Data Policy

Last Revised February 5, 2026

Purpose and Scope

This policy defines how Link N' Sync collects, processes, stores, and disposes of data related to its vacation‑rental platform. It applies to all employees, contractors, and third‑party vendors handling data in the United States and Mexico.

  • Covers User Data, Organization Data, Property Data, PMS Data, and ICAL Data.
  • Applies to production, staging, and development environments.

Is My Data Encrypted?

In Short: Yes, certain elements of your data are encrypted at rest within the database.

Data is classified as Sensitive PII when it includes personal identifiers such as name, email, or phone number. All Sensitive PII is encrypted at rest using industry‑standard AES‑256 encryption. Non‑PII data (e.g., public property URLs) is stored without encryption but is still subject to access controls.

  • User Data (Full Name, Email, Phone, Role) – Encrypted
  • Organization Data (Org Name, COID) – Encrypted
  • Property Data (address fields, photos, ICAL details) – Encrypted
  • ICAL Data – Encrypted when stored; exported only via secure channels

Who Accesses and Controls My Data?

Access to data is granted on a least‑privilege basis. Ownership of data resides with the business function that created it and the application role assigned to a user (PLA|ALA|RLA).

  • Covers User Data, Organization Data, Property Data, PMS Data, and ICAL Data.
  • Applies to production, staging, and development environments.

What Third Party Tools Does This Application Use?

Link N' Sync relies on several external services.

  • ImitateEmail – Email transmission only, no storage of PII.
  • ImageBB – Stores only image binaries; URLs are not PII.
  • ClerkJS – Handles authentication.
  • Supabase (PostgreSQL) – Primary data store; encrypted at rest.
  • Vercel – Hosts the web UI; no data persistence.

Retention, Log Management & Disposal

Operational logs are retained for 7 days and then securely deleted. Data that is no longer required for business or legal purposes is purged in accordance with the retention schedule.

Enforcement & Training

Compliance with this policy is mandatory. Violations may result in disciplinary action up to termination of services. Ongoing training ensures all stakeholders understand their responsibilities.

Questions or concerns?

Reading this section will help you understand your rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices please do not use our Services. If you still have any questions or concerns please contact us at linknsyncdev@gmail.com