Due to the nature of our business, Legitimate collects usage data for analytics purposes on behalf of brands and creators to measure engagement and success metrics.

We follow all privacy regulations including GDPR in Europe, CCPA in California, VCDPA in Virginia, LDPR in Brazil, and more.

Product Analytics

Legitimate uses Google Analytics to collect data about how our products are being used.

Data Collected

Data that is collected includes, but is not limited to:

1. LGT Tag ID (a unique identifer for each NFC tag)

2. Page viewed

3. Session duration

4. Device type

5. Geographic region including city, state/province/prefecture, and country

This data may be shared with our clients when requested.

We do not collect user specific data including emails or phone numbers for product usage analytics.

Data Collection Consent

Depending on regional privacy regulations, users will see different ways to opt-in or opt-out of data collection.

All Legitimate sites have links at the bottom of the page allowing users to opt-out of data collection.

Europe and Brazil

A cookie consent banner will be presented when interacting with Legitimate's services that will allow the user to opt-in to data collection and select the types of data collected.

Users can change their preference in the footer links.

United States

An informational banner will be presented when interacting with Legitimate's services that will notify the user of data that is being collected. The user can choose to opt-out of data collection when desired in the banner, or footer links.

All Other Regions

Data collection is turned on by default and the user can choose to opt-out when desired using the links in the footer.

User Accounts (Crypto Wallets)

Our system tracks ownership and activation state of phygital items through the blockchain. All users, whether using email, SMS, or crypto wallets, have a unique public wallet address. This address is not publicly associated with the owner, but can be configured through various third party platforms to assign usernames, avatars, and social media accounts that may reveal a person's identity.

WalletConnect + Dynamic.xyz

When a user connects their own crypto wallet to Legitimate's services, they will most likely use a system called WalletConnect that allows mobile, web, and other wallets to connect to dApps.

We utilize a separate service called Dynamic to manage third party wallet connections including WalletConnect.

Legitimate does not store any data about with end user wallets and wallet interactions.

Magic Connect (Email Wallet)

When a user uses email to login to Legitimate, they use our service provider Magic to create an email based wallet. This email and wallet is stored with Magic.

Legitimate does not have access to the email unless that permission is granted by the user when requested with Magic. Legitimate does not store any email address or wallets associated with emails.

Magic Auth (Enterprise Email/SMS Wallet)

This is a custom service add-on available for our enterprise clients that require customized login flows and data requirements. The email, phone number, and wallet is stored with Magic.

Legitimate does not store email addresses, phone numbers, or wallets.

However, Legitimate will sometimes fetch email, phone number, and wallet information from Magic for specific product features such as ownership history and processes this data on our servers. Historical data is always anonymized and is not saved on our servers.

Blockchain Data

Since all of Legitimate's products run on public blockchains such as Avalanche, Ethereum, and Polygon, all ownership, mint, and transfer history is publicly viewable on Snowtrace, Etherscan, PolygonScan, and many other blockchain or NFT platforms.

We utilize many third parties to process public blockchain data on behalf of Legitimate including Infura, Ava Labs, Ankr, SimpleHash, and others.

Legitimate does not store any blockchain data.

Marketing Emails

For enterprise clients that require email marketing integrations with their phygital products, we utilize MailChimp to manage mailing lists, subscriptions, and unsubscribe requests.

Enterprise clients may request this mailing list from Legitimate and we will only share the emails associated with the clients' products.

Users have to opt-in to marketing emails via the login and activation flow. Legitimate does not store any user emails.