Legacy Inspired Films — Privacy Policy

Effective Date: 6 June 2025 (Last Updated: 29 July 2025)

Legacy Inspired Films, Inc. ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, services, and loyalty rewards integrations with platforms including Meta (Facebook, Instagram, Threads), Google, Spotify, Telegram, TikTok, Discord, and others.

This policy complies with the California Consumer Privacy Act (CCPA/CPRA), General Data Protection Regulation (GDPR), Children’s Online Privacy Protection Act (COPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), and similar global laws.

1. Information We Collect

We may collect the following categories of personal data when you engage with our platform:

  • OAuth Login Data: Profile name, public email, unique platform ID from Facebook, Google, Spotify, Telegram, Discord, TikTok

  • Engagement Data: Music activity (e.g., recent plays), Telegram participation, Discord interactions, Instagram follows/likes

  • Device & Metadata: IP address, browser type, language preference, country-level geolocation

  • Contact Information: Only if voluntarily submitted (e.g., support inquiries)

We do not collect sensitive personal data such as biometric data, health records, political views, or precise geolocation.

1.5 Facebook Pages – Public Data We Collect

To power campaign eligibility and community discovery in LIF Loyalty, we may collect public information from Facebook Pages, including Pages we do not manage. This includes:

  • Public Page metadata: Page ID, name, username, category, link, and public follower count (fan_count).

  • Public Page posts (limited fields): post ID, permalink URL, and created_time for recent public posts.

We do not collect private Page data, messages, or user comments/likes via this feature. We also do not store the full text of posts—only the minimal identifiers listed above needed to verify campaign eligibility.

How we use this data.
We use public Page metadata to confirm the correct Page for a campaign and public post identifiers to verify that a campaign relates to legitimate public content. This supports awarding loyalty points for member interactions with eligible public content.

Legal basis (where applicable).

  • Legitimate interests (GDPR Art. 6(1)(f)) in operating a fan-engagement and rewards platform that references public Page information, balanced against user expectations for publicly available content.

  • Consent where required by local law for optional features.

Retention.
We retain public Page metadata and the limited public post identifiers for 30–90 days (or until a campaign ends, whichever occurs first), after which we delete them as part of routine cleanup.

Sharing.
We do not sell this data. We may share aggregate, non-identifying campaign metrics with partners (e.g., “number of eligible public posts checked”), but not post text or personal user data.

Your rights (CCPA/CPRA & GDPR).
California and other applicable privacy laws may grant you rights to know, access, correct, delete, or limit use of certain data. Because the information at issue is public Page data and we store only minimal identifiers (Page ID, post ID, permalink, created_time), requests typically result in deletion of those stored identifiers from our systems. See How to Contact Us below to exercise rights.

Data deletion.
Instructions to request deletion are available at https://www.legacyinspiredfilms.com/delete-data. If you request deletion, we will remove the stored identifiers associated with your request. (Note: We cannot remove or alter content that is publicly available on Facebook; requests for that content must be made to Facebook directly.)

2. How We Use Your Data

We use your data solely to support:

  • Authentication and access to the LIF Loyalty Rewards platform

  • Reward calculation based on social/music engagement

  • Displaying leaderboard and fan activity rankings

  • Detecting fraud or abuse

  • Communicating updates (if opted in)

We do not sell your data or share it with advertisers.

3. Third-Party Platform Disclosures

We interact with these platforms only to support login, tracking, or engagement analytics:

  • Meta (Facebook, Instagram, Threads): OAuth login ID, public profile.
    🔗 We follow Meta’s Data Deletion Policy.

  • Google (OAuth Login): Profile name and email.
    🔐 Used for sign-in only; no data is stored after session ends.

  • Spotify: Public playlists, account ID, and recent listening activity.
    🕓 Data used briefly to track campaigns and purged within 24 hours.

  • Telegram: Username, user ID, group engagement (e.g., message count).
    📭 We do not store private messages.

  • Discord: Discord ID, server engagement, message counts.
    🔒 We never access DMs or private channel content.

  • TikTok: Integration in development; no data currently collected.
    📝 This policy will be updated upon launch.

  • X (Twitter): Social sharing buttons may be present.
    ⚠️ We collect no Twitter user data.

4. Legal Basis for Processing

As required under GDPR (Art. 6), CPRA, and PIPEDA:

PurposeLegal BasisOAuth loginConsent (GDPR Art. 6(1)(a))Engagement-based rewardsLegitimate interest (GDPR Art. 6(1)(f))Communications (if opted in)ConsentSecurity/fraud monitoringLegitimate interest / Legal obligationData subject rights handlingLegal obligation (GDPR Art. 6(1)(c))

You may withdraw consent at any time by contacting us or disconnecting the linked platform.

5. Data Storage & Retention

We retain personal data only as long as necessary, as follows:

  • OAuth session data: Deleted immediately after logout

  • Engagement metadata: Stored up to 180 days

  • Campaign analytics logs: Stored up to 1 year

  • Inactive accounts: Purged after 12 months of inactivity

Data is encrypted at rest and in transit using industry best practices. Our servers are hosted on Google Cloud Platform (GCP) in the United States.

6. International Data Transfers

If you are accessing our services from outside the United States, your information may be transferred to and processed in the U.S. or other jurisdictions. We rely on Standard Contractual Clauses (SCCs) and similar safeguards where required.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • 🔍 Right to access and review your personal data

  • ✏️ Right to correct or update inaccurate information

  • ❌ Right to request deletion ("Right to be Forgotten")

  • 📄 Right to data portability

  • 🚫 Right to restrict or object to processing

  • 🔄 Right to withdraw consent at any time

  • 🧑‍⚖️ Right to file a complaint with a data protection authority

To exercise these rights, contact us at: privacy@legacyinspiredfilms.com

8. Children’s Privacy (COPPA)

Our services are not directed to children under the age of 13. We do not knowingly collect data from minors. If we discover that a child under 13 has registered, we will delete the data and notify the parent/guardian immediately.

9. Changes to This Policy

We may update this Privacy Policy as laws or services change. Updates will be reflected by the "Effective Date" and posted publicly.

10. Contact Us

Legacy Inspired Films, Inc.
908 Division Street
Nashville, TN 37203
📧 Email: privacy@legacyinspiredfilms.com / info@legacyinspiredfilms.com

Updated: 19 October 2025