Privacy Policy

Effective date: 25 February 2026 · Version 2.0

1. Who We Are

TradeLynq ("TradeLynq", "we", "us", "our") is an online professional services marketplace registered and operating from Port of Spain, Republic of Trinidad and Tobago. Our website is located at tradelynq.tech.

TradeLynq acts exclusively as a platform facilitator. We provide the technology that enables Clients to discover, evaluate, and contact Professionals. We are not a party to any transaction, agreement, or service engagement between a Client and a Professional. All service arrangements, pricing, quality guarantees, and dispute resolution regarding the services rendered are solely between the Client and the Professional.

This Privacy Policy explains how we collect, use, store, share, and protect Personal Data when you access or use the TradeLynq platform, including our website and any associated applications or communications channels.

2. Definitions

In this Privacy Policy the following terms have the meanings set out below:

"Platform" means the TradeLynq website at tradelynq.tech, any mobile applications, APIs, and all related services and communications channels operated by TradeLynq.
"Professional" means a registered user who offers professional services through the Platform, including but not limited to beauty, trades, creative, health, events, education, and technology services.
"Client" means a registered or unregistered user who uses the Platform to browse, search for, or contact Professionals.
"User" means any individual who accesses or uses the Platform, whether as a Professional, Client, or visitor.
"Personal Data" means any information relating to an identified or identifiable natural person, as defined by the Data Protection Act, Chapter 22:04 of the Laws of Trinidad and Tobago.
"Processing" means any operation or set of operations performed on Personal Data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
"Data Processor" means a third-party service provider that processes Personal Data on behalf of TradeLynq, subject to our instructions and contractual obligations.
"Payment Processor" means WiPay Limited and/or First Atlantic Commerce Ltd., which handle all payment card processing on behalf of TradeLynq.

3. Legal Basis for Processing

We process Personal Data in accordance with the Data Protection Act, Chapter 22:04 of the Laws of Trinidad and Tobago (the "DPA"), as well as internationally recognised data-protection principles. Our lawful bases for processing are:

Consent: where you have given clear, informed consent for us to process your Personal Data for specific purposes (e.g., marketing communications, optional analytics cookies). You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Contractual necessity: where processing is necessary to perform our obligations under the Terms of Service you accepted when creating an account, including account management, subscription billing, enquiry routing, and service delivery.
Legal obligation: where processing is required to comply with applicable laws, regulations, court orders, or lawful government requests under the laws of Trinidad and Tobago, including tax record-keeping requirements of the Board of Inland Revenue.
Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. These interests include fraud prevention, platform security, service improvement, and analytics.

By using the Platform you acknowledge that you have read and understood this Privacy Policy. Where consent is the legal basis, we will obtain your explicit consent before commencing processing.

4. Information We Collect

4.1 Account Information

When you create a TradeLynq account we collect:

Full name
Email address
Phone number (mobile)
Account role (Professional or Client)
Authentication credentials (password hash — we never store plaintext passwords)

4.2 Professional Profile Information

If you register as a Professional we additionally collect:

Business or trading name
Service category and sub-categories
Service areas and locations within Trinidad and Tobago
Professional biography and description of services
Portfolio images and media
Years of experience and qualifications
Subscription plan and billing cycle

4.3 Usage and Activity Data

Activity logs: logins, profile views, search queries, enquiry submissions, and other interactions with the Platform. IP addresses are stored as one-way SHA-256 hashes — we cannot reverse these to obtain your raw IP address.
Enquiries and communications: job descriptions, preferred dates, contact preferences, and messages exchanged through the Platform's enquiry system.
Reviews and testimonials: star ratings, written reviews, and any responses submitted by Professionals.
Support communications: messages you send to us via WhatsApp, email, or any other support channel.

4.4 Device and Technical Data

Browser type and version
Operating system
Referring URL and landing page
Pages visited and time spent on each page
Screen resolution and device type (desktop, mobile, tablet)
Language preference

4.5 Payment Metadata

We collect and store payment metadata only, which may include:

Transaction reference numbers
Payment date and time
Payment amount (in TTD)
Payment status (successful, failed, pending, refunded)
Last four digits of the payment card (as provided by the Payment Processor for receipt purposes)
Billing name (if different from account name)

We do not collect, process, store, or have access to full payment card numbers, CVV/CVC codes, or bank account details. All payment card processing is handled entirely by our Payment Processors (see Section 6).

5. How We Use Your Information

We process your Personal Data for the following purposes:

Service delivery and platform operation: matching Clients with Professionals, processing and routing enquiries, managing bookings, and sending transactional notifications related to your use of the Platform.
Account management: creating and maintaining your account, authenticating your identity, managing your subscription, and processing payments.
Identity verification: confirming that accounts belong to real persons in Trinidad and Tobago and that Professionals meet our registration requirements.
Communications: transactional messages via email (powered by Resend) and WhatsApp Business API (powered by Meta Platforms). Marketing and promotional communications are sent only where you have provided explicit opt-in consent, and you may withdraw that consent at any time.
Trust, safety, and fraud prevention: detecting and preventing fraudulent activity, enforcing our Terms of Service and Community Standards, investigating potential violations, and resolving disputes.
Payment processing and financial record-keeping: processing subscription fees, generating receipts and invoices, maintaining transaction records as required by applicable tax and financial legislation.
Platform improvement and analytics: analysing anonymised and aggregated usage data to improve search relevance, user experience, feature development, and overall Platform performance. Individual users are not identified in aggregated analytics.
Legal compliance: complying with applicable laws, regulations, and lawful government requests, including tax reporting obligations to the Board of Inland Revenue, responses to court orders, and regulatory reporting.
Customer support: responding to your enquiries, troubleshooting issues, and providing technical assistance through our support channels.
Protecting rights and interests: establishing, exercising, or defending legal claims and protecting the rights, property, and safety of TradeLynq, our Users, and the public.

6. Information We Do NOT Collect

TradeLynq does not collect, process, or store the following categories of information:

Payment card numbers: full credit card or debit card numbers are never transmitted to, processed by, or stored on TradeLynq servers. All payment card processing is handled exclusively by our Payment Processors — WiPay Limited and First Atlantic Commerce Ltd. (via Republic Bank) — under their own PCI DSS-compliant security environments.
CVV/CVC security codes: card verification values are never collected or transmitted to TradeLynq.
Bank account details: bank account numbers, sort codes, and routing numbers are not collected by TradeLynq.
Government-issued identification numbers: we do not collect national identification card numbers, passport numbers, driver's permit numbers, or tax identification numbers through the Platform.
Biometric data: we do not collect fingerprints, facial recognition data, or other biometric identifiers.
Precise geolocation: we do not collect GPS coordinates or precise real-time location data. Service areas are provided voluntarily by Professionals as general locality descriptions.

If you believe any of the above data categories have been inadvertently collected, contact us immediately at support@tradelynq.tech.

We do not sell, rent, or trade your Personal Data. We share Personal Data only in the following limited circumstances:

7.1 With Other Users

Professional profile information — including name, business name, biography, service categories, service areas, portfolio, and reviews — is publicly visible on the Platform. Client names appear on reviews they submit. Contact details are shared between a Client and a Professional only when an enquiry is initiated.

7.2 With Service Providers (Data Processors)

We engage trusted third-party service providers who process Personal Data on our behalf, subject to contractual obligations of confidentiality and data protection. These providers include:

Supabase Inc. — database hosting, authentication, and data storage
Vercel Inc. — web application hosting, content delivery network, and edge computing
Resend Inc. — transactional and service-related email delivery
Meta Platforms Inc. — WhatsApp Business API for notifications and customer support communications
WiPay Limited — payment processing (Phase 1)
First Atlantic Commerce Ltd. (via Republic Bank) — payment processing (Phase 2)

Each Data Processor is contractually prohibited from using your Personal Data for any purpose other than providing services to TradeLynq and is required to maintain appropriate security measures.

7.3 For Legal Obligations

We may disclose Personal Data where required or permitted by law, including:

In response to valid legal process, court orders, or subpoenas
To comply with requests from law enforcement or regulatory authorities in Trinidad and Tobago
To comply with tax reporting obligations to the Board of Inland Revenue
To protect the rights, property, or safety of TradeLynq, our Users, or the public
To detect, prevent, or address fraud, security, or technical issues

7.4 Business Transfers

In the event of a merger, acquisition, reorganisation, asset sale, or insolvency proceeding, Personal Data may be transferred to the successor entity, provided the successor agrees to be bound by privacy protections no less protective than those set out in this Privacy Policy. We will provide notice of any such transfer as required by applicable law.

7.5 With Your Consent

We may share your Personal Data for purposes not described in this Privacy Policy where we have obtained your explicit prior consent.

8. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

Active account data: retained for as long as your account remains open and active on the Platform.
Closed or deleted account data: following account deletion, we retain a minimal set of records (transaction history, tax-relevant records, and dispute-related data) for 7 years to comply with tax and financial record-keeping requirements under the laws of Trinidad and Tobago, and to support the resolution of any outstanding disputes or legal claims.
Payment records: retained for 7 years as required by the Board of Inland Revenue and applicable financial regulations.
Activity logs: retained for 24 months from the date of the activity, then automatically purged.
Support communications: retained for 3 years from the date of the last communication in the thread.
Reviews and testimonials: retained for the lifetime of the Professional's account. If the Professional's account is deleted, reviews are anonymised but may be retained in aggregated form.

When retention periods expire, Personal Data is securely deleted or irreversibly anonymised. Where anonymised data is retained for statistical purposes, it cannot be used to identify any individual.

9. Your Rights

Under the DPA and internationally recognised data-protection principles, you have the following rights with respect to your Personal Data:

Right of access: you may request a copy of the Personal Data we hold about you, together with information about how it is being processed.
Right to correction: you may request that we correct or update any inaccurate or incomplete Personal Data.
Right to deletion: you may request that we delete your Personal Data, subject to our legal retention obligations as described in Section 8. Where deletion is not possible due to legal requirements, we will restrict processing to the minimum necessary for compliance purposes.
Right to data portability: you may request an export of your Personal Data in a structured, commonly used, machine-readable format (JSON or CSV).
Right to object: you may object to the processing of your Personal Data for marketing purposes at any time. You may also object to processing based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds that override your rights.
Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to restrict processing: you may request that we temporarily restrict processing of your Personal Data while we verify its accuracy or assess an objection.

To exercise any of these rights, contact us at support@tradelynq.tech or message us on WhatsApp at +1 (868) 708-9214. We will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days. If your request is complex or we receive a large number of requests, we may extend this period by an additional 30 days with notice to you.

We may ask you to verify your identity before processing your request to ensure that Personal Data is not disclosed to unauthorised persons.

10. Cookies and Tracking

10.1 Essential Cookies

We use strictly necessary cookies by default. These include session tokens required for authentication and security. These cookies are essential for the Platform to function and cannot be disabled without breaking core functionality.

10.2 Analytics Cookies

We may use analytics cookies to understand how Users interact with the Platform and to improve our services. Analytics cookies are opt-in only — they are not set unless you explicitly grant consent through our cookie preference controls. You may change your preference at any time.

10.3 What We Do NOT Use

We do not use third-party advertising or tracking cookies.
We do not participate in cross-site tracking or retargeting networks.
We do not sell cookie data or browsing behaviour to any third party.

You may clear cookies at any time through your browser settings. Note that clearing essential cookies will require you to log in again.

11. Third-Party Services

The Platform relies on trusted third-party services for hosting, data storage, communication, and payment processing. Each provider operates under its own privacy policy and data-protection practices. We encourage you to review their policies:

Supabase Inc. (database and authentication) — supabase.com/privacy
Vercel Inc. (hosting and CDN) — vercel.com/legal/privacy-policy
Resend Inc. (transactional email) — resend.com/legal/privacy-policy
WiPay Limited (payment processing) — wipayfinancial.com/privacy-policy
First Atlantic Commerce Ltd. (payment processing) — firstatlanticcommerce.com/privacy-policy
Meta Platforms Inc. (WhatsApp Business API) — whatsapp.com/legal/privacy-policy

TradeLynq is not responsible for the privacy practices of third-party services. Your use of these services is governed by their respective terms and privacy policies.

12. International Data Transfers

TradeLynq operates from Trinidad and Tobago. However, our infrastructure providers — including Supabase and Vercel — host data on servers located in the United States and other jurisdictions outside Trinidad and Tobago.

When your Personal Data is transferred outside Trinidad and Tobago, we ensure that adequate safeguards are in place, including:

Contractual protections: our agreements with Data Processors include data-protection clauses requiring them to protect your Personal Data to standards no less protective than those required by the DPA.
Encryption in transit: all data transmitted between your device and our servers, and between our servers and third-party services, is encrypted using TLS 1.2 or higher.
Encryption at rest: Personal Data stored by our infrastructure providers is encrypted at rest using AES-256 or equivalent industry-standard encryption.
Access controls: access to Personal Data is restricted to authorised personnel and systems on a strict need-to-know basis.

By using the Platform, you acknowledge and consent to the transfer of your Personal Data to jurisdictions outside Trinidad and Tobago for the purposes described in this Privacy Policy, subject to the safeguards described above.

13. Data Security

We implement industry-standard technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction. These measures include:

TLS encryption in transit: all communications between your browser and the Platform are encrypted using Transport Layer Security (TLS 1.2+).
AES-256 encryption at rest: Personal Data stored in our database is encrypted at rest via Supabase's infrastructure.
Row-level security (RLS): database-level access policies ensure that Users can only access data they are authorised to view. Every database query is subject to RLS enforcement.
Hashed IP storage: IP addresses are stored as irreversible SHA-256 hashes, preventing reconstruction of raw IP addresses.
Password hashing: passwords are hashed using bcrypt with appropriate work factors. Plaintext passwords are never stored.
Rate limiting: API endpoints are protected by rate limiting to mitigate brute-force and denial-of-service attacks.
Access controls: administrative access to production systems is restricted to authorised personnel, protected by multi-factor authentication, and logged for audit purposes.
Periodic security reviews: we conduct regular security assessments of our platform, infrastructure, and third-party integrations.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your Personal Data, we cannot guarantee absolute security. In the event of a data breach that affects your Personal Data, we will notify affected Users and the relevant authorities in accordance with applicable law.

Limitation of liability: to the maximum extent permitted by law, TradeLynq's total liability for any data breach or unauthorised disclosure of Personal Data shall not exceed the total fees paid by the affected User to TradeLynq in the twelve (12) months immediately preceding the date of the breach. This limitation applies whether the claim is based in contract, tort (including negligence), statute, or any other legal theory.

If you believe your account has been compromised, contact us immediately at support@tradelynq.tech.

14. Children's Privacy

TradeLynq is intended for Users aged 18 years and over. We do not knowingly collect, solicit, or process Personal Data from individuals under the age of 18.

If you are a parent or guardian and believe that a minor under 18 has created an account or provided Personal Data to TradeLynq, please contact us immediately at support@tradelynq.tech. We will take prompt steps to delete the minor's account and associated Personal Data.

If we become aware that we have collected Personal Data from a minor without appropriate parental or guardian consent, we will delete such data without undue delay.

15. Changes to This Policy and Contact

15.1 Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will:

Provide at least 30 days' advance notice via email to the address associated with your account and via a prominent notice on the Platform.
Update the "Effective date" and "Version" number at the top of this page.
Publish the updated policy on the Platform at least 30 days before the changes take effect.

Your continued use of the Platform after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of the Platform and request deletion of your account.

15.2 Contact

If you have any questions, concerns, or complaints about this Privacy Policy or our data-protection practices, or if you wish to exercise any of your rights under Section 9, please contact us:

TradeLynq Privacy Team
Email: support@tradelynq.tech
WhatsApp: +1 (868) 708-9214
Port of Spain, Republic of Trinidad and Tobago

We aim to resolve all privacy-related enquiries within 30 calendar days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Information Commissioner of Trinidad and Tobago.

TradeLynq Policies