Legit · Policies
Privacy Policy
Last updated: 12 July 2026
This Privacy Policy explains how [Legal entity name] ("Legit", "we", "us") collects, uses, shares, and protects your personal data when you use the Legit app, website, and services (the "Platform"). It should be read with our Terms of Service and Community Guidelines. We handle personal data in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023 (the "DPDP Act").
Legit is for adults (18+). We do not knowingly collect personal data from anyone under 18. If we learn that we have, we will delete it.
1. Data we collect
You give us
- Phone number, used to sign in with a one-time password (WhatsApp preferred, SMS fallback).
- Identity details from LinkedIn, when you verify: your LinkedIn member ID, name, primary email, profile picture URL, and which LinkedIn verification badges you hold. We use LinkedIn read-only, at the moment of verification.
- Profile details — your display name and a generated avatar (we do not host uploaded profile photos in the current version).
- Listings and seeks — descriptions, photos, prices, condition, ownership proofs, and related details you submit.
- Messages you send to other members through in-app chat.
- Reports and support requests you send us.
We collect automatically
- Device location, sent with your session, to check whether you are inside an active service area. You can control location permission in your device settings.
- Usage and device data — app interactions and analytics events, and technical/diagnostic information (including IP address and error reports) used to keep the Platform working and safe.
2. Why we use your data
- To sign you in and verify you — phone OTP and LinkedIn identity verification, which is the basis of trust on Legit.
- To run the marketplace — publish your listings and seeks, power semantic search, and enable in-app chat between members.
- To gate access — confirm you're in a supported service area using your location.
- To keep the community safe — AI checks on photos and proofs, fraud and spam detection, handling reports, and enforcing our Community Guidelines.
- To improve the Platform and provide support — analytics, diagnostics, and responding to your requests.
- To comply with law and respond to lawful requests.
We process your data based on your consent and on the other legal bases permitted under the DPDP Act, including where processing is necessary to provide a service you have requested.
3. What we do not do
- We do not sell your personal data.
- We do not share your phone number with other members — all communication stays inside Legit.
- We do not store your LinkedIn access token. It is discarded immediately after the one-time verification check.
- We do not post on your behalf on LinkedIn or read your LinkedIn messages.
4. Who we share data with
We share limited data only where needed to run the Platform:
- Other members — your verified public profile (name once a chat opens, Verified status, member-since, city) and your listings/seeks. In "Looking For", seekers are shown anonymously (generated avatar, Verified status, member-since, city) until a chat opens.
- Service providers who process data on our behalf under contract — for example, our in-app chat provider (Stream Chat), analytics (Mixpanel), error monitoring (Sentry), OTP delivery (WhatsApp/SMS providers), identity verification (LinkedIn), and cloud hosting. They may only use the data to provide services to us.
- Authorities and others where required by law, to respond to lawful requests, to enforce our terms, or to protect the rights, safety, and security of members, the public, or Legit — including reporting unlawful content.
5. How long we keep it
We keep your personal data for as long as your account is active and as needed to provide the Platform, and thereafter only as long as necessary for legitimate purposes such as safety, fraud prevention, dispute resolution, and legal compliance. When data is no longer needed, we delete or anonymise it.
6. Your rights
Subject to applicable law, you have the right to:
- access and obtain a summary of the personal data we hold about you;
- request correction, completion, or updating of your data;
- request erasure of your data;
- withdraw consent (this may limit your ability to use verified features);
- nominate another individual to exercise your rights in the event of death or incapacity; and
- raise a grievance with us.
To exercise any of these rights, contact our Grievance Officer below. We may need to verify your identity before acting on a request.
7. Security
We use reasonable technical and organisational measures to protect your data. Only the user identifier — never your phone number — is used to identify you in analytics and error tools. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and the authorities of a reportable personal data breach as required by law.
8. Analytics and cookies
We use analytics (Mixpanel) and diagnostics (Sentry) to understand and improve the Platform. On the web, these and similar technologies may set cookies or identifiers. We do not use your phone number as an analytics identifier, and we do not send OTP codes, raw messages, or similar sensitive fields to analytics.
9. Changes to this policy
We may update this Privacy Policy from time to time. We'll update the "Last updated" date and, for material changes, provide reasonable notice.
10. Grievance Officer and contact
For any question, request, or complaint about your personal data, contact our Grievance Officer (also our point of contact under the DPDP Act):
- Name: [Grievance Officer name]
- Email: grievance@legitapp.shop
- Address: [Registered address]
We acknowledge grievances within 24 hours and ordinarily resolve them within 15 days. General queries can go to hello@legitapp.shop.