Privacy Policy
Effective 14 July 2026
Legate (legate.social) is a campaign drafting workspace for X content. This policy explains what information we handle when you use it, and why. The short version: we store what you create so the product works, we send content to an AI provider only when you ask for an AI feature, and we do not sell data, run ads, or train models on your content.
Information we collect
- Account details. When you sign in with Google we receive your name, email address and profile picture. We use these to create your account and show who did what inside a shared workspace.
- Your content. Campaigns, drafts, notes, documents, saved posts, canvas items, comments and uploads you add to a workspace. This is the product — we store it so you and your workspace members can use it.
- X account connections. If you connect an X account, we store the access tokens X issues, encrypted at rest. We use them only to publish or schedule posts when you tell us to. You can revoke access at any time from your X settings.
- AI provider keys. AI features run on a key you supply for your chosen provider. We store the key encrypted at rest and use it only to make the requests you initiate.
- Error reports. If something breaks, our error monitoring (Sentry) records the technical failure. It is configured not to include personal information.
What we do not do
- We do not sell or rent your information to anyone.
- We do not show ads or use advertising or cross-site tracking cookies.
- We do not use your content to train AI models, and we do not permit our providers to.
AI features
When you use an AI feature (generating drafts, rewriting, chatting with a canvas node), the relevant content — the drafts, notes and voice context involved — is sent to the AI provider you configured, using your key, and is subject to that provider's terms. Nothing is sent to any AI provider unless you trigger a feature.
Fetching public content
When you save an X post to a swipe file or paste a link onto the canvas, our server fetches the publicly available page or X's public embed data and caches the result (text, preview, images) in your workspace so the card keeps rendering.
Service providers
We run on a small set of infrastructure providers that process data on our behalf:
- Vercel — application hosting and file storage
- Neon — database hosting
- Google — sign-in
- Sentry — error monitoring (errors only)
- X Corp — when you connect an X account or publish
- Your chosen AI provider — only when you use an AI feature
Cookies
We use cookies only to keep you signed in. There are no advertising or third-party analytics cookies.
Sharing inside and outside your workspace
Content in a workspace is visible to that workspace's members according to their role. If you create a share link for a draft or article, anyone with that link can view it (and comment, where enabled) without an account — treat share links accordingly.
Security
Connections use TLS. Secrets we hold for you — X tokens and AI keys — are encrypted at rest with AES-256-GCM. Access to workspace data is enforced by role on every request.
Retention and deletion
We keep your content while your account is active. Deleting a card, campaign or workspace removes it from the product. To delete your account and all associated data, email us and we will action it.
Changes
If this policy changes in a way that matters, we will note it on this page with a new effective date.
Contact
Questions or deletion requests: julian.binstead@gmail.com