Privacy Policy — The Legacy Email

Last Updated: October 05, 2025

1. Introduction

The Legacy Email ("we", "us", or "our") provides a service that allows users to compose, schedule, and deliver emails to recipients at future dates. Protecting your privacy and personal data is important to us. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and your rights in relation to your data. By using our Service, you accept the practices described in this policy.

2. Who We Are & Contact

The Legacy Email is operated by The Legacy, a business registered in India under Udyam Aadhaar. For privacy-related questions or to exercise your rights, please contact us at: support@thelegacy.email.

3. Scope & Applicability

This Policy applies to all users of our Service worldwide. We comply with Indian law (Digital Personal Data Protection Act, 2023), and where applicable, the EU General Data Protection Regulation (GDPR), UK Data Protection Act, and U.S. state privacy laws such as the CCPA/CPRA.

4. Information We Collect

• Your email address: used for sending payment receipts, confirmations, and support communications.
• Sender name: the name you provide to appear as the sender when your scheduled email is delivered to recipients (e.g., “John via TheLegacy.email”). This is stored and used solely for identification and display during delivery.
• Recipient email address(es): required to deliver scheduled messages to the intended recipients.
• Message content: includes the subject, body, and any attachments you upload when scheduling a message.
• Scheduling information: such as delivery dates, recurrence patterns, and internal order references.
• AI Assistant prompts: if you use the AI feature, we process your prompts and generated drafts to provide responses.
• Automated content review data: certain message details (such as recipients, subject line, and limited text excerpts) may be processed by automated systems to detect spam, abuse, or harmful content. This is used only for risk detection and service protection — never for marketing.
• Payment information: handled securely by trusted third-party payment processors. We do not store full payment card numbers. We only receive transaction status, payment confirmation, and basic order metadata. Payments may be processed in multiple supported currencies.
• Technical and usage data: such as IP address, browser type, device details, error logs, and timestamps, used for diagnostics, analytics, and abuse prevention.
• Security verification identifiers: temporary tokens and security checks used to validate legitimate usage and protect the Service from automated or fraudulent access. These identifiers are used solely for security and abuse prevention, not for tracking or marketing.
• Rate-limiting and fraud-prevention data: stored briefly to prevent excessive usage, detect suspicious activity, and maintain fair access to the Service.

5. Sensitive Data

Please do not include highly sensitive information (such as financial account details, government IDs, or health records) in your scheduled messages. If you include such data, you do so knowingly and consent to its processing solely for message delivery.

6. How We Use Your Information

• To schedule, store, and deliver your messages on chosen dates.
• To display your chosen sender name in delivered emails (e.g., “John via TheLegacy.email”) as part of normal message delivery.
• To process payments and issue receipts.
• To troubleshoot or debug issues (we may access message content when needed for technical reasons).
• To detect and prevent fraud, abuse, or security incidents.
• To comply with legal obligations.
• To generate anonymized statistics and marketing materials that highlight usage patterns (e.g., “One customer scheduled a message 10 years into the future”), without disclosing personal data, email addresses, or message content.

6.1 Security and Abuse Prevention Measures

To protect our Service from spam, fraud, and unauthorized use, we employ multiple automated verification and abuse-prevention systems. These systems help ensure that only genuine users can access the Service and that automated or malicious activity is blocked.

Data collected through these systems (such as IP addresses, device identifiers, or security challenge responses) is processed solely for security and abuse prevention. This data is not linked to your message content or used for advertising or analytics.

All such identifiers are stored securely and used exclusively for verification, abuse detection, and fraud monitoring. None of this information is sold, shared for marketing, or used to build user profiles.

6.2 Automated Content Review (AI Risk Scoring)

To reduce abuse and protect recipients, we may run an automated risk review on scheduled messages using third-party AI services. The review evaluates limited details such as recipients, subject line, and message tone to identify potential spam, scams, or harmful content.

We only send the minimal data necessary for classification, and the AI provider processes that data under its own privacy terms. We do not store third-party model outputs longer than necessary for security purposes (see Data Retention).

Messages that appear malicious or abusive may be blocked without prior notice. In limited cases, a manual review may be performed to ensure fair use and service integrity.

By using the Service, you consent to this limited automated processing for abuse detection. If you do not consent, contact support@thelegacy.email before scheduling. Declining automated review may limit your ability to use the Service.

7. Legal Bases for Processing (EU/UK)

• Performance of a contract: to deliver the Service you requested.
• Consent: where you opt-in (e.g., using the AI Assistant).
• Legitimate interests: for fraud prevention, security, and improving our Service.

Automated processing: Automated risk scoring is used to detect abuse. Decisions that materially affect users (e.g., refusing to schedule a message) will include human review on request. Where European data protection law requires it, you have the right to object to and request review of automated decisions; contact support@thelegacy.email.

8. Access to Message Content

9. Sharing Your Information

• Service providers: including payment processors, email delivery partners, hosting/storage providers, AI providers, and analytics platforms.
• Legal requirements: if compelled by law or valid legal process.
• Business transfers: in connection with mergers, acquisitions, or asset sales, with appropriate safeguards.
• Marketing: only anonymized and aggregated usage examples may be shared publicly. We will never disclose personal data, message content, or recipient details without your consent.
• AI risk review providers: we may share scheduled message data (recipients, subject, body or excerpts) with third-party AI providers solely to perform automated abuse and risk checks. These providers process data under their own policies; links to their privacy/tos will be provided where applicable.

10. Cross-Border Transfers

Your data may be processed in India or other countries where our providers operate. We use contractual safeguards and security controls to protect personal data in international transfers.

11. Data Retention

• Message content & recipient details: retained until the scheduled delivery is completed. After successful delivery, we keep message data for up to 90 days for troubleshooting, delivery verification, and abuse review, after which it is securely deleted from active systems.
• Order and payment details: retained for at least 5 years (or longer if required by applicable tax and accounting laws). This includes sender name, transaction amount, payment confirmation, and related order identifiers.
• System and security logs: may be stored for up to 12 months for fraud detection, abuse monitoring, and service reliability.

We periodically clean up, anonymize, or archive data that is no longer needed for operational, security, or legal purposes.

12. Your Rights

You may have rights to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion of your data (before delivery processing begins).
• Request portability (a machine-readable copy).
• Withdraw consent where applicable.

To exercise rights, email support@thelegacy.email. We may need to verify your identity.

13. California Residents (CCPA/CPRA)

California residents may request disclosures about personal data collected, request deletion, and opt-out of sale (we do not sell data). Contact us at support@thelegacy.email.

14. Cookies & Analytics

We may use cookies and similar technologies to enhance performance, ensure security, and analyze usage of the Service. You can manage or disable cookies through your browser settings; however, doing so may affect functionality.

Our Service may include automated systems designed to detect spam, abuse, or automated access. These systems may use temporary cookies or device checks to verify genuine human activity and protect against fraudulent or malicious behavior. Any data collected through such security measures is used solely for protection and service reliability, not for advertising or analytics.

For more information about how third-party security and analytics providers handle data, please refer to their respective privacy policies.

15. Security

We use industry-standard security measures, including HTTPS encryption, authentication checks, automated verification systems, and abuse prevention mechanisms to protect our Service from unauthorized access, misuse, and fraud. While these measures significantly enhance security, no online service can be completely secure, and we cannot guarantee absolute protection.

All message content is stored on encrypted infrastructure with strict access controls. Only authorized personnel with a documented business need may access message data to troubleshoot issues, detect vulnerabilities, investigate abuse, or comply with legal obligations.

16. Data Breach Notification

If a breach occurs, we will notify affected users and authorities as required by law, and take steps to mitigate risks.

17. Children’s Privacy

Our Service is not intended for children under 13, and we do not knowingly collect their data.

18. Third-Party Links

Our Service may link to third-party sites. This Privacy Policy does not apply to those sites. Please review their policies.

19. AI Processing

If you use the AI Assistant, your prompts may be processed by third-party AI providers to generate drafts. By using this feature, you consent to that processing.

20. Business Transfers

If we undergo a merger, acquisition, or sale, your data may be transferred, subject to protections and notice as required.

21. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on this page. Continued use of the Service after updates means you accept the revised policy.

22. Contact Us

Email us at support@thelegacy.email for questions or to exercise your rights.

This Privacy Policy is part of our Terms and Conditions. Please also review our Terms and Conditions.