Privacy Policy

Legacy-Loop Tech LLC · Waterville, Maine · Effective June 24, 2026 · Last updated June 30, 2026

This Privacy Policy explains how Legacy-Loop Tech LLC (filed in Maine as LEGACY-LOOP TECH LLC) (“Legacy-Loop,” “we,” “us”) collects, uses, shares, and protects information when you use the Legacy-Loop platform, websites, and applications, including app.legacy-loop.com and legacy-loop.com (the “Service”). Legacy-Loop is an AI-assisted resale automation platform based in Maine, United States.

Soft-beta note.

The Service is currently provided as a limited soft beta. We are putting these privacy and data-handling practices in place before opening the Service to the general public.

2. Information We Collect

3. How We Use Information

Our stance on AI model training.

We use third-party AI providers to process your content so we can deliver features (see Section 4). This real-time processing is inference (using content to operate the Service), not training. Today, we do not use your content to train our own AI or machine-learning models, and we do not sell your content. We use AI providers whose API terms prohibit using content submitted through their APIs to train their models (for example, OpenAI and Anthropic). We do intend to begin using your content to train and improve our own AI in the near future, and we will do it transparently: we will update this Policy, notify you, and obtain your opt-in consent before we begin. This choice is off by default, presented as a clear and separate choice (not bundled into your acceptance of the Terms), and withdrawable at any time in your account settings. If and when we train, the inputs will be the opted-in content you provide (your photos, descriptions, and item data) together with aggregate market and pricing data from public marketplaces (which is not your personal content); we will never train on Meta-origin data, and we will never use your content in a hidden or exploitative way.

4. AI Processing

To deliver core features, we send only the minimum content needed to the AI providers listed in Section 10:

Inference, not training.

The processing above is inference: real-time use of your content to operate the Service for you (identifying items, estimating prices, and drafting replies you choose to send). It is not used to train our own AI models. We do not use any Meta Platform Data to train any AI model, and Meta Platform Data is excluded from any future training. To operate messaging features at your direction, message content from connected Facebook, Instagram, or Messenger accounts may be processed in real time by the AI sub-processors in Section 10 to draft a suggested reply; it is not retained by us to train a model. AI outputs are informational estimates, not professional appraisals or guarantees (see our Terms of Service).

5. How We Share Information

We do not sell your personal information. We share information only as follows:

6. Connected Third-Party Platforms and Marketplace Data

When you connect a platform such as eBay, we access and use the information necessary to perform the actions you authorize. You can disconnect a connected account at any time, which ends future access for that platform. Separately, to estimate prices we research publicly available comparable listings from marketplace sources (via Apify); this comparable-price research uses item keywords and does not require your personal account information.

7. Facebook, Instagram, and Meta Platform Data

Legacy-Loop integrates with Meta Platforms, Inc. services including Facebook, Instagram, and Messenger. If you connect a Facebook Page or Instagram Business account, Legacy-Loop operates as a technology provider acting on your behalf and accesses Meta Platform Data only to operate your own connected accounts at your direction.

These integrations enable:

What we do with Meta Platform Data.

Retention of Meta Platform Data.

We retain Meta Platform Data while your account is active and your Meta connections remain authorized. When you disconnect a Page or delete your account, the associated Meta Platform Data is deleted promptly; backups are purged within 30 days, except as required for legal compliance or fraud prevention.

Your rights regarding Meta Platform Data.

We honor Meta’s data-deletion callback (it validates Facebook’s signed request and returns a confirmation). We respond to verified requests within 30 days as required by applicable law.

Meta’s own practices.

Meta operates Facebook, Instagram, and Messenger. Meta’s use of your data on its platforms is governed by Meta’s Privacy Policy, not this document. Review Meta’s policies at https://www.facebook.com/privacy/policy.

8. Cookies and Similar Technologies

We use essential cookies and similar technologies (such as local storage) to keep you signed in, remember preferences, and secure the Service. We do not currently use third-party advertising or cross-site tracking cookies.

You can control cookies through your browser; disabling essential cookies may affect the Service.

9. Data Security

In transit: HTTPS/TLS everywhere, with HSTS (one year, preload), a Content-Security-Policy, and additional security headers. At rest: our primary database (Turso) provides encryption at rest at the database layer, and we additionally encrypt connected-platform (Meta Page) access tokens with AES-256-GCM at the application layer. We also use access controls, authenticated sessions, and per-user rate, size, and cost limits. No method of transmission or storage is perfectly secure.

10. Sub-processors

We rely on the following service providers, each processing data on our behalf under confidentiality and security obligations. We keep this list current and disclose new sub-processors here.

Sub-processorFunctionData it touchesLocation
Vercel Inc.Application hosting and content delivery (CDN), including the waitlist intake endpointWeb/app traffic, server logs, IP addresses, and waitlist form submissions in transit (name, email, interest)United States
Turso (Chiselstrike Inc.)Primary database; encryption at rest at the database layerAccount data, listings, messages, encrypted connected-platform tokensUnited States
Stripe, Inc.Primary payment processingCard data entered client-side via Stripe (held by Stripe); we store only Stripe IDsUnited States
OpenAI, L.L.C.AI vision — item identification/analysis (GPT-4o)Item photos you uploadUnited States
Anthropic PBCAI — drafting suggested message replies (Claude)Buyer and customer message text, including messages from connected Facebook, Instagram, or Messenger accounts, processed in real time to draft suggested replies you choose to send (inference only; never used to train any model)United States
Google LLC (Gemini)AI — text routing, search, assistant featuresItem/listing text and queriesUnited States
Google LLC — GeminiAI scoring and classification of waitlist leads (deriving a likely persona, an interest score, a short internal lead brief, and tailored outreach copy)Stated interest category only. We do not send your name, email address, or other identifiers to this model.United States
Google LLC — Google SheetsStorage of our pre-launch waitlist (lead list), including the derived interest scoreName, email address, stated interest, sign-up source and date, and a derived interest scoreUnited States
Google LLC — Google Workspace (Gmail)Sending your waitlist confirmation email and internal lead notifications to our teamName, email address, stated interest, and cohortUnited States
xAI Corp. (Grok)AI — text routing/assistant featuresItem/listing text and queriesUnited States
Perplexity AI, Inc.AI — research/search featuresItem/listing text and queriesUnited States
ElevenLabs Inc.Text-to-speech (voice) featuresText submitted for narrationUnited States
EasyPostParcel shipping rates and label generationShipping/pickup addresses, parcel detailsUnited States
ShippoShipping rates (secondary)Shipping addresses, parcel detailsUnited States
FedExCarrier / freight (LTL) servicesShipping/freight detailsUnited States
ApifyMarketplace price/comparable-item research (public listing data)Item keywords and search queries (no account PII)United States
eBay Inc.Connected marketplace integrationListing and message data you authorizeUnited States
Twilio Inc.SMS / text notificationsPhone number and message content (only with consent)United States
Twilio SendGridTransactional and account emailName, email address, message metadataUnited States
Meta Platforms, Inc.Facebook, Instagram, and Messenger integrationConnected-account data per the permissions you grantUnited States
n8n (self-hosted)Workflow automation, including our waitlist lead pipelineName, email address, stated interest, and a derived interest score (waitlist), plus other operational data configured in our workflowsSelf-hosted on DigitalOcean (United States)

Cloudinary (Cloudinary, Inc.) provides image storage and delivery for the photos and documents you upload (United States).

Error-monitoring and analytics tools (e.g., Sentry, PostHog, Google Analytics) are not wired today and would be disclosed here if enabled.

11. Data Retention

When you request deletion or delete your account, we perform an immediate hard delete of your personal data (account, items, listings, messages, and payment references) across our active systems. Encrypted backups are purged within 30 days, and security logs are retained up to 90 days, except where longer retention is required for legal compliance, fraud prevention, or dispute resolution.

12. Your Rights and Data Deletion

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. To exercise these rights, contact us at privacy@legacy-loop.com. You may also delete your account and data in the Service, or use https://app.legacy-loop.com/data-deletion. You can also view and download a record of the agreements and consents you have given, including your AI-training choice, in your account settings; this consent record is being rolled out and will be fully available there. We honor Meta’s data-deletion callback.

13. Government and Legal Requests

We disclose information to government authorities or in response to legal process only when we believe in good faith that we are legally required to do so, or where necessary to protect rights, property, or safety. Our practice is to:

As of the Effective Date of this Policy, Legacy-Loop has not received or complied with any government request for user data.

14. Children’s Privacy

The Service is not directed to individuals under 18, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact privacy@legacy-loop.com so we can delete it.

15. Your U.S. State Privacy Rights

Depending on your state, you may have the right to: access the personal information we hold about you and how we process it; correct inaccuracies; delete it; obtain a copy (portability); and not be discriminated against for exercising these rights. Where we rely on consent, you may withdraw it. These rights apply to residents of states with comprehensive privacy laws (including California/CCPA-CPRA, Colorado, Connecticut, Virginia, Texas, and others) and may be limited by applicable law. We do not sell your personal information.

Categories of personal information we collect

Category (as defined by state law)Collected
A. Identifiers (name, email, IP address, account ID)YES
B. California Customer Records (name, contact, financial info)YES
C. Protected classification characteristics (age, gender, race)NO
D. Commercial information (listings, purchase/sale history)YES
E. Biometric informationNO
F. Internet or other network activity (usage of our Service)YES
G. Geolocation data (approximate; meetup location with consent)YES
H. Audio/visual or similar information (item photos you upload)YES
I. Professional or employment informationNO
J. Education informationNO
K. Inferences (interests and buyer-seller matches)YES
L. Sensitive personal informationNO

How to exercise your rights

Contact us at privacy@legacy-loop.com or use https://app.legacy-loop.com/data-deletion. We will verify your request and respond within the time required by applicable law (generally 30–45 days). You may use an authorized agent where the law allows. If we decline a request, you may appeal by emailing privacy@legacy-loop.com with “Appeal” in the subject line.

Do-Not-Track (DNT)

Most browsers offer a Do-Not-Track setting, but no finalized industry standard exists for it. We do not currently respond to DNT signals. If a standard is adopted that we are required to follow, we will update this Policy.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by email and update the effective date above.

17. Contact

Legacy-Loop Tech LLC

Mailing address: P.O. Box 1485, Waterville, ME 04903

Privacy contact: privacy@legacy-loop.com · Support: support@legacy-loop.com

Data deletion: https://app.legacy-loop.com/data-deletion · Privacy: https://app.legacy-loop.com/privacy · legacy-loop.com

© 2026 Legacy-Loop Tech LLC. Effective June 24, 2026. Last updated June 30, 2026.