Skip to content

Privacy Policy

This Privacy Policy (“Privacy Policy”) covers LegitScript’s treatment of information that you provide to us or that we collect from you when you are visiting and/or use the website. This policy does not apply to the practices of companies that LegitScript does not own or control or to individuals whom LegitScript does not employ or manage, including operators of sites you may link to or from the website or from which you link to the website. This Privacy Policy should be read in connection with our Terms and Conditions.

The Basics

LegitScript LLC (“LegitScript” or “we”) is committed to complying with all applicable data protection laws, including the data protection requirements introduced by California Consumer Protection Act and the European Union General Data Protection Regulation (Regulation 2016/679). This Privacy Statement contains information on what data we collect, what we do with that information, and what rights you have.

We do process some personal data in order to run our business. There are some situations where we may share your information with third parties (for example, pursuant to a court order, government request, or with our business partners and service providers who support our business or partner with us).

We take the protection of your information seriously and take steps to make sure your personal information is secure. Please read the full Privacy Statement below. Please feel free to contact us if you have any questions.

The Details

LegitScript respects your privacy. This Privacy Statement outlines our commitment to protecting your data. Read together with our Terms of Use, this Privacy Statement describes the types of data we collect or data that you might provide us—for example, when you visit any of our websites, use our products, or contact us—and how we use, secure, and disclose data.

You should know that this Privacy Statement does not apply to information about you collected via any third-party site or application (including advertising or similar services) that may link to, or be accessible from, LegitScript’s websites. We are not responsible for the privacy policies or data collection, use, and disclosure practices of those sites. We encourage you to read the written policies of all sites you visit.

By visiting or using any of our websites or services (including email communications), you agree to this Privacy Statement. Our Privacy Statement may change from time to time, at LegitScript’s sole discretion, and these changes can affect the information described below, so please check back periodically for any updates.


LegitScript takes appropriate steps to protect and secure your personal data from unauthorized access, use, and disclosure. We use adequate technical and organizational measures to protect your personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure, or access and against all other unlawful forms of data processing. We put these measures in place after evaluating current state of the art of the technology, the cost of implementation, risks presented by processing, and the nature of the personal data.

Although we take reasonable security measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to our websites. The transmission of information via the internet is not 100% secure. LegitScript does not ensure or warrant the security of any information you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the websites.

How We Protect and Use Personal Data

We collect different types of information for our business operations, including but not limited to:

  • Website data. This includes information provided at the time of purchasing or registering for our products and services, or requesting further services. Also, we may ask you for information when you report a problem with our websites, products, or services.
  • Data you provide to us. When you click through our websites, purchase our services, or otherwise contact us, we may request, or you may choose, to give us information. This may include information by which you may be personally identified (“personal information” or “personal data”), such as your contact information, name, company, employer, e-mail address or telephone number, and records and copies of your communications with us. We may at times share this information with our business partners in order to provide our products and services to you.
  • Marketing. If you are interested in, or have used our products in the past, you may periodically receive emails from us containing details about features of the products you use and/or about similar products or services that we offer.
  • Public Data. We will from time to time collect information from publicly available websites and index that information in order to assess the functionality of LegitScript’s proprietary software and analysis programs. This information is often used to detect and shutdown illegal or illicit activity. Additionally, we will at times receive incidental personal information from partners or from publicly available sites. We do not identify, index or link this data in any way.
  • Usage information, IP addresses and cookies. As you click through and interact with our websites, our websites might automatically collect certain information about your equipment, browsing actions and patterns using common internet technologies, such as cookies and Google analytics. These common internet technologies may collect information about details of your visits to our websites, including information about your connectivity, such as your IP address and browser information, location data, logs and other communication data, and the resources that you access and use on the websites. You may refuse the use of cookies by selecting the appropriate settings on your browser. If you do, please note that you may not be able to fully access our websites. By using or visiting our websites, you consent to the processing of data in this manner and for the purposes outlined in this Privacy Statement.If you wish to withdraw your agreement to accept cookies and similar technologies, please delete the cookies via your browser settings. There is a brief guide in this policy, which explains what cookies are and how to delete them:
  • General business operations. We may also receive or collect other personal data from or about you in the ordinary course of our business. Here is how we use information that you provide or we collect:
    • To provide our websites, products, and services;
    • To give you information, products, or services that you request from us;
    • To let you know about changes to our website, products, or services;
    • To ensure the integrity and security of our websites, products, and services;
    • For our ordinary business operations, including human resources, recruiting, and business research and outreach; and
    • To comply with our legal obligations.

Our Legal Basis for Data Processing

In some circumstances, we are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process your personal data in these specific situations if:

  • the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request, such as when we authenticate your log-in to our services or ensure that you only have access to the services and data you’ve agreed to buy;
  • the processing is necessary to comply with our legal or regulatory obligations, such as tax reporting or regulatory requirements;
  • the processing is necessary for the legitimate interests of LegitScript, and does not unduly affect your interests or fundamental rights and freedoms (see below);
  • the processing is necessary for the performance of a task carried out in the public interest; or
  • if we have your consent.

If we ever process any special categories of data relating to you, we will do so because:

  • the processing is necessary for the establishment, exercise or defense of a legal claim;
  • the data has been manifestly made public;
  • the processing is necessary for to serve a substantial public interest; or
  • you have given your explicit consent to us to process that information (where legally permissible).

LegitScript may, from time to time, access accounts and information you may have stored with us or third party applications operating in conjunction with our services, in order to provide technical assistance or to ensure the veracity of the data contained therein.

Data Integrity

We do not use personal data in ways that are inconsistent with those described in this Privacy Statement. We only collect and retain as much personal data as we need for the specific purposes we have described, or to comply with our legal and regulatory obligations.  When data retention is no longer necessary, we may delete personal data or retain it in a form that does not personally identify anyone.

Information Use, Disclosure, and Your Options

It is important to us that we adequately protect your personal information, especially when we disclose information about you. We may disclose or transfer personal information that we collect or you provide as described in this Privacy Statement, including:

  • As required by law, including to respond to any government or regulatory request.
  • To enforce the Terms and Conditions that apply to the use of our products and services, including to protect the rights, property or security of LegitScript, our employees, our users, and others.
  • As part of a merger, acquisition, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of LegitScript’s assets.
  • To our affiliates, agents, contractors, service providers, and others we use to support our business or collaborate with and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes of providing services for or with us.

You have choices about the personal data you provide us.  Here are some ways you can control the data we have:

  • You may be able to change your internet browser settings to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our websites may be inaccessible or not function properly.
  • You may opt out at any time from the use of your personal information for direct marketing purposes by contacting us at [email protected]. Please allow us a reasonable time to process your request. If you do not wish to receive promotional e-mail messages from us, you can always opt-out at

Accessing and Correcting Data

In some circumstances, you may have the right to access personal data that we hold and ask that we correct, amend, or delete information which is inaccurate or has not been processed in accordance with applicable data protection laws, except where the burden or expense of providing access would be disproportionate to the risks to your privacy or where the privacy rights of third parties would be violated. LegitScript may require EU and Swiss residents to provide sufficient (at LegitScript’s discretion) verification of your identity before responding to your request.

We may also ask you to provide information that helps us better understand what you are asking. To exercise your rights, send an email to [email protected]. We’ll do our best to honor these requests as required by applicable laws, but understand that your data access rights are not absolute. They may not always apply to you and exemptions may be appropriate. For example, LegitScript may have limited access to the data we process on behalf of our customers in connection with our services. Therefore, data access requests should include the name of the LegitScript customer who submitted your personal data to LegitScript. We will forward such requests to the customer you identify to respond directly to you and will provide any necessary assistance in that customer’s response to you. LegitScript specifically reserves all rights under this section. If you are not satisfied with how we process your personal data, please let us know and we will investigate your concern. If you are not satisfied with our response, you have the right to make a complaint to the relevant authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen. The contact details of each Data Protection Authority can be found at the following website:

Third-party Services

Auth0’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Important Notice to all California Residents

Under the CCPA California residents have a right to opt-out of the sale of their personal information by LegitScript. We do not currently sell individual or consumer information and therefore do not offer an opt-out process.

Additionally, California residents have a right, under the California Consumer Privacy Act, to request to know what personal information LegitScript may collect, store, or use about them during the course of business and a right to request the deletion of that information as addressed below.

  • California residents may request to know what personal information LegitScript collects, stores, or uses by emailing [email protected] with the subject line “Right to Know”. Residents will be asked to supply additional information to verify their California residency such as an address or phone number. Upon a successful verification of residency LegitScript will respond to the initial request within 45 days.
  • California residents also have a right under the CCPA to request the deletion of any personal information that we collect. After or before submitting a verified request to know via [email protected] (mentioned above) you may request deletion of any and all personal information that LegitScript currently possesses. Residents who have not previously submitted a verified request to know will need to verify their identity with an address, phone number or email.
  • Under the CCPA California residents have a right to opt-out of the sale of their personal information by LegitScript. We do not currently sell individual or consumer information and therefore do not offer an opt-out process.
  • We will never discriminate against anyone or diminish our products or services in response to an individual exercising the privacy rights conferred on them by the CCPA or any other applicable privacy law.
  • If you would like to designate an authorized agent to make requests to know under the CCPA on your behalf, please email [email protected].

Please note that it is possible that LegitScript, for various reasons, may not meet certain thresholds or requirements for CCPA applicability. Nothing herein may be construed as waiving any arguments LegitScript may have regarding the applicability of the CCPA to LegitScript and its operations.

Important Notice to Non-U.S. Residents

Our servers are located in the US. If you are located outside of the U.S.A., please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the USA. Except as otherwise noted, your decision to provide such data to us, or allow us to collect such data through our websites or products, constitutes your consent to this transfer of data and personal information.

Important Notice for Residents of the European Economic Area

We are committed to resolving complaints about your privacy and our collection and use of your personal information. If you have an inquiry or complaint regarding this Privacy Policy, you should first contact us at [email protected]. If we can’t resolve your issue, we may be able to refer the dispute to JAMS for dispute resolution. If we can’t resolve your issue to your satisfaction, please visit

Onward Transfer of Data to Third Parties

Like many businesses, we sometimes hire other companies to perform services for us. We may need to disclose personal data to certain types of third party companies, but only to the extent it is required for them to perform the services for us. The types of companies that might receive personal data are those that provide: marketing and advertising, billing, data storage and hosting, and sales support businesses. If you have any questions about how these companies use your data, or if you wish to opt out of having your personal data transferred to any or all categories of our agents, please contact us at [email protected]. It will take us a reasonable amount of time to process your information. In the event personal data is transferred to a different jurisdiction, we will take appropriate steps to ensure that your personal data receives an adequate level of protection, including putting in place appropriate written data processing terms and/or data transfer agreements, using contractual clauses as approved by the European Commission (the form for the standard contractual clauses is located here).

Children Under the Age of 18

People under the age of 18 are not permitted to visit our websites or register for our services. If you become aware that your child has provided us with personal information without your consent, please contact us [email protected] and we will work to delete it. We do not knowingly collect personal information about children under 18. If we learn that a child under 18 has provided us with personal data, we will delete this information, subject to any limitations on our ability to do so.

Identity Verification, Know Your Customer, and Know Your Business Privacy Policy

How We Collect and Use Personal Data to Provide the Service

This section describes the Personal Data we collect and how we use it in order to provide the Know Your Business services to our Customers. Personal Data means information that relates to an identified or identifiable individual.

You provide Personal Data to us at the direction of our Customers so that our Customers may verify your identity or prevent fraud. In the course of performing the Service, we may also obtain Personal Data from other sources such as third party databases, government records, and other publicly available sources. The Personal Data we collect varies based on what you provide, what the Customers has directed us to analyze, and what Personal Data is available from third parties.

You may directly provide:

  • Name and contact information, including name, email address, address, and phone number;
  • Demographic data, including birthdate and age;
  • Files you upload, such as tax forms and utility bills;
  • Government documents and identifiers, such as driver's license and Social Security Number; and
  • Audio, Video, and Photos of you, namely from the selfie you provide and from your government identification document.

How We Use Your Data

We use your data for the following business and commercial purposes:

  • Provide Services: To operate, provide, and maintain our services.
  • Develop Existing Services: To improve, enhance, modify, add to, and further develop our services.
  • Help Prevent Fraud, Verify Your Identity, or Protect Privacy: To verify your identity and help protect you, developers, our partners, Plaid, and others from fraud, malicious activity, and other privacy and security-related concerns.
  • Develop New Services: To develop new products and services.
  • Develop Insights: To develop insights based on the data we've collected about you. This includes your transaction data, other financial data, and data from other sources, to help developers of your connected apps provide services and/or a better user experience to you, like providing you with faster access to your funds, to help detect and prevent potentially fraudulent activity.
  • Provide Support: To provide support to you or to developers, including to help respond to your inquiries related to our services or developers' apps.
  • Communicate With You: To communicate with you and send you things like technical notices, updates, security alerts, and messages if you use Plaid Portal or Remember Me.
  • Investigate Misuse and Misconduct: To investigate any misuse of our service or developers' apps, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services.
  • For Legal Purposes: To comply with contractual and legal obligations under applicable law and for other legal purposes such as to establish and defend against claims.
  • With Your Consent: For other notified purposes with your consent or at your direction.

We use Personal Data to provide our Customers with the Service so they can verify the identity of individuals and prevent fraud. This processing is necessary to perform our contract with our Customers. As part of performing the Service, we use Personal Data to improve and troubleshoot our Services.

Information We Create or Generate

We may infer new information from other data we collect, including using automated means to generate information about risk level or other characteristics (“inferences”). For example, we may infer your general geographic location (such as city, state, and country) based on your IP address or other available methods of verification.

How We Disclose Personal Data

We disclose Personal Data with your consent or as necessary to complete your transactions or provide the services you have requested or authorized. In addition, we disclose each of the categories of Personal Data described above, with the types of third parties described below, for the following business purposes:

  • Public information. You may select options available through our services to publicly display and share your name and/or username and certain other information, such as your profile, demographic data, content and files, or geolocation data.
  • Service providers. We provide Personal Data to vendors or agents working on our behalf for the purposes described in this policy. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to Personal Data to provide those functions.
  • Affiliates. We enable access to Personal Data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to provide our services and operate our business.
  • Legal and law enforcement. We will access, disclose, and preserve Personal Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
  • Security, safety, and protecting rights. We will disclose Personal Data if we believe it is necessary to:
    • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
    • operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
    • protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

How We Disclose Personal Data To Third Parties

We may engage third parties to assist us in providing the Services, in which case we may disclose Personal Data to them. We may also disclose Personal Data to service providers, including hosting, cloud services and other information technology services providers; email communication and SMS software providers; and identity verification services, mobile device operators, background check providers, public and private records database providers, consumer reporting services, and fraud and identity management providers. For example, we may disclose your name and address to a third party database provider in order to request information they may have about you. Pursuant to our instructions, these parties will access, process or store Personal Data while performing their duties to us. We may also disclose Personal Data when required to do so by law.

Data Retention

We retain Personal Data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and any other legitimate or lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and our legal or contractual obligations.

Choices Regarding Personal Data

LegitScript is the data processor for the processing of Personal Data on behalf of its Customers. If you are an individual whose identity has been verified through LegitScript, please contact the appropriate Customer to exercise any rights that you may have under applicable law. If you have further concerns or questions regarding the processing of your Personal Data, please email [email protected].

Changes to Our Privacy Statement

We may change this Privacy Statement at any time. We encourage you to visit this page often to read the effective version of this Privacy Statement. If you have any concerns or questions about this Privacy Statement, or if you would like to lodge a complaint, please contact [email protected].
This Privacy Statement supersedes and controls over any other similar statement or policy found on our websites.

Contact Us

If you have any questions or comments about this Privacy Statement, please contact us by emailing us at [email protected] or by writing to us at:

LegitScript LLC
111 SW 5th Ave Suite 2700
Portland OR 97204

Last reviewed: April 2024