LegitApp
Sản phẩmNhững gì chúng tôi kiểm địnhBảng giá
Thêm
Dành cho doanh nghiệpMở Web App
LegitApp
LegitApp
Sản phẩmNhững gì chúng tôi kiểm địnhTìm kiếm chứng chỉBảng giáKhách hàng & Đối tácVề chúng tôiKính hiển viCâu hỏi thường gặp (FAQ)BlogLiên hệ
Dành cho doanh nghiệp
Mở Web App
App StoreGoogle Play

PRIVACY POLICY

Data Controller: Legit App Limited (together with its parent companies, subsidiaries, and affiliates, including Legit App Inc., collectively referred to as "LegitApp", "we", "us", or "our")

Effective Date: May 27, 2026

Last Updated: May 27, 2026

 

1. INTRODUCTION & SCOPE

Legit App Limited, a company incorporated under the laws of the Hong Kong Special Administrative Region ("Hong Kong"), is committed to protecting your privacy while providing world-class, expert-led, and AI-assisted physical item authentication services.

This Privacy Policy ("Policy") explains how we collect, use, store, share, and protect your personal data when you access or use our website (legitapp.com), our iOS and Android mobile applications, our web application, our APIs, or any of our associated services (collectively, the "Platform" or the "Service").

By registering an account, purchasing Tokens, submitting items for authentication, initiating a dispute under our Financial Guarantee Program, or otherwise using the Platform, you acknowledge that you have read and understood this Policy and consent to the data practices described herein. If you do not agree with this Policy, you must immediately cease all use of the Platform.

 

2. INFORMATION WE COLLECT

To provide accurate, rapid digital authentication, administer our Financial Guarantee Program, prevent platform abuse, and continuously improve our proprietary artificial intelligence (AI) models, we collect several categories of information.

2.1 Information You Provide Directly to Us

  • Account Registration Data: Name, email address, phone number, username, and encrypted password.
  • Authentication Data (Crucial): High-resolution photographs, videos, descriptions, metadata (including EXIF data such as camera model, timestamps, and location tags), purchase receipts, and external certificates of authenticity that you upload to the Platform.
  • Financial Guarantee & Dispute Data: If you file a claim or initiate a physical dispute under our Financial Guarantee Program, we collect:
    • Your physical shipping and billing address;
    • Government-issued identification (where strictly necessary to verify the identity of the certificate holder and prevent bait-and-switch fraud);
    • Proof of purchase, transaction history, and bank wire transfer details (to process compensation payouts); and
    • Records of physical inspection, including tracking numbers and shipping documentation.
  • Communications: Records of your support tickets, emails sent to our support or privacy teams, dispute correspondence, and feedback.

2.2 Automated Data Collection

When you interact with our Platform, we automatically collect technical data to ensure security, prevent fraud, and optimize performance:

  • Device and Connection Data: IP address, device hardware model (e.g., iPhone 15 Pro), operating system version, unique device identifiers (such as UDID, IDFA, or Android Ad ID), browser type, and mobile network information. We utilize these identifiers strictly to detect and prevent fraud, such as duplicate accounts, chargeback abuse, and automated scraping.
  • Usage and Behavioral Data: Log files, clickstream data, time spent on specific pages, app crash logs, and navigation paths within the Platform.
  • Location Data: General geographic location (e.g., country or city level) derived from your IP address, or precise GPS location data if you explicitly grant permission through your device settings.

2.3 Incidental and Biometric Data Disclaimer

LegitApp provides digital-only authentication of physical luxury goods, sneakers, and collectibles. We do not actively collect or process biometric data (such as facial geometry scans). However, because you upload photos and videos of physical items, these media files may inadvertently capture:

  • Your face, hands, or body reflections in reflective surfaces (such as watch faces, polished leather, or metal hardware);
  • Background environments, including your home, retail stores, or personal belongings; or
  • Voices in uploaded video files.

By uploading media to our Platform, you explicitly acknowledge and consent to our processing of this incidental data. You are strictly instructed to crop, blur, or otherwise redact any personally identifiable information (PII), human faces, or sensitive personal data from your media submissions prior to uploading them.

 

3. HOW WE USE YOUR INFORMATION (THE "AI TRAINING & PROTECTION" CLAUSE)

Our business model relies on a hybrid mechanism of expert human analysis and advanced computer vision/machine learning models. We use your data for the following essential business purposes:

  • Providing the Authentication Service: To process your orders, route media to our human authenticators, generate Verdicts (Authentic, Replica, or Inconclusive), and issue digital certificates.
  • Training and Optimizing Artificial Intelligence (Protective Business Asset): We use your submitted photographs, videos, metadata, and craftsmanship descriptions to train, validate, test, fine-tune, and operate our proprietary AI models, machine learning algorithms, and computer vision systems. This processing is an essential core of our service, allowing our systems to become increasingly accurate at detecting counterfeit goods.
  • Fraud Prevention and Platform Integrity: To enforce our single-account policy, detect and block malicious testing (probing our standards with known replicas), prevent "certificate shopping" (repeatedly submitting the same replica item hoping for a different result), and mitigate payment/chargeback fraud.
  • Administering the Financial Guarantee Program: To verify the identity of dispute claimants, validate item consistency (anti-tampering checks), manage logistics, and execute wire transfer payouts.
  • Customer Support & Communications: To respond to inquiries, resolve disputes, send transactional notifications (such as Token balance updates), and deliver system alerts.
  • Marketing and Education: To send you product updates, promotional offers, and educational content (such as "Real vs. Fake" guides), subject to your right to opt out at any time.

 

4. DATA OWNERSHIP, LICENSING & ANONYMIZATION

4.1 Intellectual Property and License Grant

While you retain ownership of the original copyrights in the photos and videos you take, by uploading any User Content to our Platform, you grant Legit App Limited a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, sublicensable, and transferable license to host, store, copy, modify, create derivative works from, distribute, and display these images and videos for the purposes of:

  • Generating and displaying your authentication results;
  • Conducting internal research and training our AI models; and
  • Creating educational or marketing materials (such as side-by-side comparison guides), provided that all direct personal identifiers are completely removed.

4.2 Anonymization and De-Identification Commitment

Prior to utilizing any submitted item media (photos, videos, metadata) for machine learning, database indexing, or educational publications, LegitApp applies industry-standard de-identification and anonymization techniques. We strip all direct personal identifiers (such as names, emails, and account IDs) and erase metadata that could link the item to a specific natural person.

Once data is fully anonymized, it ceases to be classified as "personal data" under applicable data protection laws (including GDPR, CCPA, and PDPO). LegitApp retains sole, exclusive, and unrestricted ownership of all anonymized data, synthetic datasets, trained AI model weights, and derivative works.

 

5. SHARING YOUR INFORMATION

We do not sell, rent, or trade your personal data to third parties for commercial or marketing purposes. We share your information only under the following strictly controlled circumstances:

  • Authorized Service Providers: We share data with trusted third-party vendors who perform services on our behalf, including:
    • Payment gateways and processors (e.g., Stripe, Wise) to facilitate secure Token purchases and wire payouts;
    • Cloud infrastructure and hosting providers (e.g., Amazon Web Services, Google Cloud Platform);
    • Customer support, ticketing, and communication tools.
    These providers are contractually bound to protect your data and are prohibited from using it for any other purpose.
  • Legal Compliance and Law Enforcement: We may disclose your information if required to do so by law, subpoena, court order, or regulatory authority, or if we reasonably believe that disclosure is necessary to:
    • Comply with local and international laws (including anti-money laundering and anti-counterfeiting regulations);
    • Report suspected criminal activity (such as the commercial trafficking of counterfeit goods) to law enforcement or brand owners; or
    • Protect the rights, property, safety, and security of LegitApp, our users, or the public.
  • Corporate Transactions: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of company assets, user data (including authentication histories and anonymized media databases) may be transferred to the acquiring entity as a business asset.

 

6. DATA RETENTION & DELETION

6.1 General Personal Data Retention

We retain your personal data (such as your name, email address, billing details, and active account records) only for as long as your account remains active, or as necessary to fulfill the purposes outlined in this Policy, comply with our legal obligations, resolve payment disputes, and enforce our agreements.

6.2 Indefinite Retention of Authentication Media (Protective Clause)

To protect the integrity of our ecosystem, prevent fraud, and maintain the validity of our digital certificates, we retain submitted item photos, videos, descriptions, and authentication results indefinitely, even if you close or request the deletion of your account.

This indefinite retention is critical to:

  • Maintain Certificate Integrity: Allow future buyers of an authenticated item to verify the validity of our issued digital certificate;
  • Prevent Certificate Shopping and Fraud: Ensure that bad actors cannot delete their accounts to erase records of failed authentications and subsequently re-submit the same counterfeit items; and
  • Preserve AI Training Pipelines: Prevent disruption to our machine learning models that have been trained on historical datasets.

Upon receiving a valid account deletion request, we will permanently delete or anonymize your personal identity indicators (name, email, billing info, and IP addresses), rendering your historical authentication submissions completely anonymous technical data.

 

7. INTERNATIONAL DATA TRANSFERS

LegitApp is headquartered in Hong Kong and utilizes cloud infrastructure located globally, including in the United States and the European Union. If you are accessing our Services from the EU, UK, Switzerland, or other regions with strict data protection laws, please note that your personal data will be transferred to, stored, and processed in jurisdictions (including Hong Kong and the U.S.) where data protection laws may differ from those in your home country.

To ensure your data is adequately protected, we implement appropriate legal safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and UK government for transfers to third countries; and
  • Strict organizational and technical security measures to prevent unauthorized access during transit and storage.

 

8. YOUR JURISDICTIONAL RIGHTS (GDPR / CCPA / PDPO)

Depending on your country or state of residence (such as the EU, UK, California, or Hong Kong), you may have specific statutory rights regarding your personal data:

  • Right of Access: The right to request a copy of the personal data we hold about you.
  • Right to Correction/Rectification: The right to request that we update or correct inaccurate or incomplete personal data.
  • Right to Deletion/Erasure ("Right to be Forgotten"): The right to request that we delete your personal data, subject to our legitimate business overrides and legal retention obligations (such as the anonymization of authentication media outlined in Section 6.2).
  • Right to Opt-Out of Marketing: The right to unsubscribe from our promotional emails at any time by clicking the "Unsubscribe" link or updating your in-app settings.
  • Right to Data Portability: The right to request that we transfer your personal data to another service provider in a structured, commonly used format.

To exercise any of these rights, please contact our Data Protection Officer at privacy@legitapp.com. We will verify your identity (which may require matching your account credentials or providing proof of ownership) and respond within the statutory timeframes required by your jurisdiction.

 

9. SECURITY MEASURES

We implement robust, industry-standard physical, technical, and administrative security measures to safeguard your personal data against unauthorized access, loss, alteration, disclosure, or destruction. These measures include:

  • End-to-end encryption (SSL/TLS) for all data in transit;
  • AES-256 encryption for sensitive data at rest;
  • Restricted access controls limiting data access solely to authorized employees, authenticators, and contractors who require it to perform their duties; and
  • Regular security audits and vulnerability assessments of our cloud infrastructure.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. You are solely responsible for maintaining the confidentiality of your account credentials and password.

 

10. CHILDREN’S PRIVACY

Our Platform is strictly intended for individuals who are at least 18 years of age (or the legal age of majority in their jurisdiction). We do not knowingly collect, solicit, or maintain personal data from children under the age of 13 (or 16 in the European Economic Area). If we discover that a child has created an account or provided us with personal data, we will immediately terminate the account and permanently delete the associated data from our systems.

 

11. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify, update, or revise this Privacy Policy at any time to reflect changes in our AI technologies, legal requirements, or operational practices.

If we make material changes to this Policy, we will notify you by:

  • Posting the updated Policy on our website and updating the "Last Updated" date;
  • Sending an email notification to the address registered to your account; or
  • Displaying a prominent in-app notification when you log in.

Your continued use of the Platform after the effective date of any modification constitutes your acceptance of the revised Privacy Policy.

 

12. CONTACT US

If you have any questions, concerns, or complaints regarding this Privacy Policy, our data handling practices, or our compliance with data protection laws, please contact us at:


Legit App Limited
Attn: Data Protection & Privacy Team
Address: 1503, 383 King’s Road, North Point, Hong Kong
Email: privacy@legitapp.com