Privacy Policy
How we collect, use, and protect your personal data.
Last updated: 1 June 2026
Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Data
- 4. AI and Automated Processing
- 5. Data Sharing and Sub-processors
- 6. Data Retention
- 7. Your Rights (GDPR)
- 8. Cookies
- 9. International Data Transfers
- 10. Security
- 11. Children's Privacy
- 12. Contact
- 13. Changes to This Policy
- 14. US State Privacy Rights
1. Introduction
Links Meridian Ltd ("Links Meridian," "we," "us," or "our") provides a golf club management platform that serves club administrators, staff, and members. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our platform, website, and related services.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.
Who we are
The data controller for the purposes described in this policy is Links Meridian Ltd, a company registered in Northern Ireland (company number [NUMBER]), registered office [REGISTERED OFFICE ADDRESS]. We are registered with the UK Information Commissioner's Office (registration number [ICO NUMBER]). You can reach us about any privacy matter at [email protected].
Our role: controller and processor
Links Meridian acts in two distinct capacities. For the personal data a golf club enters into the platform about its members, guests, and staff, the club is the data controller and Links Meridian is the data processor, processing that data on the club's documented instructions under our Data Processing Agreement. For our own purposes — operating our website, managing club accounts and billing, securing and improving the platform — Links Meridian is an independent controller. This policy explains both. If you are a club member with a question about how your club uses your data, please contact your club directly.
2. Information We Collect
We collect information that you provide directly, that is generated through your use of our services, and that we receive from third parties.
Account & Profile Information
- Name, email address, and phone number
- Club membership details and membership type
- Profile preferences and communication settings
Booking & Transaction Data
- Tee time bookings and reservation history
- Point-of-sale transactions (pro shop, food & beverage)
- Payment information processed securely via Stripe (we do not store card numbers)
- Account statements and billing history
Usage & Analytics Data
- Pages visited, features used, and session duration
- Device type, browser, and operating system
- IP address (anonymised for analytics)
- Analytics are collected via PostHog, only with your consent
Community & Content Data
- Posts, comments, and reactions in the Digital Clubhouse
- Survey and poll responses
- Event registrations
Tools & Marketing Enquiries
- Details you submit through our free tools (such as the Club Digital Maturity Scorecard) or the contact form: your name, email, club, role, and any message
- The results you generate with a tool (for example your scorecard score and dimension breakdown), so we can email them to you and tailor any follow-up
Our public calculators run entirely in your browser and do not send your inputs to us. We only receive what you choose to submit, and only where you have given consent. We use these details to send you what you asked for and, where you have opted in, occasional insights about club software. You can unsubscribe or ask us to erase this data at any time (see Your Rights).
3. How We Use Your Data
We use your personal data for the following purposes:
- Service provision: to operate the platform, manage your account, and deliver the features you use
- Booking management: to process tee time reservations, send confirmations and reminders
- Payment processing: to process transactions securely through Stripe
- Communications: to send service updates, booking confirmations, and (with your consent) marketing communications
- Analytics & improvement: to understand how the platform is used and improve the experience
- Security: to detect and prevent fraud, abuse, and unauthorised access
- Legal obligations: to comply with applicable laws, regulations, and legal processes
Legal Bases for Processing
We process your data based on the following legal grounds:
- Contract: processing necessary to provide the services you have requested
- Legitimate interest: platform security, fraud prevention, and service improvement
- Consent: analytics cookies and marketing communications (which you can withdraw at any time)
- Legal obligation: financial record-keeping and regulatory compliance
4. AI and Automated Processing
Links Meridian uses artificial intelligence to provide certain platform features. We believe in transparency about how AI is used with your data.
What AI Features Do
- Content generation: AI agents can draft marketing content, articles, and social media posts for club administrators. All AI-generated content requires human approval before publication.
- Revenue forecasting: AI analyses booking patterns and historical data to provide demand predictions and pricing recommendations.
- Campaign automation: AI can suggest email subject lines, optimal send times, and audience segments based on aggregated member data.
How AI Uses Your Data
- AI processing is performed using third-party language model providers. Data sent to these providers is limited to what is necessary for the specific task.
- We do not use your personal data to train AI models. Member data is processed only to generate outputs for your club.
- No automated decisions with legal or similarly significant effects are made about individual members without human review.
You have the right to request human review of any decision that was informed by automated processing. Contact us at [email protected].
5. Data Sharing and Sub-processors
We do not sell your personal data. We share data only with the service providers (sub-processors) needed to deliver the platform, all of whom are bound by data processing agreements. Key sub-processors include the categories below; our complete, current list is published at linksmeridian.com/subprocessors:
- Stripe:payment processing. Stripe acts as an independent data controller for payment data. Stripe Privacy Policy
- SendGrid:transactional and marketing email delivery. Twilio Privacy Policy
- PostHog:product analytics (only when you have given consent). PostHog Privacy Policy
- Hetzner: cloud hosting and data storage. EU and UK club data is hosted within the European Union (Germany and Finland).
- AI providers (OpenAI, Anthropic, Google): processing limited to what is necessary for the specific AI feature. We do not use your data to train AI models, and these providers do not train on data sent via our API.
- Sentry: error and performance monitoring to keep the platform reliable.
Where Links Meridian processes member data on behalf of a club, the club is the data controller and Links Meridian is the processor (see our Data Processing Agreement). Your golf club accesses and manages that data as part of its club operations. For questions about how your club uses your data, contact your club directly.
6. Data Retention
We retain your personal data as follows:
- Active account data: retained for the duration of your membership or account
- Financial records: retained for 7 years after the transaction date, as required by law
- Analytics data: anonymised and aggregated, retained indefinitely
- Deleted accounts: personal data is erased within 30 days of an erasure request, except where retention is required by law
7. Your Rights (GDPR)
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure:request deletion of your personal data ("right to be forgotten")
- Right to data portability: receive your data in a structured, machine-readable format
- Right to restrict processing: request that we limit how we use your data
- Right to object: object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: withdraw consent for analytics cookies or marketing at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).
9. International Data Transfers
Some of our service providers may process data outside the UK and EU. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognised data protection frameworks.
For US-based customers, personal data is stored on US-hosted infrastructure. EU and UK customer data is stored within the European Union. Data is not transferred between regions unless necessary to deliver the service.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest
- Role-based access controls
- Regular security assessments
- Audit logging of data access
- PCI compliance for payment processing via Stripe
11. Children's Privacy
Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will promptly delete it.
12. Contact
For any privacy-related questions, data requests, or complaints, please contact us:
- Email: [email protected]
- Subject line:"Data Protection Request"
We aim to respond to all data protection requests within 30 days.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email.
We encourage you to review this policy periodically.
14. US State Privacy Rights
If you are a resident of a US state with broad privacy legislation (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others), you may have additional rights regarding your personal data.
Your Rights Under US State Privacy Laws
- Right to know: request disclosure of the categories and specific pieces of personal data we have collected about you
- Right to delete: request deletion of your personal data, subject to certain exceptions
- Right to correct: request correction of inaccurate personal data
- Right to opt out of sale: we do not sell your personal data and have never sold personal data. We do not share personal data for cross-context behavioural advertising.
- Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights
California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, California residents have the right to request that we disclose the categories of personal information collected, the purposes for collection, and the categories of third parties with whom we share personal data. You may also request that we limit the use of sensitive personal information to what is necessary to provide the service.
Data Residency
Personal data for US-based clubs is stored on US-hosted infrastructure. EU and UK club data is stored on EU-hosted infrastructure (Hetzner, Germany/Finland). Data is not transferred between regions unless required to deliver a specific feature, in which case appropriate safeguards are in place.
To exercise any of these rights, contact us at [email protected]. We will verify your identity and respond within 45 days, as required by applicable law.