Customer Portal

Privacy Policy

Legendary Grading Service (LGS) – U.S. Privacy Policy
Effective Date: June 18, 2025

1. Introduction

This Privacy Policy (“Policy”) explains how Legendary Grading Service, LLC (“LGS,” “we,” “us,” or “our”) collects, uses, discloses, stores, secures, and otherwise processes personal information in connection with our services and interactions with you. This Policy applies to all individuals who engage with LGS Services—including visitors, submitters, buyers, collectors, dealers, vendors, and users—via our websites, mobile applications, events, marketplaces, customer portals, emails, and any other channels referencing this Policy (the “Services”).

LGS is committed to protecting your privacy, complying with applicable U.S. state and federal laws, and ensuring transparency in our data practices. By using our Services, you acknowledge the practices outlined in this Policy.

2. Scope and Coverage

This Policy applies to all personal information we collect from U.S.-based users and is intended to comply with the privacy and data protection requirements of applicable laws, including:

  • California Consumer Privacy Act (CCPA/CPRA)

  • Virginia Consumer Data Protection Act (VCDPA)

  • Colorado Privacy Act (CPA)

  • Connecticut Data Privacy Act (CTDPA)

  • Utah Consumer Privacy Act (UCPA)

  • Any other applicable federal or state privacy laws

If you are located outside the U.S., please refer to our Global Privacy Policy.

3. Categories of Information We Collect

LGS collects information that falls into the following categories:

3.1 Information You Provide

  • Full name, email address, physical address, and phone number

  • Account registration details, password, and preferences

  • Identification documents, such as government-issued ID (if required for identity verification or legal compliance)

  • Submission data including item photos, descriptions, declared values, provenance, and prior grades

  • Order history, service preferences, payment and billing information (via PCI-compliant third parties)

  • Feedback, surveys, messages, emails, and recorded support interactions

3.2 Information We Collect Automatically

  • IP address, geolocation data (based on IP), device ID, browser, operating system

  • Referring/exit pages, clicks, page visits, time spent, and other usage statistics

  • Data gathered via cookies, local storage, pixels, tags, beacons, and scripts for analytics and advertising

  • Security logs and user behavior patterns used for fraud and threat detection

3.3 Information from Third Parties

  • Identity verification results from compliance vendors

  • Information from dealers, consignees, auction houses, and marketplaces

  • Social media and publicly accessible content where you reference LGS or its services

  • Event registration data from third-party ticketing platforms or co-hosts

4. How We Use Your Information

We use your personal data for a wide range of operational, legal, and marketing purposes, including:

  • Account creation, maintenance, access control, and authentication

  • Collectible grading, authentication, encapsulation, and return services

  • Issuing certification, tracking submission status, and preserving historical records

  • Processing payments and issuing invoices

  • Sending transactional, support, and account-related messages

  • Detecting, investigating, and responding to fraud, abuse, or illegal activity

  • Customer support and quality assurance

  • Internal auditing, analytics, and service development

  • Personalizing user experiences and features

  • Conducting satisfaction surveys and promotional campaigns (opt-in or opt-out basis)

  • Fulfilling legal obligations, responding to law enforcement, regulatory investigations, and litigation

We will not collect additional categories of personal information or use the collected data for materially different purposes without prior notice.

5. Sensitive Information

We may collect sensitive information such as government-issued ID or financial data when necessary to:

  • Verify identity

  • Prevent fraud

  • Comply with legal or regulatory obligations

Sensitive data is collected only when necessary, stored securely, and limited to specific use cases.

6. How We Share Your Information

LGS may disclose personal data under the following circumstances:

  • Service Providers: IT hosting, analytics, fraud monitoring, payment processing, shipping, printing, and email marketing platforms

  • Affiliates and Business Units: Within LGS and its subsidiaries for internal management and compliance

  • Partners and Dealers: When a transaction or submission is managed by or routed through a verified LGS dealer or marketplace partner

  • Legal or Regulatory Bodies: In response to subpoenas, legal processes, court orders, or to enforce contractual obligations or prevent harm

  • Corporate Transactions: If LGS is involved in a merger, acquisition, reorganization, asset transfer, or bankruptcy

We do not sell your personal data for monetary gain. Certain disclosures may qualify as “sharing” under state laws, such as sharing cookie-based identifiers with advertising partners.

7. Use of Cookies and Similar Technologies

Cookies and other technologies are used to:

  • Recognize you across devices

  • Remember preferences and enhance navigation

  • Analyze performance and detect site issues

  • Deliver personalized content and targeted ads

You can manage cookies through your browser settings or LGS’s cookie preference center. We honor Global Privacy Control (GPC) signals where applicable.

8. Communication Preferences and SMS Policy

If you opt into receiving SMS or mobile messages:

  • We may send order updates, account alerts, security codes, and event reminders

  • Message frequency varies

  • Standard messaging/data rates may apply

  • You can reply STOP at any time to unsubscribe

We do not share mobile numbers with third parties for marketing without consent.

9. User-Generated Content and Forums

If you participate in LGS-hosted forums, message boards, or review areas:

  • Content is considered public and may be viewed, shared, or archived by others

  • Avoid posting sensitive personal information or trade secrets

  • LGS reserves the right to moderate, edit, or remove content that violates our policies

10. Data Security Measures

We use administrative, technical, and physical safeguards to protect data, including:

  • TLS encryption for data in transit and AES-256 encryption at rest

  • Access limitation to authorized staff

  • MFA (multi-factor authentication) and device-based session validation

  • Regular security audits and employee training

  • An incident response protocol to manage and report breaches if they occur

11. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purpose for which it was collected

  • Maintain submission records and certification history

  • Comply with financial or legal obligations

  • Resolve disputes and enforce agreements

We anonymize or securely delete data that no longer serves a purpose.

12. Your Privacy Rights

Depending on your state of residence, you may have the right to:

  • Know whether we process your personal data

  • Access and receive a copy of your personal information

  • Request corrections or updates

  • Request deletion, with certain exceptions

  • Opt out of the sale or sharing of personal data

  • Appeal a denied request

  • Limit use of sensitive personal data (where applicable)

You may exercise these rights by contacting [email protected] or visiting our Privacy Request Portal. We may require verification of your identity before processing any request.

13. Children’s Privacy

Our Services are not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a child has submitted data, we will delete it promptly.

14. Third-Party Links

LGS Services may link to third-party websites. We are not responsible for the content or privacy practices of such external sites. Review their privacy policies before providing any information.

15. Notice of Monitoring

LGS monitors activity across its platforms to:

  • Detect abuse, fraud, or violation of terms

  • Ensure quality of service

  • Improve user experience

This includes session logging, behavioral tracking, and storing transcripts of customer interactions.

16. State-Specific Disclosures

We comply with U.S. state privacy laws. Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, and other applicable states have specific rights. These include:

  • The right to opt out of targeted advertising

  • The right to receive notice at the point of data collection

  • The right to request that we not use automated decision-making to profile you

See our State Privacy Addendum for details.

17. Changes to This Policy

We may update this Policy to reflect changes in law, operations, or technology. Updates will be posted with an effective date. Material changes will be announced via email or dashboard alerts.

18. Contact Us

To ask questions or exercise rights under this Privacy Policy:

Legendary Grading Service, LLC
Email: support@legendarygradingservice.com

19. Biometric Data and Facial Recognition

LGS does not intentionally collect biometric identifiers or use facial recognition software for any purpose. If future services require identity verification via biometric or facial recognition tools, we will:

  • Obtain explicit, informed, and written consent

  • Comply with BIPA, CCPA, and any applicable state biometric privacy laws

  • Use encryption and restrict access to biometric data

  • Provide a mechanism to revoke consent and request deletion

20. Automated Decision-Making and Profiling

LGS may use limited automated logic for:

  • Detecting fraudulent submission patterns

  • Identifying high-risk or suspicious transactions

  • Recommending service tiers based on item characteristics

We do not use automated decision-making that has legal or similarly significant effects on individuals without human review. Where legally required, you may:

  • Request meaningful information about the logic involved

  • Object to decisions based solely on automated processing

  • Request manual review

21. Data Transfers and Cross-Border Processing

While our Services are based in the U.S., personal information may be processed by LGS personnel or third-party service providers located in other jurisdictions. We ensure that such transfers:

  • Are governed by legally recognized safeguards (e.g., standard contractual clauses)

  • Involve only vetted vendors with documented privacy and security controls

22. Data Breach Notification

In the event of a confirmed data breach involving personal information:

  • Affected users will be notified in accordance with applicable state and federal laws

  • LGS will coordinate with law enforcement and regulators where necessary

  • We will document the breach internally and apply remedial security measures

23. Employee and Contractor Access

Access to personal information is restricted based on:

  • Role-based access control (RBAC)

  • Confidentiality agreements

  • Security training and background checks

  • Logging of administrative access to sensitive systems

All staff who handle customer data receive regular privacy and compliance training.

24. Backup, Recovery, and Business Continuity

To ensure availability of your data:

  • Regular encrypted backups are conducted

  • Disaster recovery and business continuity plans are tested quarterly

  • We maintain geographically redundant infrastructure through authorized providers

25. Data Portability

You may request that we provide your personal information in a structured, machine-readable format. This may include:

  • Account details

  • Submission history

  • Certification data

Requests must be submitted via the Privacy Request Portal and may require identity verification.

26. Independent Audits and Certification

LGS may conduct or commission third-party security audits, such as:

  • SOC 2 Type II certification

  • Penetration testing and vulnerability assessments

  • Annual privacy compliance assessments

Results may be shared with regulators upon request or published in transparency reports.

27. Contacting Our Data Protection Officer (DPO)

For escalated concerns, data portability requests, or privacy-related disputes, contact our DPO:

Data Protection Officer
[email protected]

Copyright © 2025 Legendary Grading Services | Powered by Legendary Grading Services