Privacy Policy

Dear Parents,

As a dad of 3, I worry about my kids’ privacy online — and I hate long, unreadable privacy policies that are just a bunch of legalese. 

So as the CEO of Legends and a fellow parent, I wanted to write to you — in plain language — about what data we collect from your kids and how we will (and won’t) use it. 

Of course, if you want all the details, our full privacy policy is below (I’m an ex-lawyer, after all)

Here’s what I want you to know:

  • We will never sell your child’s data. Ever. 
  • You deserve to have control over your child’s data. You can email us at any time ( and ask to see or delete your family’s data, and our team will help. And because we’ve designed the program for parents and kids to start together, when we’re asking them for information about themselves, you’re right there with them.
  • We take data security seriously. We follow best practices for storing your data securely, and only trusted members of our team can access or share it. 
  • We’ll collect only the data we need to:
    • Sign your child up for Legends: Your name, their name, their birthday, your phone number and your email address — just the basics.
    • Process your credit card payments: This information (credit card number and address) is collected by our external credit card processor, Stripe. It is never stored on our servers, and we chose Stripe because they have strong privacy policies themselves, which you can view here.
    • Personalize Legends for your child: We’ll keep track of your child’s responses to our activities and assessments - and use that to personalize the program to their interests and needs, give you updates on their progress, and make the program better for all kids.
    • Recognize you when you come back: That might mean collecting identifiers like your IP address, so that we can recognize you when you come back on the same device and sign you right back in quickly. 
  • We think data can help improve learning, so we might share program data like survey responses with researchers so they can learn how to teach confidence more effectively. However, any data we share with others will be anonymized — meaning we won’t share personally identifiable information like names or contact information along with your child’s responses. 

Finally, we’re an open book. If you have any questions about privacy, or anything else, just ask! You can send an email to

Thanks for reading,
Sonny Caberwal
CEO, Legends

Legends Lab, Inc., DBA “Legends” (“Legends,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this privacy policy. This privacy policy explains our policies and procedures regarding the collection, use, disclosure, and security of certain personal data that we receive, with a focus on personal data that would be considered “personal data” within the meaning of the EU General Personal data Protection Regulation (“GDPR”). As used in this privacy policy, “personal data” refers to information about an identified or identifiable individual, such as their name or email address. Legends provides on-line Legends Apps (“Legends Apps”) for children who are 7 to 11 years old (collectively, “Children,” or “you”).

For the purposes of the GDPR, Legends is considered the personal data controller. This means that we are responsible for deciding how we use the personal data that we hold. We are a Delaware corporation registered in the United States with an office at Legends, Inc. 330 N Brand Blvd Ste 700 Glendale, CA 91203.

The GDPR applies to you if you are located in the European Economic Area, the United Kingdom or Switzerland (an “EEA Individual”).

Please note that by applying for admission for your child to participate in Legends Apps, having your child participate in Legends Apps, or visiting or using (the “Site”) and the various other related services, features, functions, software, applications and websites associated with Legends Apps (together with Legends and the Site, collectively, the “Legends Services”), you are accepting the practices described in this privacy policy and our COPPA policy located at (as modified, the “COPPA Policy”), subject to any rights or restrictions that might apply under the GDPR if you are an EEA Individual, including the rights described in the European Privacy Rights for EEA Individuals provisions below. Our Terms of Service located at govern your use of Legends Apps and the other Legends Services (as modified, the “Terms”). Capitalized terms that are not defined in this privacy policy shall have the meaning given to them in the Terms. This policy describes the types of personal data we may collect from you or that you may provide when you apply for your child’s admission to participate in Legends Apps, your child participates in Legends Apps you access or use the Site, the other Legends Services or any of the other features, functions, services, and products and products, and our practices for collecting, using, maintaining, protecting and disclosing that personal data.

This policy applies to personal data we collect or may collect:

  • In accessing and using the Site.
  • In accessing Legends Apps.
  • In accessing and using the other Legends Services.
  • In email, text and other electronic messages sent through or use of the Site, Legends Apps and the other Legends Services.
  • Through services provided to us or to you by third-party companies, agents or contractors. It does not apply to personal data collected by:
  • Us offline or through any other means, including on any other website operated by Legends or any third party; or
  • Any third party.

Please read this policy and the COPPA Policy carefully to understand our policies and practices regarding your personal data and your child’s personal data and how we will treat it. If you do not agree with our policies and practices, your only choice is for your child not to participate in Legends Apps or for you not to access and use the Site or any of the other Legends Services. By applying for admission to, or participating in, Legends Apps, you agree to this privacy policy and the COPPA policy. This policy may change from time to time as described in the provision of this privacy policy entitled Changes to Our Privacy Policy.

Minors under the Age of 13

We do not knowingly collect personal data from children under 13 except as provided in the COPPA Policy. 

If you are under 13:

  • do not provide any personal data or other information about yourself to us, including your full name, address, telephone number, email address or any screen name, username you may use or any pictures of you

If we learn we have collected or received personal data from a minor under 13 without verification of parental consent, we will delete that personal data and other information. If you believe that we might have any personal data from or about a child under 13, please contact us at


Protecting the privacy of our students is extremely important to us. Legends complies with the Children’s Online Privacy Protection Act (as amended, “COPPA”) To review our COPPA Policy, which applies to the personal data and other information that we knowingly collect from or about children under 13, please go to


Legends complies with all applicable provisions of the United States Family Educational Rights and Privacy Act, 20 U.S.C. 1232g, 34 CFR Part 99 (as amended, “FERPA”) in receiving and handling personally identifiable personal data and information from education records as a “school official” under FERPA. If you are a parent and would like more information on parental rights with respect to your child’s educational record under FERPA, please visit the FERPA site.

Personal Data We Collect About You and How We Collect It

We collect or may collect several types of personal data from and about you, your child who participate in Legends Apps and the other users of the Site and the other Legends Services, including:

  • For parents, personal data by which you may be personally identified, including personal data such as email address;
  • For children, the child’s first name and gender;
  • Device, internet and mobile information such as the hardware model, operating system version, unique device identifiers, browser type, language;
  • Information that is about you but individually does not identify you, such as the date and time of visit;
  • IP address;
  • Information that is about you but individually does not identify you, such as the date and time of visit;
  • Geo-location information;
  • When you report a problem with Legends Apps or any of the other Legends Services;
  • Details of transactions you carry out through, the Site and any of the other Legends Services.

We collect this personal data:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through or use Legends Apps, the Site or any of the other Legends Services.
  • From third parties, such as our customers, business partners and other third parties that provide us or you with certain services.

Certain transactions may also involve you calling us or our calling you. Please be aware that we may monitor, and in some cases, record such calls for staff training or quality assurance purposes.

Personal Data Minimization

We take every reasonable step to limit the volume of your personal data that we process to what is reasonably necessary.

We do not Engage in Automated Decision-making without Human Intervention

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

Consequences of not providing Personal Data

You are not required to provide all personal data identified in this policy to use our Site or to interact with us offline, but your child will not be able to participate in Legends Apps if you do not provide the required personal data. In addition, if you do not provide the personal data, we may not be able to respond to you.

Use of Cookies and Other Tracking Technologies.

We do not currently use technologies (e.g., cookies, etc.) for automatic personal data collection.

Do Not Track Policy

Your web browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We do not honor any web browser “Do Not Track” signals or other mechanisms that provide you with the ability to exercise choice regarding the collection of personally identifiable personal data about your online activities over time and across third-party websites or online services. At present, no universally accepted standards exist on how companies should respond to do-not-track signals. In the event a final universally accepted standard is established, we will assess and provide an appropriate response to these signals.

Third-party Responsibilities and Services.

We may use or partner with other third-party companies, agents or contractors for various purposes in connection with our business and operations (“Service Providers”), including, invoicing and payment processing, instant messaging and communications, sending marketing communications and application notifications, collecting and storing personal data, social media marketing, relationship building, the marketing and growth of our business and the performance of services on our behalf, such as gathering and analyzing information and the provision of services to you. In the course of performing these responsibilities and providing such services, these other companies may have access to your personal data. We may also share personal data, including your personal data, with these Services Providers in order to enable them to perform these responsibilities and to provide these services. These Services Providers may have adopted their own privacy policies, which are not subject to control by Legends. You should always review the policies of these Service Providers to make sure that you are comfortable with the ways in which they collect, use, maintain, protect and disclose your personal data. We do not list our current Service Providers because they change from time to time. If you would like the names of any of Service Providers, please email us at The Service Providers may also transmit cookies to your computer or device when you click on ads that appear on or through the Service.

As a convenience to you, we may in the future also provide links to other third-parties from within the Site or the other Legends Services. If you click on one of these links, you will be redirected to that third-party’s site (via affiliate cookies) and such third party may also transmit cookies to you. We do not have any control over that or how they collect, use, maintain, protect and disclose your personal data. Please be aware that cookies placed by third parties may continue to track your activities online even after you are no longer using any of the Legends Services, and those third parties may not honor “Do Not Track” requests you have set using your web browser.

We will only use personal data that we collect about you or that you provide to us, including any personal data for purposes described in this privacy policy and when applicable law allows us to do so.

We will generally use your personal data on the following legal grounds:

  • Where the use of your personal data is necessary for the performance of a contract we are about to enter into or have entered into with you or pursuant to which we are providing services to you or on your behalf;
  • Where the use is necessary for the purposes of our legitimate interests (or those of a third party);
  • Where we need to comply with a legal or regulatory obligation; or
  • Where you have given your consent (which can be withdrawn at any time).

We use personal data that we collect about you or that you provide to us, including any personal data:

  • To provide Legends Apps to you.
  • To provide the Site and the content that is on it to you.
  • To provide the other Legends Services to you.
  • For login and security associated with Legends Apps.
  • To process and complete transactions, including the application for participation in Legends Apps and sending you related information.
  • To ensure compliance with the Terms, including responding to any alleged Prohibited Behavior.
  • To provide technical and other support to you.
  • To send you news or information about us that may be of interest to you.
  • To enable Service Providers to perform certain responsibilities and provide certain services in connection with Legends Apps and our business and operations.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to Legends Apps, the Site and the other Legends Services.
  • For quality control and to improve Legends Apps and the other Legends Services.
  • To enhance the safety and security of Legends Apps and the other Legends Services.
  • To verify your identity and prevent fraud or other unauthorized or illegal activity.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

Some of the personal data that we collect automatically is statistical personal data and does not include personal data, but we may maintain it or associate it with personal data we collect in other ways or receive from third parties or you provide to us. It helps us to improve Legends Apps, the Site and the other Legends Services, and to deliver a better and more personalized service, including enabling us to:

  • Estimate our audience size and better understand usage patterns.
  • Store personal data about your preferences, enabling us to customize the Site according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to Legends Apps and the Site.

Storage and Transfer of Your Personal data

We may store any personal data or other information that we collect (personal or otherwise) ourselves or in personal databases and servers owned and maintained by us, our affiliates, agents or Service Providers. If you access or use the Site, apply for your child’s admission to Legends Apps or access or use any of the other Legends Services or your child participates in Legends Apps outside of the United States, personal data that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of personal data out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by Legends and you. By allowing Legends to collect personal data about you and your child, you consent to such transfer and processing of such personal data without restriction. We may also store some personal data locally on your computer or other devices. For example, we may store personal data as local cache so that you can open the Site and view content faster. Although users from all over the world may apply for admission to, and participate in, Legends Apps, or access the Site and the other Legends Services, keep in mind that no matter where you live or where you happen to use our services, you consent to us processing and transferring personal data in and to the United States and other countries whose personal data-protection and privacy laws may offer fewer protections than those in your home country.

Disclosure of Your Personal Data

We may disclose personal data that we collect or you provide as described in this privacy policy and the COPPA Policy:

  • To the parent of a child that has alleged a violation of the restriction on Prohibited Behavior.
  • To Service Providers, contractors and other third parties we use to support Legends Apps and our business but only to the extent necessary for them to provide this support.
  • To a potential or actual buyer, assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Legends’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Legends about users of the Site and the other Legends Services is among the assets that may be or are actually transferred.
  • To fulfill the purpose for which you provide it.
  • With your consent.

We may also disclose your personal data:

  • To comply with any court order, law or legal process, including to respond to any government or regulatory request.
  • To enforce or apply the Terms and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Legends, our customers, developers, users or others.

We have no current intention of otherwise selling any of your personal data. If that ever changes, we will notify you in accordance with the provision of this privacy policy entitled Changes to Our Privacy Policy.

We may use, disclose, share or sell personal data that is anonymized or in an aggregated form that does not include any personal data about you and we may use and share any such personal data for any purpose without restriction so long as we do not disclose any of your personal data or it does not violate the terms of this privacy policy or any applicable law.

Choices About How We Use and Disclose Your Personal Data

We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with the following control over your personal data:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that all or some parts of Legends Apps and the other Legends Services, may then be inaccessible or not function properly.
  • Promotional Offers from Legends. If you do not wish to have your email address/contact information used by Legends to market or otherwise promote our own or third parties’ products or services, you can opt-out through the unsubscribe mechanism at the bottom of the applicable email. This opt-out does not apply to personal data provided to Legends as a result of a service or product purchase, warranty registration, product service experience or other transactions.

We do not control third parties’ collection or use of your personal data to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: and You may also use TRUSTe’s Preference Manager at

Our Legal Bases for Handling Your Personal Data

GDPR and the laws in some other jurisdictions require companies to tell you about the legal bases that they rely on to use or disclose your personal data. To the extent that those laws apply, we rely on the following legal grounds to process your personal data:

  • Performance of a contract: In most cases, we collect and use your personal data and other information to meet our obligations under a contract to which you are a party or pursuant to which we are providing services to you or your child. For example, when you apply for admission to, or a student participates in Legends Apps or you use the other Legends Services, we will use your personal data to respond to your requests and to provide you (or your child) with these services.

Legitimate interests: We may use your personal data information for our legitimate interests on the grounds that it furthers our legitimate interests in commercial activities (but only to the extent that such interests are overridden by the interests or fundamental rights and freedoms of the affected individuals) including:

  • Analyzing and improving Legends Apps, the other Legends Services and our business
  • Providing the services pursuant to our contracts with our customers
  • Marketing

Legal compliance: We may use and disclose personal data in certain ways to comply with our legal obligations under European or Member State law or other applicable law.

Consent: To the extent required by law, and in certain other cases, we handle personal data on the basis of implied or express consent.

Accessing and Correcting Your Personal Data

You may change, correct or delete any personal data that you have provided to us through your account or by emailing us at

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Site that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email at

European Privacy Rights for EEA Individuals.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data. You can also exercise the right by contacting us directly.

If you are an EEA Individual and GDPR applies and we hold your personal data in our capacity as a controller, you may request that we:

  • Provide access to and/or a copy of certain personal data (including, in some cases, in portable form);
  • Prevent the processing of your personal data for direct-marketing purposes (including any direct marketing processing based on profiling);
  • Update personal data that is out of date or incorrect;
  • Delete certain personal data which we are holding about you; provided that the personal data is not required by us for (i) compliance with a legal obligation under European or Member State law or other applicable law or (ii) the establishment, exercise or defense of a legal claim;
  • Object to our processing of personal data;
  • Restrict the way that we process and disclose certain of your personal data except to the extent that processing is required (i) to comply with a legal obligation under European Member State law or applicable law or (ii) for the establishment, exercise or defense of legal claims;
  • Transfer your personal data to a third party to the extent that this is technically feasible; and
  • Honor a revocation of your consent for the processing of your personal data (without retroactive effect).

We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain personal data may be exempt from such requests in some circumstances, which may include if we need to keep processing your personal data for our legitimate interests or to comply with a legal obligation. We may request you provide us with additional information to confirm your identity before responding to your request. You have the right to lodge a complaint with the authorities applicable to your situation, though we invite you to contact us with any concern, as we would be happy to try to resolve it directly. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:

If you are an EEA Individual in France, you also have the right to set guidelines for the retention and communication of your personal data after your death.

If you reside in a jurisdiction other than the European Economic Area, you may also have similar rights to the above. Please contact us at if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.

In addition, where you believe that we have not complied with its obligation under this Privacy Policy or European law, you have the right to make a complaint to an EU Personal data Protection Authority, such as the UK Information Commissioner’s Office. Here is a list of local personal data protection authorities in EEA countries.

You can exercise any of these rights by contacting us at

How Long We Store Your Personal Data

We will only retain your personal data, in a form which permits us to identify you, for as long as necessary to fulfill the purposes we collected it for. We will retain and use your personal data as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Personal data may persist in copies made for backup and business continuity purposes for additional time.

Personal Data Security

We understand that the security of your personal data is important. We provide reasonable administrative, technical, and physical security controls to protect your personal data. However, despite our efforts, no security controls are 100% effective. Legends cannot ensure or warrant the security of your personal data. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on Legends Apps, the Site or the other Legends Services.

Changes to Our Privacy Policy

If we make material changes to how we treat our users’ personal data that are materially less protective than provided in this policy, we will use reasonable efforts to notify you by email to the email address specified in your account and/or through a notice on the home pages of the Site and to attempt to get your consent to the changes. The date the privacy policy was last updated is identified above. You are responsible for ensuring that we have an up-to-date active and deliverable email address for you, and for periodically visiting the Site and this privacy policy to check for any changes. Like our Terms, of which this privacy policy is a part, your use, and/or continued use after our efforts to contact you, of the Site, Legends Apps or any of the other Legends Services, means that you agree to be bound by such changes.


The policies indicated in this privacy policy will remain effective, even if the Terms and the other agreements between us are terminated and you are no longer using the Site, Legends Apps or any of the other Legends Services.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices or need to reach us for any other reason, you may contact us by email at