Privacy Policy
Last updated: March 3, 2026
1. Who We Are
Legionis is operated by Etsion Brands Ltd, a company registered in Israel. Payment processing for US customers is handled by Queskr Inc, a Delaware corporation. In this policy, "we", "us", and "Legionis" refer to Etsion Brands Ltd and its affiliates.
2. What We Collect
Account Information
When you create an account via Google, Microsoft, LinkedIn, or email/password, we receive your name, email address, and profile image from our authentication provider (Clerk).
Profile Enrichment
Upon signup, we use People Data Labs (PDL) to enrich your profile with publicly available professional information: job title, company, industry, seniority level, LinkedIn URL, and general location. This helps us tailor the agent experience to your professional context. You can view and delete this data at any time from your profile settings.
Conversations and Content
Messages you send to AI agents, context entries you create (decisions, bets, feedback, learnings), and any organizational memory you build are stored in our database. This is your data and you own it.
Connected Services
If you connect external services (Google Drive, OneDrive, Slack, Jira, Gmail, GitHub), we store encrypted OAuth tokens to maintain those connections. We access these services only when you explicitly invoke agents that use them. We do not continuously sync or monitor your connected accounts.
Your API Keys (BYOT Model)
Legionis uses a Bring Your Own Token (BYOT) model. You provide your own AI provider API keys (e.g., Anthropic, OpenAI). These keys are encrypted at rest and used only to process your agent requests. We never use your keys for any other purpose. AI requests go directly from our servers to your chosen provider using your key. We do not store the prompts or responses on the provider side.
MCP API Keys
If you generate platform API keys for integrations, these are stored as secure hashes. The original key value is shown once at creation and cannot be retrieved afterward.
Billing Information
Payment processing is handled entirely by Stripe. We store your Stripe customer ID, subscription status, and token usage for billing purposes. We do not store credit card numbers or bank details.
Usage Data
We track agent usage, token consumption, and cost metrics to manage your subscription and provide usage dashboards.
Analytics
We use PostHog for product analytics, collecting page views, feature usage, and session data. PostHog is self-hostable and privacy-focused. You can opt out of analytics tracking in your account settings.
Beta Feedback
Any feedback you submit through the platform is stored and associated with your account to help us improve the product.
3. How We Use Your Data
- Provide the service: Process your agent requests, maintain your organizational memory, manage your connected services.
- Improve the product: Analyze usage patterns (in aggregate) to improve agent quality and platform features.
- Billing: Track usage for subscription management and invoicing.
- Communication: Send service notifications, security alerts, and product updates. You can unsubscribe from non-essential emails.
- Security: Detect and prevent abuse, fraud, and unauthorized access.
We do not sell your data. We do not use your conversations or content to train AI models. Your organizational memory belongs to you.
4. Third-Party Services
We use the following third-party services to operate Legionis:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, profile image |
| Stripe | Payments | Billing info, subscription status |
| Neon | Database (PostgreSQL) | All application data (encrypted at rest) |
| Vercel | Hosting | Request logs, IP addresses |
| PostHog | Analytics | Page views, feature usage, session data |
| People Data Labs | Profile enrichment | Email (for lookup); returns public professional data |
| AI Providers | Agent processing (via your keys) | Conversation content (per provider's own policy) |
When you connect your own services (Google Drive, Slack, Jira, etc.), data flows between Legionis and those services under the respective provider's privacy policy. We act as an intermediary only at your direction.
5. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Conversations and content: Retained while your account is active. You can delete individual items at any time.
- Connected service tokens: Deleted immediately when you disconnect a service or delete your account.
- API keys: Encrypted keys are deleted with your account. Hashed MCP keys are purged on deletion.
- Analytics data: Retained for up to 12 months, then aggregated or deleted.
- Billing records: Retained as required by tax law (typically 7 years).
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data and receive a copy.
- Correct inaccurate data.
- Delete your data and account.
- Export your data in a portable format.
- Object to processing based on legitimate interests.
- Restrict processing in certain circumstances.
- Opt out of analytics tracking.
To exercise any of these rights, contact us at privacy@legionis.ai. We will respond within 30 days.
7. Data Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit (TLS) and at rest.
- API keys and OAuth tokens are encrypted using AES-256 before storage.
- MCP API keys are stored as irreversible hashes.
- Database access is restricted and audited.
- We use secure, httpOnly cookies and follow OWASP security guidelines.
8. International Data Transfers
Legionis is operated from Israel, which has an adequacy finding from the European Commission for data protection. Our hosting infrastructure (Vercel, Neon) may process data in the United States and other regions. We ensure appropriate safeguards are in place for any international data transfers.
9. Children
Legionis is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of Legionis after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions or requests:
- Email: privacy@legionis.ai
- Etsion Brands Ltd, Israel