Legacy Core™

How We Protect Your Data

As a cybersecurity credentialing authority, we hold ourselves to the same standard we ask of the businesses we credential. Here is how we protect your information.

Encryption Everywhere

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Your business information is protected from the moment it enters our systems.

Enterprise-Grade Infrastructure

Our registry runs on SOC 2 Type II compliant infrastructure providers with automatic DDoS protection, immutable deployments, and isolated environments.

Multi-Factor Authentication

MFA is required on every administrative system. There are no shared credentials and no exceptions. Access follows the principle of least privilege.

Automated Threat Monitoring

24 categories of security events are logged and monitored automatically. Anomalies trigger immediate alerts. Weekly security reviews are standard.

Live Registry Verification

Verification happens in the registry, not on the badge. Every Trust Badge resolves to a live record in the Public Business Trust Registry. Scanning the QR code or entering the credential ID checks status against our system of record in real time. A badge that is not in the registry does not verify. Credential status — active, renewal due, revoked — is always current, never cached on the badge itself.

Zero Card Data Stored

All payments are processed by Stripe (PCI DSS Level 1). Legacy Core never stores, processes, or transmits credit card or bank account information.

Breach Notification Commitment

In the unlikely event of a data incident, affected parties are notified within 72 hours in accordance with California law. Transparency is non-negotiable.

CCPA Compliant

We honor your California privacy rights: right to know, right to delete, and right to opt out. We do not sell your personal information. Ever.

Infrastructure Partners

Infrastructure partners with SOC 2 / PCI DSS compliance: Supabase, Vercel, Stripe, GitHub, Google Cloud.

Our Commitment

We practice what we credential. Legacy Core carries its own cybersecurity and E&O insurance, maintains a documented incident response plan, and conducts quarterly security reviews across all systems. Our full Privacy Policy and Terms of Service are available below.

Questions about our security practices? privacy@legacycore.com

Privacy Policyprivacy@legacycore.comTerms of ServiceRefund PolicyHow We Protect Your Data
How We Protect Your Data | Legacy Core™ | Legacy Core