Legba Privacy Policy

Effective Date: October 8, 2025

Who We Are

Legba, Inc. ("Legba," "we," "our," or "us") is a Delaware corporation headquartered in Phoenix, Arizona. We build tools that protect your privacy online. Our products, including the Legba browser isolation plugin, secure how you access the web by removing your local attack surface.

This Privacy Policy explains how we handle personal information when you visit https://www.legba.app, create an account, or use our products and services (together, the "Services").

If you have any questions, contact us at privacy@legba.app.

Our Privacy Commitment

Legba exists to make privacy practical. We collect only what is necessary to deliver and secure the Services. We do not:

  • Record or store the contents of web pages you visit.
  • Log your browsing history, keystrokes, or credentials.
  • Sell or share your personal information for advertising.
  • Use cookies, trackers, or analytics scripts.

Your data belongs to you.

Information We Collect

We collect limited information that allows us to provide, maintain, and protect the Services.

1. Account Information

When you create an account, we collect your name, email address, password or SSO credentials, and subscription details.

2. Payment Information

Payments are processed securely by Kicbac, Inc., our payment processor. Legba does not store credit card numbers or sensitive payment data. We receive only confirmation details necessary to activate your subscription and maintain billing records.

3. Diagnostic and Security Logs

To operate and secure the service, we may record non-content technical data such as:

  • IP address and general location (country level)
  • Device and browser type
  • Plugin version and crash or performance diagnostics
  • Timestamped security events (for example, failed logins)

These logs never include your browsing content or session data. Session containers automatically destroy themselves after use.

4. Communication and Support

If you contact us for help, we collect your email and any information you provide so we can respond.

How We Use Information

We use personal information to:

  • Provide and maintain the Services
  • Authenticate users and prevent abuse
  • Diagnose and resolve technical issues
  • Process payments and manage subscriptions
  • Communicate with you about updates or support
  • Comply with legal obligations

We do not profile users, conduct behavioral tracking, or run targeted advertising.

How We Share Information

We share information only in limited circumstances:

  • Service Providers: With trusted partners who help us operate the Services (such as cloud infrastructure and payment processing).
  • Legal Requirements: If required by law or to protect rights, safety, or security.
  • Corporate Transactions: If Legba undergoes a merger, acquisition, or reorganization.

All service providers are bound by confidentiality and security obligations. We never sell your personal information.

Data Retention

  • Account records are retained while your account is active and for a reasonable period after termination for billing and legal purposes.
  • Diagnostic and security logs are retained for limited periods and then deleted or anonymized.
  • Session data within isolated containers is destroyed at the end of each browsing session.

Security

We apply strong security controls, including:

  • Containerized browser isolation
  • Encryption in transit and at rest
  • Role-based access control
  • Continuous monitoring for intrusion attempts

No method of transmission or storage is perfectly secure, but we design Legba to minimize risk and exposure.

Your Rights and Choices

Depending on your location, you may have the right to:

  • Access or request a copy of your personal information
  • Correct or delete your data
  • Withdraw consent or object to certain processing
  • Request information about data sharing

To exercise these rights, contact privacy@legba.app. We will respond as required by applicable law.

International Users

Legba is based in the United States. If you access our Services from outside the U.S., you understand that your information may be transferred, stored, and processed in the United States and other jurisdictions. Where required, we use appropriate safeguards such as Standard Contractual Clauses for international transfers.

Children's Privacy

Legba's Services are not directed to children under 16. We do not knowingly collect information from minors. If you believe a child has provided us with personal information, contact us for deletion.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version at legba.app/privacy-policy and update the Effective Date. If material changes are made, we will provide additional notice by email or within the app.

Contact Us

For any questions or privacy-related requests, contact:

Legba Privacy Officer

Email: privacy@legba.app

Legba, Inc.

Delaware, United States

Headquartered in Phoenix, Arizona

In short: Legba isolates your browsing to keep you safe. We do not track, sell, or mine your data. Our business is protection, not surveillance.