Legend Privacy Policy

Information We Collect

We collect "Non-Personal Information" and "Personal Information". Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes only your email and first and last names, which you submit to us through the registration process at the site. We may use your email to send you an occasional message. We do not share Personal Information with third parties.


Legend implements full end-to-end zero-knowledge encryption. Item data is encrypted client-side before syncing the encrypted data to Firebase. Legend has three levels of encryption:
  1. Global: By default Legend uses a global encryption key, which protects your data against naive attackers but is potentially possible to reverse engineer, and it is theoretically possible for us (the developers) to read this data.
  2. User Password: You can optionally set a password to encrypt your data. This password is only cached client-side in your browser, in IndexedDB in a way that it is not exportable. If you use this option, nobody (including us) can decrypt your data.
  3. Document password: You can optionally set passwords on individual documents. This is useful if you only want the added security on a specific document, or to add security to a document you share with someone.

Google Services

Legend syncs with these services fully client-side so that none of the data is ever sent to any other servers. The contents of emails or files is never saved anywhere.

When you add an email to a document, it saves only the account it's on, the subject (for display purposes), and the thread ID (to open it in Gmail).

When you add a Drive file or Calendar event to your documents, it stores only its unique ID and the account it's on. Each Legend client then syncs with Google to get the full information for those unique IDs.

By default, Legend will request access to the userinfo.email, and userinfo.profile OAuth scopes. These allow Legend to know your name and email address. Over the course of using Legend you may want to grant additional authorization scopes to enable additional features. The Drive plugin needs the drive.file scope, and the Calendar plugin needs the calendar scope. Any data that is accessed through these scopes is only sent to devices that you use Legend with. Legend does not send or store this information anywhere except locally on your devices.

App's use of information received, and App's transfer of information to any other app, from Google APIs will adhere to Google's Limited Use Requirements.

Changes to Our Privacy Policy

The company ("Moo.do LLC") reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

Contact Us

If you have any questions regarding this Privacy Policy or the practices of this site, please contact us by sending an email to [email protected].
Last Updated: July 15, 2021