Privacy Regulation Compliance
User data and privacy is of utmost importance to Legitimate. We minimize the data we collect and store and we do not sell any data to third parties.
Due to the nature of our business, Legitimate collects usage data for analytics purposes on behalf of brands and creators to measure engagement and success metrics.
We follow all privacy regulations including GDPR in Europe, CCPA in California, VCDPA in Virginia, LDPR in Brazil, and more.
Data that is collected includes, but is not limited to:
- 1.LGT Tag ID (a unique identifer for each NFC tag)
- 2.Page viewed
- 3.Session duration
- 4.Device type
- 5.Geographic region including city, state/province/prefecture, and country
This data may be shared with our clients when requested.
We do not collect user specific data including emails or phone numbers for product usage analytics.
Depending on regional privacy regulations, users will see different ways to opt-in or opt-out of data collection.
All Legitimate sites have links at the bottom of the page allowing users to opt-out of data collection.
A cookie consent banner will be presented when interacting with Legitimate's services that will allow the user to opt-in to data collection and select the types of data collected.
Users can change their preference in the footer links.
An informational banner will be presented when interacting with Legitimate's services that will notify the user of data that is being collected. The user can choose to opt-out of data collection when desired in the banner, or footer links.
Data collection is turned on by default and the user can choose to opt-out when desired using the links in the footer.
Our system tracks ownership and activation state of phygital items through the blockchain. All users, whether using email, SMS, or crypto wallets, have a unique public wallet address. This address is not publicly associated with the owner, but can be configured through various third party platforms to assign usernames, avatars, and social media accounts that may reveal a person's identity.
Legitimate does not store any data about with end user wallets and wallet interactions.
Legitimate does not have access to the email unless that permission is granted by the user when requested with Magic. Legitimate does not store any email address or wallets associated with emails.
This is a custom service add-on available for our enterprise clients that require customized login flows and data requirements. The email, phone number, and wallet is stored with Magic.
Legitimate does not store email addresses, phone numbers, or wallets.
However, Legitimate will sometimes fetch email, phone number, and wallet information from Magic for specific product features such as ownership history and processes this data on our servers. Historical data is always anonymized and is not saved on our servers.
Legitimate does not store any blockchain data.
Enterprise clients may request this mailing list from Legitimate and we will only share the emails associated with the clients' products.
Users have to opt-in to marketing emails via the login and activation flow. Legitimate does not store any user emails.