How We Protect Your Data
As a cybersecurity credentialing authority, we hold ourselves to the same standard we ask of the businesses we credential.
Encryption Everywhere
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Your business information is protected from the moment it enters our systems.
Enterprise-Grade Infrastructure
Our registry runs on SOC 2 Type II compliant infrastructure providers with automatic DDoS protection, immutable deployments, and isolated environments.
Multi-Factor Authentication
MFA is required on every administrative system. There are no shared credentials and no exceptions. Access follows the principle of least privilege.
Automated Threat Monitoring
24 categories of security events are logged and monitored automatically. Anomalies trigger immediate alerts. Weekly security reviews are standard.
Tamper-Proof Verification
Every Trust Badge uses HMAC-signed QR codes that cannot be forged, cloned, or tampered with. Credential verification is cryptographically secured.
Zero Card Data Stored
All payments are processed by Stripe (PCI DSS Level 1). Legacy Core never stores, processes, or transmits credit card or bank account information.
Breach Notification Commitment
In the unlikely event of a data incident, affected parties are notified within 72 hours in accordance with California law. Transparency is non-negotiable.
CCPA Compliant
We honor your California privacy rights: right to know, right to delete, and right to opt out. We do not sell your personal information.
Infrastructure Partners
Supabase | Vercel | Stripe | GitHub | Google Cloud — all maintain SOC 2 Type II or PCI DSS compliance.
Our Commitment
We practice what we credential. Legacy Core carries E&O and cyber liability insurance, maintains a documented incident response plan, and conducts quarterly security reviews across all systems.
Privacy questions: privacy@legacycore.com