This Privacy Policy describes how LegacyBond AI LLC ("Company," "we," "us," or "our") collects, uses, stores, and shares information when you use the LegacyBond AI platform, including our website, application, APIs, and all related services (collectively, the "Service"). By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.
We collect information you provide directly, information generated through your use of the Service, and limited technical data required to operate the platform.
Account & Identity Information. When you create an account, we collect:
Conversation & Memory Data. As you use the Service:
Payment Information. When you subscribe to a paid plan:
Usage Analytics. We collect basic usage data to improve the Service, including feature usage frequency, error events, and session activity patterns. This data is used in aggregate and is not linked to individual conversations.
Guest Sessions. If you use the Service without creating an account, a random guest identifier is stored locally in your browser. Guest conversation data is stored temporarily and linked only to that local identifier, not to any personal identity.
We use the information we collect for the following purposes:
We work with the following third-party service providers to operate the Service. Each processor receives only the data necessary to perform their specific function.
| Processor | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and storage infrastructure | Account data, conversation history, memory data, session data |
| Stripe | Payment processing and subscription management | Email address, subscription details; payment card data is processed directly by Stripe and never passes through our servers |
| Anthropic | Large language model powering AI companion responses (Claude) | Conversation messages and system context needed to generate responses; Anthropic does not use this data to train its models under our enterprise agreement |
| ElevenLabs | Text-to-speech voice synthesis for companion audio output | AI-generated companion text to be converted to audio; no personal user data is shared |
| Deepgram | Speech-to-text transcription for voice input | Audio recordings of your spoken input during voice sessions; transcriptions are returned to us and the audio is not retained by Deepgram beyond processing |
| Resend | Transactional email delivery (account verification, notifications) | Your email address and the content of transactional emails |
| OAuth authentication ("Sign in with Google") | Public profile data (name, email, profile photo) returned by Google during authentication; governed by Google's Privacy Policy |
Each of these processors maintains their own privacy practices and security standards. We encourage you to review their policies. Links: Supabase · Stripe · Anthropic · ElevenLabs · Deepgram · Resend.
A core feature of LegacyBond AI is long-term memory — your companion builds a persistent understanding of you across conversations. This includes remembered facts about the people in your life, your goals, significant events, emotional patterns, and personal context you've shared.
What is stored. Memory entries are structured records extracted by our AI from your conversations. They may include names of people you've mentioned, goals you've set, milestones you've shared, challenges you've described, and preferences you've expressed.
How long it is kept. Memory data is retained for as long as your account is active. It is the foundation of the relationship your companion builds with you over time and is not automatically deleted between sessions.
How to review and delete memories. You can view your stored memories through the app's memory settings. You may request deletion of specific memories or all memory data at any time by:
Conversation history. Full chat session transcripts are retained to support memory extraction and continuity features. You may request deletion of conversation history by contacting support.
Future memory. Some plans include a "future memory" or legacy feature that stores messages intended for future access. This data is retained indefinitely unless you request deletion.
LegacyBond AI supports voice input and voice output. Here is how each is handled:
Voice Input (Speech-to-Text). When you use voice input, your audio recording is transmitted in real time to Deepgram for transcription. The resulting text transcript is stored in our systems as part of your conversation history. We do not retain the raw audio recordings on our servers — audio is sent directly to Deepgram and the transcript is returned to us.
Voice Output (Text-to-Speech). When your companion speaks, the companion's text response is sent to ElevenLabs to generate an audio file. The audio is streamed to your device and is not permanently stored in your account. No personal data about you is included in the TTS request — only the companion's text.
Consent. Voice features require explicit browser permission to access your microphone. You may revoke microphone permission at any time through your browser settings. Revoking permission disables voice input but does not affect text-based features.
We use a minimal set of cookies and browser storage to operate the Service:
Authentication sessions. Supabase Auth sets a secure, HTTP-only session cookie to maintain your logged-in state. This cookie is essential for the Service to function and is deleted when you sign out or when the session expires.
Local storage. We store a small number of non-sensitive preferences and identifiers in your browser's local storage, including:
No advertising or tracking cookies. We do not use cookies for advertising, cross-site tracking, or behavioral profiling. We do not embed third-party advertising trackers.
You can clear cookies and local storage at any time through your browser settings. Clearing session cookies will sign you out of the Service.
The Service is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
If you are under 18, you are not permitted to use the Service. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information and close the associated account as promptly as possible.
If you believe a minor has created an account or provided us with personal information, please contact us immediately at support@legacybond.ai.
Depending on where you live, you may have specific rights regarding your personal data. We honor these rights regardless of your location to the extent practicable.
Rights available to all users:
To exercise any of these rights, email us at support@legacybond.ai with the subject line "Privacy Rights Request." We will respond within 30 days (or as required by applicable law).
You may request deletion of your account and all associated personal data at any time by emailing support@legacybond.ai with the subject line "Delete My Account."
What is deleted. Upon a confirmed deletion request, we will delete:
What may be retained. We may retain the following data after account deletion as required by law or legitimate business necessity:
Deletion requests are processed within 30 days. Once deletion is complete, your data cannot be recovered.
We implement commercially reasonable technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:
Your continued use of the Service after the effective date of any updated policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using the Service.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
We aim to respond to all privacy-related inquiries within 2 business days.