Privacy Policy

Local Link LLC (“Local Link,” “we,” “us,” or “our”) operates a home services marketplace platform at locallink.com and related services (the “Platform”). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the Platform, whether as a customer booking services or as a service provider partner (“Partner”). By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, do not use the Platform.

This Platform is intended for use by residents of the United States. If you access the Platform from outside the United States, you do so at your own risk and are responsible for compliance with applicable local laws.

We use your information to operate the Platform and match customers with service providers, process bookings, payments, refunds, and payouts, and send transactional communications such as booking confirmations, reminders, status updates, and cancellation notices via email and SMS. We also use your information to provide customer and partner support.

We personalize your experience by suggesting services, pre-filling forms, and presenting relevant promotions based on your booking history. We improve the Platform through aggregated, de-identified analytics that help us understand usage patterns and identify areas for improvement.

We use third-party artificial intelligence services (currently Anthropic’s Claude API) to power certain Platform features, including natural language service matching, smart booking input processing, and partner compliance review. When you interact with AI-assisted features, the text you submit may be processed by these third-party AI services solely for the purpose of providing the requested functionality. We do not use AI to make automated decisions that produce legal or similarly significant effects on you without human review.

We additionally use your information for fraud prevention and security monitoring, and to comply with our legal obligations.

We never sell your personal information. We do not share personal information with advertisers or data brokers. We do not share personal information for cross-context behavioral advertising or targeted advertising based on your activity across other websites or services.

When you book a service, we share your name, phone number, property address, and booking details with the assigned Partner so they can perform the service. We do not share your email address or payment details with Partners.

We share information with the following categories of service providers, all of whom are contractually required to use your data only as directed by us and in accordance with this Policy:

• Payment processing: Stripe, Inc. (PCI DSS Level 1 certified)
• Email communications: Twilio SendGrid
• SMS communications: Twilio
• Cloud hosting and deployment: Vercel, Inc.
• Backend data processing: Supabase, Inc.
• AI processing: Anthropic, PBC (for AI-assisted features described above)
• Analytics: Google LLC (Google Analytics 4)
• Error monitoring: Sentry (Functional Software, Inc.)
• Calendar integration: Google LLC (Google Calendar API)

We may disclose information if required by law, court order, subpoena, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Local Link, our users, or the public. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, and we will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.

Partners may connect external calendars (Google Calendar and other supported services) to prevent scheduling conflicts. We follow a strict data minimization approach. We request calendar read access (the calendar.readonly OAuth scope for Google Calendar) solely to allow Partners to select which of their calendars should be checked for scheduling conflicts and to query free/busy status on those selected calendars. We never read, store, or process event titles, descriptions, attendee lists, locations, attachments, or any other event content.

Free/busy data is queried in real time and is not permanently stored on our servers. Calendar integration uses OAuth 2.0 — we never see or store your calendar service password. You can connect or disconnect calendar integrations at any time from your Partner Portal settings, and we immediately cease accessing your calendar data upon disconnection. You may also revoke access at any time through your calendar provider’s security settings (for example, Google Account permissions at myaccount.google.com/permissions).

Local Link’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

By providing your phone number and using the Platform, you consent to receive transactional SMS/text messages related to your use of the Platform, including booking confirmations, appointment reminders, cancellation notices, and service status updates. These messages are sent via Twilio from our toll-free number. Message frequency varies based on your booking activity. Message and data rates may apply depending on your mobile carrier and plan.

You can opt out of SMS messages at any time by replying STOP to any message or by updating your notification preferences in your account settings. Opting out of transactional SMS does not affect your ability to use the Platform, but you may miss time-sensitive booking notifications. Consent to receive SMS is not a condition of purchasing any goods or services. For SMS-related questions, contact us at support@locallink.com.

Essential cookies are required for authentication, session management, and security. You cannot opt out of essential cookies while using the Platform.

Analytics cookies:We use Google Analytics 4 (GA4) to understand usage patterns, page visits, and Platform performance in aggregate. GA4 operates under Google’s privacy policies and you can opt out through browser settings or Google’s opt-out browser add-on.

Error monitoring: We use Sentry to detect and resolve technical issues. Sentry may collect anonymized technical data (browser type, error traces, device info) solely to improve Platform reliability. This data is not used for advertising or user profiling.

We do not use advertising cookies, retargeting pixels, or social media tracking pixels. We do not engage in cross-site tracking.

Global Privacy Control (GPC): We recognize and honor the Global Privacy Control signal. If your browser or extension sends a GPC signal, we treat it as a valid opt-out request for any sale or sharing of personal information (though as stated above, we do not sell or share personal information for advertising purposes). We process GPC signals automatically without requiring further action from you.

We retain personal information for as long as your account is active and for a period of ten (10) years following account closure or last activity, except where a shorter or longer retention period is required by law or necessary for the specific purposes described below.

Booking records, payment records, and transaction history are retained for ten (10) years to support dispute resolution, tax compliance, fraud prevention, and legal obligations. Partner credential and compliance records are retained for ten (10) years following the end of the partner relationship. Server logs and anonymized analytics data are retained for up to twenty-four (24) months.

When retention periods expire, we securely delete or irreversibly anonymize your information. You may request deletion of your account and associated personal information at any time (see the Your Rights section below), subject to our legal retention obligations.

All data in transit is encrypted using TLS (Transport Layer Security). Data at rest is encrypted using AES-256 encryption. Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified) — we never store, process, or transmit full credit card numbers. Access to personal data within our organization is restricted to authorized personnel on a need-to-know basis, and access is logged.

Our infrastructure is hosted on cloud platforms that maintain SOC 2 compliance. We implement rate limiting, input validation, CSRF protection, and security headers across the Platform.

Despite these measures, no method of electronic transmission or storage is completely secure. In the event of a data breach, we will notify affected users and applicable regulatory authorities in accordance with the timelines and requirements of applicable state and federal law.

All users of the Platform have the following rights regardless of state of residence, which we voluntarily extend:

• The right to access the personal information we hold about you
• The right to correct inaccurate information
• The right to request deletion of your personal information (subject to legal retention obligations)
• The right to obtain a portable copy of your data in a commonly used format
• The right to opt out of any sale or sharing of personal information (we do not sell or share, but you may exercise this right as a precaution)
• The right to not be discriminated against for exercising any privacy right

To exercise any right, contact us at support@locallink.com. We will verify your identity before processing requests and respond within 30 days (or the shorter timeframe required by your state’s law). If we deny a request, you may appeal by contacting us, and we will respond to your appeal within the timeframe required by applicable law.

This section provides supplemental disclosures required by state privacy laws. As of the effective date of this Policy, 20 U.S. states have enacted comprehensive consumer privacy laws. We comply with all applicable state privacy laws, including but not limited to the following.

California (CCPA/CPRA): California residents have the right to know what personal information is collected, the purposes for collection, the categories of third parties with whom it is shared, and specific pieces of personal information held. You have the right to delete, correct, and port your data. You have the right to opt out of the sale or sharing of personal information — we do not sell or share personal information as defined under the CCPA. You have the right to limit the use of sensitive personal information to purposes necessary to provide the services you request — we do not use sensitive personal information for purposes beyond what is necessary to operate the Platform. We do not use automated decision-making technology to make decisions that produce legal or similarly significant effects without human involvement. California residents may designate an authorized agent to make requests on their behalf. We will not discriminate against you for exercising your privacy rights. To submit a request: support@locallink.com.

Colorado (CPA): Colorado residents have rights to access, correct, delete, and port their data, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not engage in targeted advertising, sell personal data, or profile consumers in furtherance of decisions that produce legal or similarly significant effects. Colorado residents may appeal a denied request by contacting us, and we will respond within 45 days.

Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA), Iowa (ICDPA), Indiana (INCDPA), Kentucky (KCDPA), Tennessee (TIPA), Montana (MCDPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), New Hampshire (NHDPA), New Jersey (NJDPA), Nebraska (NDPA), Minnesota (MCDPA), Maryland (MODPA), Rhode Island (RIDTPPA): Residents of these states have rights that may include access, correction, deletion, data portability, and opt-out of targeted advertising, sale of personal data, and profiling. We honor all applicable rights under these laws. Where a state law provides an appeal process for denied requests, you may appeal by contacting us at support@locallink.com, and we will respond within the timeframe required by that state’s law.

For all state privacy laws: We process personal information for the purposes disclosed in this Policy. We obtain consent before processing sensitive personal information where required by applicable law. We do not sell personal information. We do not engage in targeted advertising. We do not profile consumers for decisions producing legal or similarly significant effects.

We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. This has been our practice since the founding of Local Link and remains our commitment. Because we do not sell or share personal information, there is no need to submit an opt-out request, but you may do so as a precaution by contacting support@locallink.com. We recognize and honor Global Privacy Control (GPC) signals as valid opt-out requests.

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal information from anyone under 16. If we become aware that we have inadvertently collected personal information from a person under 16, we will take immediate steps to delete that information. If you believe a person under 16 has provided us with personal information, please contact us at support@locallink.com.

Where required by applicable state law, we apply additional protections for users under the age of 18, including requiring opt-in consent before processing their personal information for non-essential purposes.

This section applies to service provider Partners. In addition to the general information described above, we collect business information necessary to operate the marketplace, including business name, business license numbers, trade credentials and certifications, service area coverage, team member names and contact information, availability schedules, calendar data, and banking information for payout processing.

Partner banking and payout information is processed and stored by Stripe Connect (Express accounts). We do not have access to your full bank account numbers. Stripe is PCI DSS Level 1 certified and maintains its own privacy policy.

Partner credential and compliance data (licenses, certifications, review history) is retained for ten (10) years following the end of the partner relationship to support regulatory compliance, dispute resolution, and platform integrity. Upon termination of the partner relationship, Partners may request deletion of their personal information, subject to our retention obligations. Business information that is part of completed customer transactions (company name, service performed, booking records) is retained as part of the transaction record for the full retention period. Partner team member data (names, emails, roles, permissions) is deleted or anonymized when the team member is removed from the partner organization, subject to transaction record retention.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the effective date at the top of this page, notify you via email if you have an account, and may post a prominent notice on the Platform. Your continued use of the Platform after changes constitutes acceptance of the updated Policy. If you disagree with changes, please discontinue use and contact us to close your account.

For privacy-specific inquiries, data access requests, deletion requests, or to exercise any rights described in this Policy, contact support@locallink.com with the subject line “Privacy Request.”

You can also visit our Contact page or review our Terms of Service.