Privacy Policy

1. Information We Collect

A. Information You Provide to Us

• Contact information — name, email, phone number, company name and title
• Form submissions — contact forms, interest forms, event registrations, surveys
• Communications — email, chat, social messages, support requests
• Credentialing information — assessment records, activity, module completions, credentials earned
• Payment information — billing name and transaction details (card processing is handled directly by Stripe; Legacy Core does not store payment card data)

B. Information We Collect Automatically

• Device and usage information — IP address, browser type, device identifiers, operating system, referring URLs, pages visited, timestamps
• Cookies and tracking information — web analytics and performance cookies

C. Information from Other Sources

• Trusted service providers — form tools, email platforms, analytics providers, hosting providers
• Partners — only if you have requested introductions or opted into partner communications

2. How We Use Information

• Provide and operate our services, including responding to inquiries and delivering credentialing programs
• Communicate with you regarding requests, resources, events, and credential status
• Improve our content, website operations, and user experience
• Personalize communications when permitted
• Maintain security, prevent fraud, and troubleshoot technical issues
• Enforce our terms and policies and comply with legal obligations

3. How We Share Information

We will not sell your information to third parties.

A. Service Providers

We may share information with trusted vendors who work on our behalf to provide services (for example: email providers, analytics providers, hosting providers, payment processors). These vendors may only use information for the purposes of providing services to Legacy Core.

B. Partner Introductions

If you request an introduction to a third-party provider, including Legacy Core Alliance members, we may share your contact information with the specified provider. Providers are bound by their own privacy policies.

C. Legal Reasons

We may disclose information if we believe it is necessary to meet legal requirements, protect the rights and safety of Legacy Core, our users, or the public, or investigate fraud or security issues.

D. Business Transfers

In the event of a merger, acquisition, or sale of assets, information may be transferred to third parties.

4. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to operate the website, protect forms, remember your privacy choices, and — with your consent — understand how visitors use our content. You can manage optional cookies at any time using the Cookie Preferences link in the site footer.

Cookie categories

• Essential — Required for security, authentication, bot protection, and storing your consent choices. These always run and cannot be disabled without breaking core site functionality.
• Analytics — Help us measure page views and improve the site. We use Plausible Analytics, a privacy-oriented provider. This category runs only if you accept analytics cookies or choose “Accept All.”
• Marketing / Advertising — Used for advertising, retargeting, and campaign conversion tracking. Legacy Core does not currently deploy marketing or retargeting pixels. If we add them in the future, they will be controlled through the same preference center.

Active technologies (as of June 2026)

• NextAuth session cookies (Essential) — Sign-in for business, partner, and admin portals.
• Cloudflare Turnstile (Essential) — Bot protection on select public forms.
• Consent preference storage (Essential) — Remembers your cookie choices in browser local storage for up to 12 months.
• Plausible Analytics (Analytics, consent required) — Cookieless page-view analytics loaded only after you opt in.

Your choices

On your first visit, you may Accept All, Reject Non-Essential, or Manage Preferences by category. Rejecting non-essential cookies is as easy as accepting them — we do not use dark patterns to steer your choice. You can reopen the preference center from the site footer at any time.

We honor Global Privacy Control (GPC) browser signals. If your browser sends GPC on a first visit before you make a choice, we apply a reject-non-essential default.

5. Data Retention

We retain information only as long as necessary to provide our services, fulfill the purposes described in this policy, meet legal and accounting obligations, and resolve disputes.

6. Security

We use administrative, technical, and organizational safeguards to protect your personal information, including encryption at rest and in transit, multi-factor authentication on all administrative systems, and automated threat monitoring. However, no safeguards are completely failsafe and we cannot guarantee absolute security.

7. Your Choices and Rights

• Right to access — You can request to see the personal information we hold about you
• Right to correction — You can request correction of inaccurate personal information
• Right to deletion — You can request deletion of your personal information (subject to legal exceptions)
• Marketing opt-out — Unsubscribe from marketing emails using the link in any email footer or by contacting us directly

We will verify your identity before responding to any requests.

8. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you have additional rights.

Categories of Personal Information Collected

• Identifiers (name, email)
• Internet or network activity information
• Commercial information (purchase history, if applicable)
• Professional or employment-related information (company name, title)

Sale and Sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Use the site footer link Do Not Sell or Share My Personal Information to review or update cookie and marketing preferences.

Global Privacy Control (GPC)

When we detect a GPC signal from your browser, we treat it as a request to opt out of non-essential analytics and marketing cookies on your first visit, consistent with California privacy expectations.

Your California Rights

You may request confirmation of what personal information we hold, information about categories of data collected, and deletion of your personal information. Requests must include your email address, name, and a statement that you reside in California. Contact us at privacy@legacycore.com.

9. Children’s Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children. If you become aware that a child has provided personal information to us, please contact us so we can delete it.

10. External Links

Our website may include links to third-party websites or services. We are not responsible for the privacy practices of third parties. Review their privacy statements before providing personal information.

11. Changes to This Policy

We may update this Privacy Policy as necessary. Changes will be posted on this page with an updated effective date. Continued use of our services after changes are posted constitutes acceptance of those changes.