Legal

Privacy Policy

Last updated: 2026-07-09

Who we are

LegendMe (“we”, “us”) operates the website legendme.app and provides a personalized AI character card service. This page is maintained by LegendMe to explain what we collect and how we use it.

Data we collect

  • Account data — email address and authentication tokens, required to sign in and store your legends.
  • Uploaded photos — the selfies you upload to generate a legend. They are stored securely and are only used to render your character.
  • Generated portraits & profile answers — kept in your private library so you can revisit and download them.
  • Payment data — processed by Stripe. We never receive or store your full card number.
  • Analytics — anonymous usage stats (Google Analytics), loaded only after you accept analytics cookies.

How we use your data

To operate the service (generate, store and deliver your legends), to keep the service secure, to process payments, and — with your consent — to understand aggregate usage patterns so we can improve LegendMe.

Legal basis (GDPR)

We rely on performance of a contract for core service data, legitimate interest for essential security and fraud prevention, and your explicit consent for analytics and any future marketing cookies. You can withdraw consent at any time from the .

Sharing & processors

We use a small number of processors to run LegendMe: Supabase (database, auth, storage), Stripe (payments), Google (Analytics — only with consent), and our AI generation providers. Each is bound by their own DPA and privacy terms.

Retention

Your generated legends and uploads remain in your library until you delete them or close your account. Analytics events are retained per Google Analytics' standard retention window (up to 14 months).

Your rights

Under GDPR you may request access, correction, deletion, restriction, portability, or object to processing. Email privacy@legendme.app and we will respond within 30 days.

Contact

Questions or complaints: privacy@legendme.app. You may also lodge a complaint with your national data-protection authority.