
Privacy contact: team@linkyt.io
Website: www.linkyt.io
Platform: app.linkyt.io

If you are a customer of a merchant using Linkyt, that merchant is usually the data controller for your personal data. Please contact the merchant first for requests relating to orders, bookings, or support. We will assist merchants in fulfilling their obligations where we act as their processor.

2. Scope

This policy applies to:

Visitors to our marketing website and blog
Merchants, administrators, and users of Linkyt accounts
Individuals who contact us (for example via forms, email, or phone)
End-customer personal data processed through merchant storefronts, bookings, CRM, payments, and messaging features, where Linkyt acts on the merchant's instructions

3. Personal data we collect

3.1 Account and business data (merchants)

Name, email address, phone number, and login credentials
Business name, billing details, tax or registration information where required
Subscription plan, usage, support communications, and audit logs
Configuration data for storefronts, products, bookings, forms, and integrations

3.2 End-customer data (on behalf of merchants)

Depending on how a merchant uses Linkyt, we may process:

Contact details (name, email, phone, delivery or billing address)
Order, booking, payment, and transaction records
CRM notes, tags, communication history, and support tickets
WhatsApp or messaging metadata and message content where merchants enable AI agent or messaging features
Device, browser, and usage data collected through merchant-facing experiences

3.3 Website and marketing data

Contact form submissions (name, email, phone, inquiry type, message)
Analytics and performance data (pages viewed, referrers, approximate location, device type)
Cookies and similar technologies (see Section 11)

3.4 Payment data

Payments may be processed through LinkytPay or third-party payment providers (such as Yoco or Payfast). Card details are handled by the payment provider where applicable. We typically receive transaction status, amounts, references, and limited payer metadata (not full card numbers) unless required for reconciliation or support.

4. How we use personal data

We use personal data to:

Provide, operate, secure, and improve the Linkyt platform and website
Create and manage accounts, authenticate users, and enforce access controls
Process subscriptions, invoices, and payment-related activity
Enable storefront, booking, CRM, delivery, and messaging features requested by merchants
Provide customer support, onboarding, and service communications
Monitor usage, prevent fraud, abuse, and security incidents
Comply with legal obligations and respond to lawful requests
Send product updates or marketing where permitted; you may opt out of marketing at any time

5. Legal bases (GDPR)

Where GDPR applies, we rely on the following legal bases:

Contract: to provide the services you or your organisation signed up for
Legitimate interests: to secure our platform, improve features, prevent misuse, and communicate about your account, balanced against your rights
Consent: for optional cookies, certain marketing, or where required for specific processing
Legal obligation: for tax, accounting, regulatory, or law-enforcement requirements
Processor role: when processing end-customer data, we act on the merchant's documented instructions and applicable data processing terms

6. Sharing and subprocessors

We do not sell personal data. We may share data with:

Infrastructure providers (for example AWS) to host and operate our services
Payment processors to complete transactions initiated by merchants or their customers
Meta and messaging partners where merchants use WhatsApp or related channels, subject to platform policies and merchant configuration
AI and automation providers where required to deliver agent workflows configured by merchants
Analytics providers (such as Google Analytics or Google Tag Manager) for website measurement
Professional advisers (legal, accounting, insurance) under confidentiality obligations
Authorities where required by law or to protect rights, safety, and security

We require subprocessors that handle personal data to implement appropriate contractual safeguards and security measures. A list of key subprocessors may be provided on request to merchants.

7. International transfers

Linkyt operates across jurisdictions. Personal data may be processed in the European Economic Area, the United Kingdom, South Africa, the United States, or other countries where our providers maintain facilities.

Where GDPR applies and data is transferred outside the EEA/UK without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses, supplementary measures where needed, and processor agreements with vendors.

8. Retention

We retain personal data only as long as necessary for the purposes described in this policy, including:

For the life of an active merchant account and a reasonable period thereafter
As required for billing, tax, dispute resolution, and legal compliance
According to merchant-configured retention where we process end-customer data on their behalf
For security logs and backups for limited periods aligned with our security programme

When data is no longer required, we delete or anonymise it unless retention is required by law or legitimate business needs.

9. Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit, monitoring, and partner-backed infrastructure. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

If we become aware of a personal data breach likely to affect your rights, we will notify you and/or relevant authorities as required by applicable law.

10. Your rights

Depending on your location, you may have the right to:

Access personal data we hold about you
Correct inaccurate or incomplete data
Delete data in certain circumstances
Restrict or object to certain processing
Data portability for information you provided in a structured, commonly used format
Withdraw consent where processing is based on consent
Lodge a complaint with a supervisory authority

EEA/UK residents may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local authority.

South African residents may exercise rights under POPIA and contact the Information Regulator if unresolved concerns remain after contacting us.

To exercise your rights, email team@linkyt.io. We may need to verify your identity and will respond within applicable statutory timeframes (typically one month under GDPR).

11. Cookies and similar technologies

Our marketing website may use cookies and similar technologies to:

Enable essential site functionality
Measure traffic and campaign performance (for example via Google Analytics or Google Tag Manager)
Remember preferences where applicable

Where required by law, we will request consent before placing non-essential cookies. You can manage cookies through your browser settings and, where available, our consent tools.

12. Automated processing and AI features

Merchants may enable AI-assisted workflows, including WhatsApp AI agents. These features may process message content and customer context to generate responses or trigger actions configured by the merchant. Merchants are responsible for providing appropriate notices to their customers and configuring automation in line with applicable law and platform terms (including Meta policies).

We do not use end-customer data to train public general-purpose models for unrelated purposes unless clearly disclosed and permitted.

13. Children

Linkyt services are intended for businesses and are not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. Contact us if you believe we have collected such data inadvertently.

14. Merchant responsibilities

If you use Linkyt as a merchant, you agree to:

Provide lawful privacy notices to your customers and obtain required consents
Only collect personal data you need for your business purposes
Honor data subject requests for customer data you control
Configure integrations (payments, WhatsApp, AI) responsibly and in compliance with third-party terms
Notify us promptly if you suspect unauthorised access to data in your account

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.

16. Contact us

For privacy questions, data subject requests, or processor enquiries:

Email: team@linkyt.io
Contact form: linkyt.io/contact

This document is provided for transparency and operational clarity. It does not constitute legal advice. We recommend merchants and partners obtain independent legal review for their specific use cases.