Safety Policy

Links Flyer (LFG) Effective Date: 2026.06.11 Last Updated: 2026.06.11

M L M Distributing, Inc. (“Company,” “we,” “us,” or “our”) is committed to the physical safety of our users, the security of their data, and the integrity of our platform. This Safety Policy outlines the measures we take and the responsibilities shared between us, our users (“Flyers”), and our partner golf courses.

1. Physical Safety

1.1 E-Bike Safety

LFG e-bikes are maintained by technicians at partner courses and monitored through the Course Portal and LFG App. Safety measures include:

Battery monitoring: Real-time battery levels are tracked for every bike. When a bike’s battery drops below the threshold set by the course, an automated dispatch alert is created and a dispatcher is sent to retrieve the bike.
In-service tracking: Course staff can mark bikes as in-service or out-of-service via the Course Portal dashboard. Out-of-service bikes are removed from active inventory and cannot be assigned to tee times.
Bike replacement protocol: If a bike becomes inoperable during a round, a dispatcher is sent with a replacement miscellaneous bike. The player’s tee time clock is paused until the replacement arrives.
Regular service reports: Technicians complete structured service reports on a scheduled basis. Reports include inspection checklists, photos, and status tracking - accessible through both the App (Technician flow) and Course Portal (Inventory section).
NFC and QR activation: Bikes are activated and paired through NFC or QR code scanning, ensuring only authorized players operate them.

1.2 On-Course Safety

Walkie-talkie feature: Players can contact the clubhouse at any time during their round by tapping the walkie-talkie icon in the App, which initiates a phone call.
Dispatcher system: Course staff can create dispatches for any bike-related issue (overtime, low battery, mechanical failure, or custom issues). Dispatchers are tracked via GPS and their status is visible on the Course Portal dashboard.
Weather event management: Courses can issue weather notices, delays, or closures through the Course Portal. Players are notified via in-app alerts and email. During closures, active rounds are ended and refund policies apply automatically based on holes completed.
Overtime protection: If a player exceeds their allotted round time, automated dispatch alerts are triggered. Overtime grace periods are configurable per course.

1.3 Player Responsibilities

By using the Service, players agree to:

Operate e-bikes at safe speeds and follow all course rules
Wear appropriate footwear and golf attire as required by the course
Not operate e-bikes under the influence of alcohol or drugs
Yield to other golfers and course maintenance personnel
Return equipment (bikes, golf club sets) in the condition received
Report any safety hazard, equipment malfunction, or injury to course staff immediately

2. User Conduct and Community Safety

2.1 Code of Conduct

All users of the Links Flyer platform are expected to:

Treat other players, course staff, and dispatchers with respect
Refrain from abusive, threatening, or discriminatory language in comments, live streams, and all interactions
Not engage in cheating, score manipulation, or exploitation of competition rules
Respect the property of partner courses, including e-bikes, golf club sets, and course facilities

2.2 Reporting Misconduct

Course-initiated reports: Course staff can report players for misconduct (fighting, property damage, abusive behavior, etc.) through the Course Portal’s Flights section. Reports include a written description and optional photo/document attachments.
User-initiated blocking: Users can block other users from viewing their profile, comments, live events, and competition results.
Content moderation: We reserve the right to remove user-generated content (comments, live streams) that violates our Terms of Service without prior notice.

2.3 Enforcement

Violations of the Code of Conduct may result in:

Warning notifications
Temporary suspension of account features
Permanent account termination
Reporting to local law enforcement where applicable

3. Data Security

3.1 Infrastructure Security

Encryption in transit: All data transmitted between the App and our servers uses TLS/HTTPS encryption
Encryption at rest: Data stored in AWS S3 and our database infrastructure is encrypted
Authentication: API access is secured with Laravel Sanctum token-based authentication. Passwords are hashed using bcrypt with configurable rounds
Access control: The Course Portal and CMS use role-based permissions (Host, Admin, Manager, Dispatcher, Technician) to restrict access to sensitive data

3.2 Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider
We do not store, process, or transmit full credit card numbers on our servers
Card tokens are stored securely through Stripe’s vault infrastructure
Webhook communications from Stripe are verified using webhook signing secrets

3.3 Communication Security

SMS verification and notifications are delivered through Twilio using encrypted channels
Course Portal email forwarding uses encrypted addresses to ensure all correspondence is recorded securely
Real-time updates (bike tracking, dispatch alerts) are delivered through Laravel Reverb WebSocket connections authenticated with app credentials

3.4 File and Media Security

User-uploaded files (profile photos, club set return photos, verification documents, service report attachments) are stored in AWS S3 with access-controlled buckets
Files are accessible only through authenticated API requests
The App caches images locally for performance but does not expose cached data to other applications

3.5 Device-Level Security

Local data (settings, cached content) is stored in SQLite (Drift) and Shared Preferences on the user’s device
The App does not access device features (camera, location, contacts, NFC, microphone) without explicit user permission through OS-level permission prompts
Location tracking occurs only during active gameplay or course browsing - not in the background when the App is closed

4. Privacy Safeguards

4.1 Data Minimization

We collect only the data necessary to provide the Service:

Phone number for identity verification - not for marketing
Location data during active use only - not persistent background tracking
Contacts are read only when the user grants permission and only phone numbers are matched - contact names, emails, and other details are not uploaded to our servers
Camera and microphone are activated only when the user initiates live streaming or photo capture

4.2 Third-Party Data Sharing

We do not sell user data. Third-party services receive only the data necessary to perform their function:

Provider	Data Received	Security Standard
Stripe	Payment card tokens, billing info	PCI DSS Level 1
Twilio	Phone numbers, SMS content	SOC 2 Type II
AWS	Files, push tokens, infrastructure data	SOC 2, ISO 27001
Firebase/FCM	Push notification tokens	Google Cloud security standards
Apple APNs	Push notification tokens	Apple platform security

4.3 Course Staff Access

Course Portal users can only access data relevant to their course and role:

Staff permissions are configured per individual (view financials, manage calendar, add members, etc.)
Only staff with appropriate permissions can view transaction notifications, contracts, or technician data
Player location (nearest hole) is visible to course staff only during active rounds
Text messages to players are sent through the platform - course staff do not see player phone numbers directly

5. Incident Response

5.1 Security Incidents

In the event of a data breach or security incident, we will:

Investigate and contain the incident promptly
Notify affected users within 72 hours of discovery, or as required by applicable law
Notify relevant regulatory authorities as required
Provide information about the nature of the breach and recommended protective actions

5.2 On-Course Incidents

For physical safety incidents at partner courses:

Course staff can immediately mark bikes as out-of-service and dispatch help
Weather closures can be initiated instantly, notifying all affected players
The Course Portal provides real-time visibility into all active rounds, bike statuses, and dispatcher locations
Players can always contact the clubhouse via the walkie-talkie feature

5.3 Reporting Security Issues

To report a security vulnerability or safety concern:

Email: security@linksflyer.com
For on-course emergencies, contact course staff directly or call emergency services

6. Age Restriction

The Service is restricted to users aged 18 and older. We do not knowingly collect data from minors. Account creation requires phone number verification, and users must affirm they meet the minimum age requirement.

7. Updates to This Policy

We may update this Safety Policy as our practices and the Service evolve. Material changes will be communicated via in-app notification. The current version is always available at https://linksflyer.com/safety.

8. Contact Us

M L M Distributing, Inc. Email: security@linksflyer.com Website: https://linksflyer.com