Privacy Policy
This policy describes the personal data processed by the Legion Force AI group (“Legion Force AI”, “we”, “us”) across two surfaces: the legionforce.ai website and the Legion Force AI autonomous marketing platform (“the Platform”). It explains what personal data we process, how, why, and the rights you have over it.
Who we are
The data controller for personal data processed by the Platform — including OAuth tokens, published content records, and engagement metrics — is Legion Force AI Limited, a private company limited by shares registered in Hong Kong SAR.
The legionforce.ai website is operated within the same group by Legion Force AI Pty Ltd (Australia, ABN 58 454 424 860); it is the data controller for personal data submitted via the website (for example contact form enquiries and pilot programme registrations).
Both entities use the same contact for data requests: dev@legionforce.ai
Scope of this policy
This policy covers:
- Personal data we collect when you visit legionforce.ai
- Personal data we process when we publish marketing content on behalf of Legion Force AI or a Legion Force AI client on third-party platforms (LinkedIn, YouTube)
- Personal data we process when you interact with content published by Legion Force AI or a client brand (e.g. impressions, reactions, comments, shares captured via platform analytics APIs)
- OAuth tokens and integration credentials we hold to operate on third-party platforms
This policy does NOT cover:
- The privacy policies of LinkedIn, YouTube, or other third-party platforms — those are governed by the operators of those platforms
- Personal communications between Legion Force AI staff and clients outside the Platform
What we process and why
a. Website visitors
When you visit legionforce.ai we collect:
- Technical information needed to deliver the page (IP address, user agent, referrer) — retained in standard webserver logs for up to 30 days
- Information you choose to submit (contact form, pilot programme registration) — retained while your enquiry is active and up to 24 months after final contact
Legal basis: legitimate interest in operating the website and responding to your enquiry.
b. Content we publish on third-party platforms
When the Platform publishes content on behalf of Legion Force AI or a client brand, the content itself is processed by:
- The Platform's internal pipeline (research, draft, quality check, render, publish)
- The third-party platform receiving the post (LinkedIn, YouTube)
- AI content-generation providers we use to generate text, video, or imagery (e.g. Anthropic, HeyGen, RunwayML, local ComfyUI/Flux)
- Stock-media providers we use to source supplementary imagery (e.g. Pexels)
We do not embed personal data about third parties into published content without consent.
Legal basis: legitimate interest in publishing the brand's marketing content; contractual obligation when operating on behalf of a client.
c. Engagement signal
When content we publish is interacted with on a third-party platform, the platform's analytics API may return aggregate engagement metrics (impressions, reactions, comments, shares) per published post. We process this aggregate signal to improve content strategy.
We do not link engagement metrics to individual third-party platform users. We only receive aggregate counts and the LinkedIn-issued post identifier.
Legal basis: legitimate interest in measuring marketing effectiveness.
d. OAuth tokens and integration credentials
To publish on behalf of Legion Force AI or a client brand on third-party platforms, the Platform holds:
- Access tokens, refresh tokens, and granted-scope lists for the third-party platform account (e.g. LinkedIn organisation page)
- The token grant timestamp and expiry timestamp
These credentials are scoped to the specific platform account that authorised them and are used only to publish content and read engagement metrics for that account.
Tokens are stored on-server in encrypted brand-scoped configuration. They are not transmitted to any third party except the platform that issued them. They are revoked when:
- The account holder revokes the consent in the platform's own settings
- Legion Force AI ends the engagement with that account holder
- A token is rotated for security
Legal basis: contractual obligation; explicit consent of the account holder granted at OAuth time.
e. Brand and client data
When a brand uses the Platform we process:
- Brand identity (name, brand documents, tone-of-voice guidance, key messages)
- Marketing intent (topics, target audience, publishing cadence)
- Configured platform credentials (tokens above)
This data is processed solely to operate the Platform for that brand and is segregated per brand instance.
Legal basis: contractual obligation.
How long we keep your data
| Category | Retention |
|---|---|
| Webserver logs | Up to 30 days |
| Contact form enquiries | Active enquiry + 24 months |
| Pilot programme registrations | Until programme conclusion or 24 months |
| Published content records (post ID, timestamp, platform URN) | Indefinite — required for audit and de-duplication |
| Engagement metrics | Indefinite — required to inform content strategy |
| OAuth tokens | Until revoked, rotated, or the engagement ends |
| Pipeline run logs | Up to 12 months |
| Brand configuration data | Duration of engagement + 12 months |
We delete data sooner on request where retention is not legally or operationally required.
Who we share data with
We share personal data only with:
- Third-party platformswe publish to or fetch engagement from (LinkedIn, YouTube) — governed by those platforms' own terms
- AI content-generation providers we use to generate or quality-check content (Anthropic, HeyGen, RunwayML). Provider terms govern data handling on their side
- Stock-media providers we use to source supplementary imagery (Pexels)
- Cloud and managed infrastructure providers that operate the servers, databases, and pipelines (under data processing agreements where required)
- Authorities when legally compelled
We do not sell personal data, ever.
International transfers
Legion Force AI Limited operates from Hong Kong SAR. Our infrastructure providers and AI inference providers operate globally; personal data may be processed in the United States, the European Economic Area, the United Kingdom, and other jurisdictions where these providers operate.
Your rights
Subject to applicable law you have the right to:
- Access personal data we hold about you
- Correct inaccurate personal data
- Erase personal data we no longer have a legal basis to keep
- Object to processing or restrict it
- Withdraw consent where processing relies on consent
- Lodge a complaint with a supervisory authority
Contact dev@legionforce.ai to exercise any of these rights. We respond within 30 days.
Security
We protect personal data with standard industry safeguards: encryption in transit, encryption at rest where the storage layer supports it, least-privilege access, brand-scoped data segregation, and structured audit logging.
No system is perfectly secure. If we discover a breach affecting your personal data we will notify you and the relevant authority where the law requires.
Cookies and similar technologies
legionforce.ai uses only cookies strictly necessary to deliver the page. We do not use advertising or third-party tracking cookies on the public site at this time.
Some site features use your browser's local storage to preserve state between page loads — for example the chat widget stores its conversation identifier and message history (lf_conversation_id, lf_messages) so the conversation is preserved if you navigate away, and the pilot-programme configurator reads that identifier to pre-fill your registration. Local-storage values are stored on your device, not transmitted to third parties beyond the providers listed above, and can be cleared at any time from your browser's site-data settings.
Children
The Platform and legionforce.ai are not directed to children under 16. We do not knowingly process personal data of children.
Changes to this policy
We update this policy when the Platform or our processing changes. The Effective date and Last updated date at the top reflect the most recent change. Material changes will be highlighted on the legionforce.ai homepage for 30 days following the change.
Contact
Legion Force AI Limited
Hong Kong SAR
Data requests: dev@legionforce.ai