Privacy Policy

Legendary LLC
Effective Date: February 20, 2026

This Privacy Policy describes how Legendary LLC (“Legendary,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information through our AI visibility audit platform (“Legendary AI” or the “Service”) available at ai.legendarylabs.com, and our corporate website at www.legendarylabs.com.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use the Service, you may provide:

• Account information: name, email address, and password
• Firm profile data: firm name, location/jurisdiction, practice areas, firm size, and website URL
• Payment information: billing details provided to our payment processor, Stripe (we do not store credit card numbers)
• Communications: messages you send to us through contact forms or email

1.2 Information We Collect Automatically

When you use the Service, we automatically collect:

• Usage data: pages visited, features used, audits run, timestamps
• Device and browser information: browser type, operating system, screen resolution
• Log data: IP address, access times, referring URLs
• Cookies and similar technologies: as described in Section 7

1.3 Information Generated by the Service

Our Service generates additional data as part of the audit process:

• AI platform responses: when you run an audit, we query third-party AI platforms on your behalf (see Section 3). These platforms return AI-generated text about your firm, which we store and analyze to produce your report.
• AI Visibility Scores: numerical scores calculated by our proprietary algorithm based on AI platform responses
• Website analysis data: information obtained by crawling your firm’s website to assess its AI-readiness

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: running AI visibility audits, generating reports, and displaying results
• Account management: creating and maintaining your account, processing payments, and communicating about your subscription
• Service improvement: analyzing usage patterns to improve the platform, develop new features, and fix issues
• Communications: sending transactional emails (account confirmations, audit completions, billing receipts) and, with your consent, marketing communications
• Legal compliance: complying with applicable laws, regulations, and legal processes
• Security: detecting and preventing fraud, abuse, or security incidents

3. AI Platform Data Sharing

This section describes our most significant data practice. When you run an AI visibility audit, our Service sends queries to five third-party AI platforms via their APIs. These queries contain your firm’s name, location, and practice areas. Each platform processes these queries according to its own terms and privacy policies.

The AI platforms we query are:

Platform	Provider & Privacy Policy
ChatGPT	OpenAI, L.L.C. — openai.com/policies/privacy-policy
Google Gemini	Google LLC — policies.google.com/privacy
Claude	Anthropic, PBC — anthropic.com/privacy
Perplexity	Perplexity AI, Inc. — perplexity.ai/privacy
DeepSeek	DeepSeek — deepseek.com/privacy

Important: The responses returned by these AI platforms are AI-generated content. They may contain inaccuracies, outdated information, or mischaracterizations. Legendary AI surfaces these responses for analytical purposes; we do not verify, endorse, or warrant the accuracy of AI-generated content. See our Terms of Service for additional disclaimers.

4. Third-Party Service Providers

In addition to the AI platforms described above, we use the following third-party service providers to operate the Service:

Provider	Purpose	Data Shared
Supabase	Database hosting, user authentication, serverless functions	Account data, firm data, audit results, usage data
Stripe	Payment processing, subscription management	Billing information, email address, subscription details
Firecrawl	Website content analysis for AI-readiness assessment	Firm website URL; Firecrawl accesses publicly available web content
Lovable	Frontend application hosting	No direct personal data; hosts the application interface

Each provider processes data in accordance with their own privacy policies and our agreements with them. We require all service providers to maintain appropriate security measures and to process personal information only as necessary to provide their services to us.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

• Account data: retained while your account is active and for 30 days after account deletion
• Audit reports and AI platform responses: retained while your account is active; deleted within 30 days of account deletion
• Payment records: retained as required by applicable tax and financial regulations (typically 7 years)
• Usage logs: retained for 12 months for service improvement and security purposes

You may request deletion of your account and associated data at any time by contacting us at privacy@legendarylabs.com.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS/HTTPS) for all data transmissions
• Encryption at rest for stored data via our database provider (Supabase)
• Row Level Security (RLS) policies ensuring users can only access their own data
• Authentication via secure, hashed password storage
• Regular security assessments of our infrastructure and third-party providers

No method of transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your authenticated session
• Remember your preferences
• Analyze usage of the Service

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features of the Service.

8. Your Rights

8.1 All Users

Regardless of your location, you have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request correction of inaccurate personal information
• Deletion: request deletion of your account and personal information
• Portability: request your data in a structured, machine-readable format
• Opt-out: unsubscribe from marketing communications at any time

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: you may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it
• Right to Delete: you may request that we delete personal information we have collected from you, subject to certain exceptions
• Right to Correct: you may request that we correct inaccurate personal information
• Right to Opt-Out of Sale/Sharing: we do not sell personal information. If our sharing of data with AI platforms is deemed “sharing” under the CCPA, you may opt out by contacting us
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights

To exercise these rights, contact us at privacy@legendarylabs.com. We will verify your identity and respond within 45 calendar days (extendable by an additional 45 days with notice).

8.3 European Economic Area and UK Residents (GDPR)

If you are located in the EEA or UK, we process your personal data on the following legal bases:

• Contract performance: processing necessary to provide the Service you have subscribed to
• Legitimate interests: processing for service improvement, security, and fraud prevention
• Consent: where you have given explicit consent (e.g., marketing communications)

You have additional rights under the GDPR, including the right to restrict processing, object to processing, and lodge a complaint with your local supervisory authority. Note that AI platform API calls may involve the transfer of your data to the United States; we rely on standard contractual clauses and other appropriate safeguards where required.

9. Children’s Privacy

The Service is designed for business use by legal professionals. We do not knowingly collect personal information from individuals under 18 years of age. If we learn that we have collected information from a child, we will promptly delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. Our third-party AI platforms and service providers may process data in various jurisdictions. We ensure that appropriate safeguards are in place for international transfers, including standard contractual clauses where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, for registered users, by sending an email notification. The “Effective Date” at the top of this policy indicates when it was last updated. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Legendary LLC
5152 N. Edgewood Dr. Ste. 280, Provo, UT 84604
Email: privacy@legendarylabs.com
Website: www.legendarylabs.com/contact

For CCPA/CPRA requests, you may also contact us at privacy@legendarylabs.com with the subject line “CCPA Request.”