Privacy Policy

1. Data Controller and Processor Roles

LineUp operates in two distinct legal roles depending on the category of data being processed:

1.1 LineUp as Data Controller

LineUp acts as an independent Data Controller for:

• Account and registration data for Tenant administrators and billing contacts
• Billing and subscription records
• Platform-level analytics and usage statistics used to operate and improve the service

1.2 LineUp as Data Processor

For all data submitted to the Platform by Tenant organizations — including customer queue data, staff records, audit logs, and communication logs — LineUp acts exclusively as a Data Processor, processing that data on behalf of and under the instruction of the Tenant, who is the Data Controller. LineUp does not use Tenant-controlled data for its own purposes.

2. Categories of Data Processed

2.1 Customer Data (Tenant-Controlled)

Data about individuals who interact with the queue management system, including:

• Ticket numbers, queue position, and timestamps
• Optionally: name, phone number, and email address (if collected by the Tenant)
• Service point interactions and wait time records

2.2 Staff Data

Data about Tenant staff members using the Platform, including:

• Full name and work email address
• Assigned roles and permissions (via RBAC)
• Authentication credentials (passwords stored hashed; MFA configuration)
• Session activity and login history

2.3 System and Technical Data

Data generated automatically during use of the Platform:

• Audit logs recording user actions, timestamps, and affected entities
• IP addresses and device/browser information
• System event logs and error records

2.4 Communications Data

Data processed when notifications are sent through the Platform:

• SMS message content and recipient phone numbers (via Twilio or equivalent)
• Email message content and recipient addresses (via Resend or equivalent)
• Broadcast messages sent within a Tenant's service environment

3. Legal Basis for Processing

Where LineUp acts as Data Controller, we rely on the following legal bases:

• Performance of a contract: to provide the Platform services to Tenant organizations
• Legitimate interests: to monitor platform performance, prevent abuse, and improve the service
• Legal obligation: to comply with applicable laws and regulatory requirements

Where LineUp acts as Data Processor, processing is carried out solely on the documented instructions of the Tenant, who is responsible for establishing its own legal basis.

4. Tenant Data Isolation

LineUp operates a strictly multi-tenant architecture. Each Tenant organization's data is logically isolated from all other Tenants. No Tenant can access, view, or query the data of any other Tenant. Access within a Tenant's environment is governed by Role-Based Access Control (RBAC), meaning each staff member can only access resources permitted by their assigned role. LineUp's Platform Owner role has controlled administrative access for support and operational purposes only, subject to strict internal access policies.

5. Data Retention

• Active account data is retained for the duration of the Tenant's subscription
• Following termination, Tenant data is retained for a maximum of 30 days to facilitate data export, after which it is permanently deleted unless legally required to be retained longer
• Audit logs are retained for a minimum of 12 months for security and compliance purposes
• Billing records are retained as required by applicable tax and financial regulations
• LineUp may retain anonymised, aggregated analytics data indefinitely

6. Subprocessors

LineUp engages the following categories of subprocessors to deliver the Platform:

• Cloud infrastructure and hosting providers (for data storage, compute, and networking)
• SMS gateway providers (e.g., Twilio) for delivery of queue notification messages
• Email delivery providers (e.g., Resend) for transactional email notifications
• Payment processors for billing and subscription management

LineUp will notify Tenants of material changes to subprocessor arrangements. A current list of subprocessors is available upon written request.

7. Cross-Border Data Transfers

LineUp's infrastructure may be hosted in data centers outside Rwanda. Where personal data is transferred internationally, LineUp ensures that appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms recognized by applicable law. Tenants with specific data residency requirements should contact LineUp prior to onboarding.

8. Security Measures

LineUp implements industry-standard technical and organizational security measures, including:

• Role-Based Access Control (RBAC) ensuring users access only authorized data
• Multi-Factor Authentication (MFA) for staff accounts
• Encryption of data in transit (TLS) and at rest
• Comprehensive audit logging of all user and system actions
• Session management with automatic expiry
• Logical tenant data isolation at the application and database level

9. Data Subject Rights

Where LineUp acts as Data Controller (for account and billing data), individuals may exercise the following rights subject to applicable law:

• Right to access their personal data
• Right to rectification of inaccurate data
• Right to erasure (where no legal retention obligation applies)
• Right to restrict or object to processing
• Right to data portability

For rights requests relating to Tenant-controlled data, individuals should contact the relevant Tenant organization directly, as LineUp processes that data on the Tenant's behalf.

10. Breach Notification

In the event of a personal data breach affecting Tenant data, LineUp will notify affected Tenant organizations without undue delay upon becoming aware of the breach, providing sufficient information to enable the Tenant to fulfill its own notification obligations under applicable law.

11. Contact

For privacy-related inquiries, contact LineUp at: privacy@cybersafehills.com

CyberSafeHills & Partners Ltd, Kk 15 Rd, Kigali, Rwanda