Privacy Policy
Last updated: July 5, 2026 · Effective date: July 5, 2026 · Version 2.0This Privacy Policy describes how LocalLink (“LocalLink”, “we”, “us”, or “our”), operated by MCHJ «CHILPAQ» (INN 312585911, Toshkent shahar, Yashnabod tumani, Mahtumquli ko’chasi 79), collects, uses, stores, shares, and protects personal information when you use the LocalLink mobile application, website at locallinkapp.co, and related services (collectively, the “Service”).
1. Who we are
LocalLink operates a local marketplace platform that allows users to publish and discover jobs, services, products, map notes, requests, and events; communicate through chat; and coordinate deals with other users.
- Data controller: LocalLink (operator of locallinkapp.co)
- Legal entity: MCHJ «CHILPAQ» (Limited Liability Company “CHILPAQ”)
- Tax identification number (INN): 312585911
- Bank code (MFO): 00401
- Registered address: Toshkent shahar, Yashnabod tumani, Mahtumquli ko’chasi 79, Toshkent, O‘zbekiston
- Privacy contact: support@locallinkapp.co
- DPO / EU representative: To be designated upon appointment — contact support@locallinkapp.co
2. Scope and regional notices
The Service is available in supported countries and regions. Certain features, registration methods, currencies, languages, map providers, SMS providers, and support channels may vary depending on your location. Where required by applicable law, additional regional privacy notices or addenda apply and are available at locallinkapp.co/legal.
When you interact with other users (by publishing a phone number on a listing, chatting, or completing a deal), each user is responsible for their own use of information received from others.
Language: In case of conflict between language versions of this Privacy Policy, the English version controls, unless mandatory law in your jurisdiction requires otherwise.
3. Data controller and processor roles
LocalLink acts as a data controller for personal information it collects and processes to operate the Service. Third-party providers processing data on our behalf act as data processors under our instructions.
4. Information we collect
4.1 Account and identity information
- Identifier — phone number, email address, or social sign-in identifier; used for account creation, login, OTP verification, and account recovery.
- Display name — required at registration; may be automatically reviewed for profanity, spam patterns, and policy violations.
- Password — stored only in hashed form; not accessible in plain text.
- Email address — optional; used for account-related communication if provided.
- Social sign-in identifiers — if you use Google or Apple Sign-In, we receive and store the provider identity (
sub), provider name, and linked email. We do not store Google or Apple passwords or long-lived OAuth tokens. - Agent referral code — optional at registration.
- Terms acceptance — recorded at registration time.
4.2 Profile information
- Profile photo (avatar), “about” biography
- Optional contact links: Telegram, WhatsApp, Instagram, Facebook
- Preferred currency and language
- Privacy preferences (online status, last seen, message limits, avatar visibility, listing phone display)
4.3 User-generated content
Listings (jobs, services, market products, map notes, requests, events), chat messages, deals, reviews, and reports you create through the Service.
4.4 Location information
- Listing location — coordinates and place text you choose when creating a listing.
- Precise GPS (live tracking) — periodic GPS updates while tracking is active (up to 8 hours per session, may pause after inactivity).
- Approximate location from IP — city/country derived from IP address for security and fraud detection.
- Optional GPS headers — accepted by our security layer for fraud detection during authentication.
4.5 Device, session, and technical information
Device name, platform (iOS/Android/web), app version, user-agent, IP address, session identifiers (access tokens and rotating refresh tokens), device fingerprint, and server-issued device identifier for trusted device tracking.
4.6 Push notifications
Firebase Cloud Messaging (FCM) device token, notification locale preference, and in-app notification records.
4.7 Security, fraud prevention, and login history
Login and registration attempts (success/failure), IP address, device name, platform, timestamp, GeoIP results (country, city, VPN/proxy/Tor indicators), risk scores, and security flags.
4.8 Information stored locally on your device
Authentication tokens, cached profile, FCM token, chat cache, map markers, app settings, and cached exchange rates. You can clear this data by logging out or uninstalling the app.
4.9 Information we do not collect
- We do not operate third-party advertising analytics in the current app build.
- We do not collect payment card numbers or process in-app payments between users.
- We do not request access to your device contacts, calendar, or SMS inbox.
5. How we use information
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide the Service | Accounts, listings, chat, deals, notifications | Contract |
| Verify identity | SMS OTP, social login, email verification | Contract |
| Personalization | Language, currency, map provider, privacy settings | Contract / Legitimate interests |
| Safety and integrity | Moderation, risk scoring, fraud prevention, session revocation | Legitimate interests |
| Search and discovery | Text and semantic search, distance-based sorting | Contract / Legitimate interests |
| AI-assisted features | Display-name review, translation, spam detection | Legitimate interests |
| Translation | Optional auto-translation of listings and messages | Consent / Contract |
| Agent program | Referral code validation, agent metrics | Contract / Legitimate interests |
| Legal compliance | Lawful requests, Terms enforcement | Legal obligation |
| Support | User inquiries via support@locallinkapp.co | Legitimate interests |
6. Legal bases for processing
- Contract — processing necessary to provide the Service you request.
- Legitimate interests — security, fraud prevention, moderation, and service improvement, balanced against your rights.
- Consent — push notifications, live location tracking. You may withdraw consent at any time without affecting prior processing.
- Legal obligation — compliance with applicable law and valid governmental requests.
7. How we share information
- With other users — according to your actions and privacy settings.
- With service providers — listed in Section 8, under contractual confidentiality obligations.
- For legal reasons — to comply with law, court order, or valid governmental request.
- Business transfers — in connection with a merger or acquisition, subject to notice and the same privacy commitments.
8. Third-party processors
| Provider / category | Purpose | Data involved |
|---|---|---|
| SMS provider (varies by region) | OTP and transactional SMS | Phone number, OTP message |
| Google / Apple | Social sign-in (OAuth/OIDC) | Identity claims (sub, email, name) |
| Google Firebase Cloud Messaging | Push notifications | FCM token, notification payload |
| MaxMind GeoLite2 (local DB) | IP geolocation, VPN/proxy/Tor detection | IP address |
| Google Maps | Map display (supported regions) | Map tile requests, device data per Google policies |
| Yandex MapKit / Geocoder / Suggest | Maps and place search (supported regions) | Coordinates, queries per Yandex policies |
| AI moderation (OpenRouter / LLM) | Display-name review, spam detection | Display name text |
| Hosting and infrastructure | App hosting, databases, file storage, WebSocket realtime | All Service data at rest and in transit |
| Open exchange rate API (client-side) | Currency conversion display | Anonymous HTTP request for public rates |
AI providers: Where we use third-party AI providers, we configure them, where available, not to use LocalLink user content to train their general models. If this changes, we will update this Policy and obtain consent where required.
9. International transfers
Our infrastructure and some providers may process data in countries other than your own. Where required by applicable law, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms). Contact support@locallinkapp.co for details about safeguards applicable to your region.
10. Data retention schedule
| Data category | Retention period | Notes |
|---|---|---|
| Active account data | While account is active | Deleted or anonymized on account deletion |
| OTP codes | Minutes (very short-lived) | Stored in hashed form; expire after use or timeout |
| Access tokens | Until expiry or revocation | Typically short-lived (minutes to hours) |
| Refresh tokens | Until expiry, revocation, logout, or deletion | Rotate on each use |
| Login events and security logs | Up to 12 months | For fraud investigation; may be extended for legal compliance |
| Chat and listing content | While relevant to active listings, deals, or legal obligations | Deleted or anonymized on account deletion unless legally required |
| Aggregate/anonymized analytics | Indefinitely | Not linked to individuals after anonymization |
| Backups | Up to 90 days after deletion | Encrypted; overwritten on scheduled cycles |
11. Security
We implement technical and organizational measures including: HTTPS/TLS for all API communication in production, password and OTP hashing, refresh token rotation, session limits, device fingerprinting, risk-based authentication, access controls with least-privilege principles, audit logs for administrative access, encryption at rest for sensitive data, vendor security reviews, and an incident response plan.
No method of transmission or storage is 100% secure. You are responsible for keeping your device and credentials safe.
12. AI and automated processing
We use automated tools, including AI-assisted systems, to support: search and discovery ranking, optional translation of listings and messages, display-name moderation, spam and fraud detection, and safety content review.
AI-assisted features may produce inaccurate, incomplete, or unexpected results. Users remain responsible for reviewing listing titles, categories, translations, prices, descriptions, and messages before publishing or relying on them.
Users may request human review of certain automated moderation or enforcement decisions by contacting support@locallinkapp.co.
13. Your rights and choices
Depending on applicable law and your jurisdiction, you may have the right to: access, correct, delete, object to or restrict processing, data portability, withdraw consent, and lodge a complaint with a supervisory authority.
Additional rights (CCPA/CPRA and similar): Right to know specific data, right to opt out of sale or sharing (we do not sell personal information), right to limit use of sensitive personal information (including precise geolocation), right to non-discrimination, right to use an authorized agent, and Global Privacy Control (GPC) signal recognition where required.
How to exercise your rights in the app
- Profile editing — Profile → Personal info
- Privacy settings — Profile → Privacy
- Active sessions — Profile → Support → Device & sessions
- Linked social accounts — account security settings
- Push notifications — device OS settings
- Delete account — Profile → Support → Delete account
For other requests, contact support@locallinkapp.co with “Privacy Request” in the subject line. We respond within the timeframe required by applicable law.
14. App store privacy disclosures
Our privacy practices are disclosed in our Apple App Store App Privacy Details and Google Play Data Safety section. Third-party SDK data practices are included where applicable. If you notice any inconsistency, contact support@locallinkapp.co.
15. Children’s privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it promptly.
16. Business users and agents
Business users are responsible for compliance with applicable trade, consumer-protection, tax, and sector-specific regulations. Registered agents must comply with the Agent Program Terms, which include additional data-handling obligations.
17. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here and change the “Last updated” date. Material changes will be communicated through the app with reasonable advance notice.
18. Contact us
Email: support@locallinkapp.co
Website: https://locallinkapp.co
For data subject requests (access, deletion, correction, portability, objection), include “Privacy Request” in the subject line. You may also contact the data protection authority in your jurisdiction.