Skip to content

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 1 June 2026

1. Introduction

Links Meridian Ltd ("Links Meridian," "we," "us," or "our") provides a golf club management platform that serves club administrators, staff, and members. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our platform, website, and related services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.

Who we are

The data controller for the purposes described in this policy is Links Meridian Ltd, a company registered in Northern Ireland (company number [NUMBER]), registered office [REGISTERED OFFICE ADDRESS]. We are registered with the UK Information Commissioner's Office (registration number [ICO NUMBER]). You can reach us about any privacy matter at [email protected].

Our role: controller and processor

Links Meridian acts in two distinct capacities. For the personal data a golf club enters into the platform about its members, guests, and staff, the club is the data controller and Links Meridian is the data processor, processing that data on the club's documented instructions under our Data Processing Agreement. For our own purposes — operating our website, managing club accounts and billing, securing and improving the platform — Links Meridian is an independent controller. This policy explains both. If you are a club member with a question about how your club uses your data, please contact your club directly.

2. Information We Collect

We collect information that you provide directly, that is generated through your use of our services, and that we receive from third parties.

Account & Profile Information

  • Name, email address, and phone number
  • Club membership details and membership type
  • Profile preferences and communication settings

Booking & Transaction Data

  • Tee time bookings and reservation history
  • Point-of-sale transactions (pro shop, food & beverage)
  • Payment information processed securely via Stripe (we do not store card numbers)
  • Account statements and billing history

Usage & Analytics Data

  • Pages visited, features used, and session duration
  • Device type, browser, and operating system
  • IP address (anonymised for analytics)
  • Analytics are collected via PostHog, only with your consent

Community & Content Data

  • Posts, comments, and reactions in the Digital Clubhouse
  • Survey and poll responses
  • Event registrations

Tools & Marketing Enquiries

  • Details you submit through our free tools (such as the Club Digital Maturity Scorecard) or the contact form: your name, email, club, role, and any message
  • The results you generate with a tool (for example your scorecard score and dimension breakdown), so we can email them to you and tailor any follow-up

Our public calculators run entirely in your browser and do not send your inputs to us. We only receive what you choose to submit, and only where you have given consent. We use these details to send you what you asked for and, where you have opted in, occasional insights about club software. You can unsubscribe or ask us to erase this data at any time (see Your Rights).

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service provision: to operate the platform, manage your account, and deliver the features you use
  • Booking management: to process tee time reservations, send confirmations and reminders
  • Payment processing: to process transactions securely through Stripe
  • Communications: to send service updates, booking confirmations, and (with your consent) marketing communications
  • Analytics & improvement: to understand how the platform is used and improve the experience
  • Security: to detect and prevent fraud, abuse, and unauthorised access
  • Legal obligations: to comply with applicable laws, regulations, and legal processes

Legal Bases for Processing

We process your data based on the following legal grounds:

  • Contract: processing necessary to provide the services you have requested
  • Legitimate interest: platform security, fraud prevention, and service improvement
  • Consent: analytics cookies and marketing communications (which you can withdraw at any time)
  • Legal obligation: financial record-keeping and regulatory compliance

4. AI and Automated Processing

Links Meridian uses artificial intelligence to provide certain platform features. We believe in transparency about how AI is used with your data.

What AI Features Do

  • Content generation: AI agents can draft marketing content, articles, and social media posts for club administrators. All AI-generated content requires human approval before publication.
  • Revenue forecasting: AI analyses booking patterns and historical data to provide demand predictions and pricing recommendations.
  • Campaign automation: AI can suggest email subject lines, optimal send times, and audience segments based on aggregated member data.

How AI Uses Your Data

  • AI processing is performed using third-party language model providers. Data sent to these providers is limited to what is necessary for the specific task.
  • We do not use your personal data to train AI models. Member data is processed only to generate outputs for your club.
  • No automated decisions with legal or similarly significant effects are made about individual members without human review.

You have the right to request human review of any decision that was informed by automated processing. Contact us at [email protected].

5. Data Sharing and Sub-processors

We do not sell your personal data. We share data only with the service providers (sub-processors) needed to deliver the platform, all of whom are bound by data processing agreements. Key sub-processors include the categories below; our complete, current list is published at linksmeridian.com/subprocessors:

  • Stripe:payment processing. Stripe acts as an independent data controller for payment data. Stripe Privacy Policy
  • SendGrid:transactional and marketing email delivery. Twilio Privacy Policy
  • PostHog:product analytics (only when you have given consent). PostHog Privacy Policy
  • Hetzner: cloud hosting and data storage. EU and UK club data is hosted within the European Union (Germany and Finland).
  • AI providers (OpenAI, Anthropic, Google): processing limited to what is necessary for the specific AI feature. We do not use your data to train AI models, and these providers do not train on data sent via our API.
  • Sentry: error and performance monitoring to keep the platform reliable.

Where Links Meridian processes member data on behalf of a club, the club is the data controller and Links Meridian is the processor (see our Data Processing Agreement). Your golf club accesses and manages that data as part of its club operations. For questions about how your club uses your data, contact your club directly.

6. Data Retention

We retain your personal data as follows:

  • Active account data: retained for the duration of your membership or account
  • Financial records: retained for 7 years after the transaction date, as required by law
  • Analytics data: anonymised and aggregated, retained indefinitely
  • Deleted accounts: personal data is erased within 30 days of an erasure request, except where retention is required by law

7. Your Rights (GDPR)

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure:request deletion of your personal data ("right to be forgotten")
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restrict processing: request that we limit how we use your data
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: withdraw consent for analytics cookies or marketing at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

8. Cookies

We use the following types of cookies:

Essential Cookies

Required for the platform to function. These include session cookies for authentication and security tokens. They cannot be disabled.

Analytics Cookies (Optional)

We use PostHog to understand how visitors interact with our website and platform. These cookies are only set if you give consent via the cookie banner. You can change your preference at any time by clearing your browser's local storage or by declining when the banner reappears.

We do not use advertising or tracking cookies from third-party ad networks.

9. International Data Transfers

Some of our service providers may process data outside the UK and EU. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognised data protection frameworks.

For US-based customers, personal data is stored on US-hosted infrastructure. EU and UK customer data is stored within the European Union. Data is not transferred between regions unless necessary to deliver the service.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest
  • Role-based access controls
  • Regular security assessments
  • Audit logging of data access
  • PCI compliance for payment processing via Stripe

11. Children's Privacy

Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will promptly delete it.

12. Contact

For any privacy-related questions, data requests, or complaints, please contact us:

We aim to respond to all data protection requests within 30 days.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email.

We encourage you to review this policy periodically.

14. US State Privacy Rights

If you are a resident of a US state with broad privacy legislation (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others), you may have additional rights regarding your personal data.

Your Rights Under US State Privacy Laws

  • Right to know: request disclosure of the categories and specific pieces of personal data we have collected about you
  • Right to delete: request deletion of your personal data, subject to certain exceptions
  • Right to correct: request correction of inaccurate personal data
  • Right to opt out of sale: we do not sell your personal data and have never sold personal data. We do not share personal data for cross-context behavioural advertising.
  • Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, California residents have the right to request that we disclose the categories of personal information collected, the purposes for collection, and the categories of third parties with whom we share personal data. You may also request that we limit the use of sensitive personal information to what is necessary to provide the service.

Data Residency

Personal data for US-based clubs is stored on US-hosted infrastructure. EU and UK club data is stored on EU-hosted infrastructure (Hetzner, Germany/Finland). Data is not transferred between regions unless required to deliver a specific feature, in which case appropriate safeguards are in place.

To exercise any of these rights, contact us at [email protected]. We will verify your identity and respond within 45 days, as required by applicable law.