Last updated: July 29, 2022.
The privacy of your data — and it is your data, not ours! — is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.
We’ll never sell your private personal information to third parties, and we won’t use your name or company in marketing statements without your permission, either.
Part of our service does involve people being able to search for and find journalists and profiles, but the only information accessible is information you openly display on your profile.
When you write to Legitimate with a question or to ask for help, we'll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we'll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.
The only times we’ll ever share your info:
You may have heard about the General Data Protection Regulation (“GDPR”) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, Legitimate recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:
Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us.
As part of the services we provide, and only to the extent necessary, we use certain third party processors to process some or all of your personal information. This is done to verify your identity. We currently use Persona (https://www.withpersona.com/). We have signed appropriate data processing contracts that comply with GDPR with each processor.
Legitimate won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we're legally prevented from it, we’ll always inform you when such requests are made.
All data is encrypted via [SSL/TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) when transmitted from our servers to your browser. The database backups are also encrypted. Data isn’t encrypted while it's live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest—you can read more about that on our [security page](/security/overview.md). For more information about how we keep your information secure, please review our [security overview](/security/overview.md).
When you cancel your account, we'll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it's active will also be purged within 30 days (up until then it's available in the trash can).
This Site is operated in the European Union. If you are located in the United States or elsewhere outside of the European Union, please be aware that any information you provide to us will be transferred to the European Union. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
Legitimate may update this policy once in a blue moon — we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time by contacting our support team.
Questions about this privacy policy? Please get in touch with support and we’ll be happy to answer them!