Privacy Policy

Effective Date: April 2, 2026

Legacy Core™ (“we,” “our,” or “us”) operates the cybersecurity credentialing registry at registry.legacycore.com. This Privacy Policy describes how we collect, use, share, and protect personal information.

What We Collect

  • Business name, owner name, email address, phone number
  • Business address, type, and industry
  • Credential status and credentialing history
  • Verification logs (we do not track who performs verifications)
  • Technical data (IP, browser, device) when accessing the registry

What We Do Not Collect

  • Payment card numbers or bank details (processed entirely by Stripe — PCI DSS Level 1)
  • Social Security numbers or government IDs
  • Health or biometric data

How We Use Your Information

  • Issue, maintain, and verify your Legacy Core™ Trust Badge credential
  • Operate the public verification registry
  • Send credential-related communications (onboarding, renewal reminders)
  • Improve our platform and security
  • Comply with legal obligations

We do not sell your personal information. We do not share your data with advertisers.

Service Providers

We share data only with providers necessary to operate our platform: Supabase (database), Vercel (hosting), Stripe (payments), Resend (email delivery). These providers are contractually prohibited from using your data for their own purposes.

Public Registry

By completing the credentialing process, you consent to public display of your business name, credential ID, credential status, and issuance date on the verification registry. This is a core feature of the service.

Your California Privacy Rights (CCPA)

If you are a California resident, you have the right to: request disclosure of personal information collected, request deletion of your personal information, opt out of sale (we do not sell data), and non-discrimination for exercising these rights.

Contact: privacy@legacycore.com. We respond within 45 days.

Data Retention

We retain information while your credential is active plus 3 years after expiration or cancellation. Verification logs are retained for 12 months.

Security

We implement:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • HMAC-signed credential verification
  • MFA on all systems
  • Row Level Security database policies
  • Admin IP whitelisting
  • Rate limiting
  • Automated security monitoring

In the event of a breach, we notify affected parties within 72 hours per California law.

Cookies

We use session cookies for authentication only. No advertising cookies or cross-site tracking.

Changes

Material changes are communicated by email with 30 days notice. Continued use constitutes acceptance.

Contact

Privacy questions: privacy@legacycore.com

General: christopher.g@legacycore.com

Legacy Core™ | Modern Green Enterprise LLC | Inland Empire, California

Terms of ServiceRefund PolicyHow We Protect Your Data
Privacy Policy | Legacy Core™ | Legacy Core