Legacy Toolkit

Legacy Toolkit Privacy Policy

Updated June 21, 2026

Legacy Toolkit is designed around a local encrypted vault. This Privacy Policy explains what information is involved when you use the website, account system, desktop app, checkout, support, encrypted sync, and sharing features.

Scope

This policy applies to Legacy Toolkit websites, account pages, subscription checkout, support communications, update/download services, cloud sync, sharing features, and the Legacy Toolkit desktop app.

This policy does not apply to third-party websites or services that Legacy Toolkit does not control, even if they are linked from the website or used by your device separately.

Information we collect

  • Account information, such as email address, authentication identifiers, sign-in state, and subscription status.
  • Checkout and billing information handled through Stripe, such as plan selection, price identifiers, checkout status, payment status, billing interval, and customer or subscription identifiers. Legacy Toolkit does not intentionally collect full card numbers.
  • Desktop app and update information, such as installer channel, platform, version, update checks, and basic request data needed to deliver downloads and updates.
  • Cloud sync and sharing metadata, such as user identifiers, profile version metadata, sync status, recipient records, sharing envelopes, and timestamps needed to operate sync and access controls.
  • Encrypted vault payloads if you enable cloud sync or sharing. These payloads are designed to be encrypted by the desktop app before upload.
  • Support information you send to us, such as your email address, messages, screenshots, troubleshooting details, and other information you choose to include.
  • Website and security logs, such as IP address, browser or device information, requested URLs, timestamps, and basic diagnostics needed to run, secure, and debug the service.

Local vault data

The primary Legacy Toolkit vault is designed to live locally on your device and to be encrypted there. Your operating system account, device unlock settings, backups, and recovery paths are part of the security boundary.

If you choose not to use cloud sync or sharing, your private profile content is intended to remain in the local desktop vault. If you enable sync or sharing, encrypted payloads and related metadata may be transmitted to Legacy Toolkit services so those features can work.

How we use information

  • To provide, maintain, secure, and troubleshoot the website, desktop app, account system, downloads, updates, sync, sharing, and subscription features.
  • To authenticate users, manage sessions, prevent abuse, and protect accounts.
  • To process checkout, subscription status, renewals, plan access, invoices, and payment-related events.
  • To deliver installers, updates, changelog information, and support responses.
  • To understand whether the service is working and to improve product reliability, security, and usability.
  • To comply with legal obligations, enforce terms, resolve disputes, and protect users, Legacy Toolkit, and others.

How we share information

We use service providers to operate parts of the product. These providers may process information for hosting, authentication, checkout, support, security, analytics, storage, email delivery, downloads, or infrastructure operations.

Current product paths include Clerk for authentication, Stripe for checkout and subscription processing, Vercel for website hosting, Legacy Toolkit API and update services, and other infrastructure providers needed to operate the service.

We may share information if required by law, legal process, security investigation, enforcement of our terms, protection of rights or safety, or a business transfer such as a merger, acquisition, financing, or sale of assets.

What we do not do

  • We do not ask you to send vault contents, passwords, recovery codes, or private documents by email.
  • We do not intentionally sell your private vault contents.
  • We do not intentionally use your private vault contents for advertising targeting.
  • We do not intentionally train public AI models on your private vault contents.

Cookies and local storage

The website and account system may use cookies, local storage, session storage, and similar technologies for sign-in, checkout handoff, account security, fraud prevention, preferences, and normal website operation.

Some third-party services, such as authentication or checkout providers, may set their own cookies or storage when their services are loaded or used.

Retention

We keep information for as long as needed to provide the service, maintain accounts and subscriptions, comply with legal obligations, resolve disputes, enforce agreements, preserve security, and support backups or audit records.

Local vault data stored only on your device remains under your device and backup controls. Cloud sync data, account records, subscription records, and support records may follow different retention periods depending on feature use, legal requirements, and operational needs.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain personal information. You may also have the right to complain to a data protection authority.

You can contact privacy@legacytk.com to request help with privacy or data questions. We may need to verify your identity before acting on a request. Some requests may be limited by security, legal, fraud-prevention, billing, backup, or operational requirements.

Security

Legacy Toolkit uses technical and organizational safeguards intended to protect information, including local encryption design, account authentication, access controls, secure transport, and infrastructure security practices.

No method of transmission or storage is perfect. You are responsible for protecting your device, operating system account, passwords, recovery methods, and backups.

Children

Legacy Toolkit is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact privacy@legacytk.com.

International use

If you use Legacy Toolkit from outside the country where our providers or infrastructure are located, your information may be processed in other countries with different data protection laws.

Changes and contact

We may update this policy as the product, providers, laws, or operational practices change. If we make material changes, we will update the date above and provide notice where appropriate.

Privacy questions can be sent to privacy@legacytk.com. Do not include vault plaintext, private documents, passwords, or recovery codes in support messages.

Related