Privacy Policy
Effective Date: June 2, 2026
Last Updated: June 2, 2026
Brijon Holdings LLC d.b.a. Legacy Alarm
1029 Emerson St, Pasadena, CA 91106
Email: support@legacyalarm.com
1. Who We Are
Brijon Holdings LLC, doing business as Legacy Alarm ("Legacy Alarm," "we," "us," or "our"), is a home security company and authorized dealer for Brinks Home professional monitoring services. We operate in Southern California and sell pre-configured security systems with professional 24/7 monitoring through a fully self-serve online process.
This Privacy Policy describes how we collect, use, store, and share your personal information when you visit our websites, use our online qualification quiz, complete our checkout process, or communicate with us. It applies to all digital touchpoints operated by Brijon Holdings LLC, including our marketing landing pages, qualification funnel, and checkout application.
This policy does not apply to third-party services we use, including Brinks Home Security, Stripe, or GoHighLevel, which operate under their own privacy policies. Where we share data with those parties, we describe that sharing below.
2. Information We Collect
A. Information You Provide Directly
Contact and Identity Information
- Full name
- Email address
- Phone number
- Residential address
Property and Security System Information
- Property address submitted for service eligibility verification
- Existing security system brand, model, and sensor descriptions
- Whether your property has an existing alarm system
- Photos of existing security equipment, if voluntarily submitted
Financial Information
- Payment card details — collected and processed directly by Stripe; we do not receive or store your raw card number
- Bank account information for ACH payment setup — collected during your post-purchase guided installation call, not during online checkout
Service Preferences
- Monitoring plan selection and contract length
- Optional verbal password for account security
- Optional emergency contact name and phone number
Date of Birth
- Collected during checkout as a required identifier for the credit eligibility check
B. Information Collected Automatically
When you use our websites and checkout application, we automatically collect:
- Device and browser data: IP address, browser type and version, operating system, device type
- Usage and session data: Pages viewed, time on page, quiz responses, navigation path, checkout progress, and session state (stored to enable save-and-return functionality)
- Marketing attribution data: UTM parameters, referring URLs, Facebook ad campaign identifiers, and other ad source indicators
- Cookie and pixel data: See Section 7 (Cookies and Tracking Technologies) for details
C. Information We Receive from Third Parties
From BatchData
We submit your name and property address to BatchData, a property data services provider, to verify that you are associated with the address provided. We use this to confirm service eligibility and prevent fraudulent applications. We receive a verification result, not a full consumer data profile.
From HART Credit Technology and Consumer Reporting Agencies
After you complete checkout payment, we submit a credit inquiry through HART Credit Technology. HART queries TransUnion (primary) and Equifax (secondary) on our behalf. Through this inquiry, we receive:
- Your Social Security Number — sourced directly from the bureau's identity match; we do not ask you to type your SSN anywhere in our application
- Credit score and scoring model identifier
- Credit decision result and associated flags
- A full credit report document in electronic format provided by the bureau
This is a soft inquiry. It does not affect your credit score. You will be presented with a separate, standalone disclosure and must provide explicit written authorization before any credit inquiry is run. See Section 5 (Credit Checks and FCRA) for full details.
From Meta (Facebook / Instagram)
When you submit a lead form through our Facebook or Instagram advertisements, Meta transmits the contact information you entered — name, email, phone — along with a record of your consent to be contacted. We also use Meta's advertising pixel on our websites, which may connect your on-site activity to your Meta profile for campaign optimization. We receive anonymized event data from Meta for advertising measurement; we do not receive your full Meta profile.
From Brinks Home
If you enroll in a Brinks Home monitoring contract through our dealer relationship, Brinks may share enrollment confirmation and account status information with us as your authorized dealer.
3. How We Use Your Information
To determine service eligibility
We use your name, address, and date of birth to verify property ownership via BatchData and to run a soft credit check via HART Credit Technology. We use your existing security system details to determine whether your current sensors are compatible with our equipment.
To process your order and fulfill your service
We use your contact, payment, and property information to complete your transaction through Stripe, enroll you in professional monitoring services, and facilitate your guided system setup call. If you qualify for a Brinks Home contract, we transmit the required enrollment information to Brinks to establish your monitoring account.
To set up ongoing billing
We use your bank account details, collected during your post-purchase setup call, to configure ACH payment for your monthly monitoring fee.
To communicate with you
We use your name, phone, and email to send automated and manual follow-up messages after you begin our qualification process, to deliver order confirmations and service updates, to schedule your setup call, and to respond to your questions. See Section 8 (Text and Email Communications) for details on consent and opt-out.
To operate and improve our Services
We use session and usage data to maintain your checkout progress across visits, to understand how users move through our qualification and checkout process, and to detect and prevent fraud and abuse.
For advertising and marketing
We use marketing attribution data and advertising pixels to measure the effectiveness of our Facebook and Instagram campaigns, to attribute completed transactions to specific advertising, and to show our ads to people who have expressed interest in our services. See Section 7 for opt-out options.
For contract execution and regulatory compliance
We retain credit check records, consent documentation, and transaction records as required by our obligations as a Brinks Home authorized dealer, by applicable consumer credit laws, and by California law.
4. Legal Basis for Data Processing
We collect and process personal information under the following grounds:
- Contract performance: To evaluate your eligibility, process your order, and deliver the monitoring service you requested
- Legal obligation: To comply with FCRA disclosure requirements, TCPA consent documentation obligations, California data privacy law, and our dealer obligations under our Brinks Home agreement
- Legitimate interest: To prevent fraud, maintain accurate business records, improve our Services, and protect our legal rights
- Consent: For marketing communications via SMS and email, and for the use of non-essential cookies and advertising pixels
5. Credit Checks and FCRA Disclosure
We use consumer reports to determine eligibility for contract-based monitoring services.
Before any credit check is run, you will be presented with a standalone FCRA disclosure in our checkout process and must provide explicit written authorization. This authorization is a required step and is separate from your agreement to this Privacy Policy.
How the inquiry works:
We use HART Credit Technology as our credit vendor. HART submits your name, date of birth, and address to TransUnion (primary) and Equifax (secondary). This is a soft inquiry. It does not appear on credit reports viewed by lenders and does not affect your credit score. We receive a credit decision (approved, declined, or review), a score, associated flags, and the bureau's full credit report document.
You do not enter your SSN. Your SSN is returned by the bureau as part of their standard identity match response. See Section 6 for details on how we handle it.
If your application is declined:
A declined credit decision does not disqualify you from all Legacy Alarm services. We offer an alternative path — purchasing equipment outright with month-to-month monitoring — that does not require a credit check.
Your FCRA rights:
You have rights under the Fair Credit Reporting Act, including the right to know what is in your consumer file, to dispute inaccurate information, and to place a security freeze. For a full summary of your rights, visit www.consumerfinance.gov/learnmore.
6. Social Security Number and Sensitive Personal Information
Your SSN — Exactly How We Handle It
Your SSN is one of the most sensitive data points we process. Here is a precise account of how it is handled in our systems:
Source: We receive your SSN from TransUnion or Equifax through HART Credit Technology as part of the bureau's standard credit inquiry response. You are not asked to enter your SSN at any point in our application. You will not see your SSN displayed in our interface during or after checkout.
Encryption: Upon receipt on our server, your SSN is immediately encrypted using AES-256-GCM encryption before being written to our database. The encryption key is stored separately as a protected environment secret — it is not in the database itself. The SSN ciphertext in our database cannot be read without that key.
Credit report storage: The full credit report returned by the bureau is stored in private, access-controlled object storage (Cloudflare R2). This document is in the bureau's standard format and may contain your SSN in unencrypted form as part of that standard format. Access to this storage is restricted to authorized personnel.
What does not receive your SSN: Your SSN is not transmitted to your browser at any point. It is not included in payment processor records (Stripe). It is not included in your checkout session data.
Retention: Your encrypted SSN and the associated credit report are retained in accordance with the data retention schedule in Section 9. We are in the process of implementing automated deletion for these records.
Future use: If you complete enrollment in a Brinks Home monitoring contract, your SSN may be transmitted to the eContract or enrollment system used to execute that agreement. We will update this policy to describe that system specifically once confirmed.
Other Sensitive Personal Information
Under California law (CPRA), the following information we collect is classified as "sensitive personal information" with additional consumer protections:
| Category | What We Collect | Why |
|---|---|---|
| Social Security Number | Received from credit bureaus via HART | Credit eligibility; contract execution |
| Financial account information | ACH bank account details | Monthly monitoring payment setup |
| Date of birth | Collected at checkout | Identity verification for credit inquiry |
| Address / geolocation | Property address | Service eligibility; routing |
Your right to limit: California residents have the right to direct us to limit our use of sensitive personal information to what is strictly necessary to provide the services you requested. To exercise this right, see Section 11 (Your California Privacy Rights).
7. Cookies and Tracking Technologies
We use cookies and similar technologies on our landing pages and checkout application. These technologies may store or access information on your device.
Types of cookies we use:
| Type | Purpose | Can Be Opted Out |
|---|---|---|
| Strictly necessary | Required for checkout to function; session management | No |
| Functional | Saves your quiz progress and checkout state across visits | No |
| Analytics | Understand how visitors use our Services (Google Analytics — planned) | Yes |
| Advertising / targeting | Measure ad performance, enable retargeting (Meta Pixel, Google — planned) | Yes |
Cookie consent: When you first visit our website, a cookie consent banner will allow you to accept or decline non-essential cookies. You can update your preferences at any time through the cookie settings link in our website footer.
Meta Pixel: We use Meta's advertising pixel, which may transmit your on-site activity to Meta and connect it to your Meta profile for advertising purposes. This sharing may constitute "sharing" of personal information under California law. You can opt out by declining advertising cookies in our cookie banner, or by visiting your Meta Ad Preferences.
Google Analytics (planned): We plan to implement Google Analytics to understand aggregate site usage. You can opt out at tools.google.com/dlpage/gaoptout.
Heatmap / Session Recording (planned): We may implement a session recording or heatmap tool to analyze user experience in our checkout flow. If implemented, this will be disclosed here and included in our cookie consent options. Such tools will be configured to automatically redact payment fields and any sensitive form inputs.
Do Not Track: We currently do not respond to browser-level Do Not Track signals, as no uniform technical standard exists. We rely on our cookie consent system for preference management.
8. Text Message and Email Communications
How we obtain your consent
When you submit a lead form through our Facebook or Instagram advertisements, you provide written consent to be contacted by Brijon Holdings LLC d.b.a. Legacy Alarm via automated text messages and emails at the phone number and email address you provided. That consent is captured at the point of form submission along with a timestamp.
You may also provide or reconfirm consent at other points in our qualification quiz or checkout process.
What we may send
After you provide consent, we may send you:
- Automated text messages and emails following your initial inquiry
- Quiz completion reminders and links
- Application status updates and follow-up prompts
- Scheduling confirmations for your setup call
- Post-signup onboarding communications
- Promotional messages about Legacy Alarm services
Message frequency: Frequency varies based on your stage in our process. You may receive several messages in a short period following an initial inquiry or an incomplete checkout session.
Message and data rates may apply. Standard carrier rates for SMS may apply depending on your plan.
How to opt out:
- Text messages: Reply STOP to any text from us. You will receive one final confirmation message and no further texts from that number. This does not opt you out of transactional messages related to an active service agreement.
- Email: Click the unsubscribe link in any marketing email, or email us at support@legacyalarm.com.
- Both: Contact us directly at support@legacyalarm.com and we will process your opt-out within a reasonable time.
Opting out of marketing communications does not cancel an active monitoring agreement or opt you out of service-related communications required to maintain your account.
9. Data Retention
We retain personal information only for as long as necessary to fulfill the purpose for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. The following table describes our retention schedule:
| Data Category | Retention Period | Basis |
|---|---|---|
| Lead and contact information (non-converting leads) | 24 months from last activity | TCPA documentation; business operations |
| TCPA / SMS consent records | 5 years from date of consent or last contact attempt | FCC regulatory best practice |
| Session and quiz data (non-converting) | 90 days from session creation | Save-and-return functionality |
| Date of birth | Deleted with associated session or account per applicable row | Tied to credit check record lifecycle |
| Credit check records (encrypted SSN, scores, flags) | 2 years from date of inquiry | Dispute resolution; regulatory compliance |
| Credit report documents (Cloudflare R2) | 2 years from date of inquiry | Dispute resolution |
| Active customer account records | Duration of monitoring contract + 5 years | Contract enforcement; regulatory requirements |
| Payment transaction records | 7 years from transaction date | IRS / financial recordkeeping |
| Terms of service and consent records | Duration of contract + 7 years | Legal documentation |
| Email marketing records | 24 months from last engagement | Preference management |
Note on automated deletion: We are in the process of implementing automated deletion schedules for credit check records, including encrypted SSN data and R2 credit report documents. Until those automated processes are in place, deletions of these records are handled manually upon verified request.
10. How We Share Your Information
We do not sell your personal information for money. However, as described in Section 11, certain data sharing with advertising technology partners — specifically, the use of Meta Pixel — may be characterized as "sharing" for cross-context behavioral advertising under California law. You may opt out of that sharing through our cookie consent banner or through the "Do Not Sell or Share My Personal Information" link in our website footer.
We share personal information with the following parties:
Service Providers
The following parties process your data only on our behalf and under our instructions. They are contractually prohibited from using your information for their own independent purposes.
| Provider | Data Shared | Purpose |
|---|---|---|
| Stripe | Payment card details, billing address, transaction amount | Payment processing |
| GoHighLevel | Name, phone, email, quiz and pipeline status | CRM, automated SMS and email |
| Supabase | Session data, quiz responses, credit check records | Database and session storage |
| Cloudflare R2 | Credit report documents | Secure file storage |
| BatchData | Name, property address | Property ownership verification |
| HART Credit Technology | Name, date of birth, address | Credit inquiry processing |
| Vercel | All application data during request processing | Application hosting and serverless execution |
| Google Analytics (planned) | Anonymized usage data, IP address | Website analytics |
Monitoring Service Providers — Brinks Home
The nature of your data relationship with Brinks Home depends on which service path you choose:
Brinks Home contract path (36-month monitoring agreement):
When you enroll in a Brinks Home monitoring contract through Legacy Alarm, Brinks Home becomes an independent data controller. They will receive your enrollment information and will process it under their own privacy policy, which governs all data they hold as the primary monitoring provider. We act as the authorized dealer facilitating your enrollment. You should review Brinks Home's privacy policy at brinkshome.com.
Legacy Alarm direct path (equipment purchase + month-to-month monitoring):
If you purchase equipment outright and enroll in month-to-month monitoring provided directly through Legacy Alarm, Brinks Home may provide the underlying professional monitoring as a service provider. In this arrangement, Legacy Alarm remains the primary data controller and Brinks processes your data under our instructions.
Consumer Reporting Agencies
We share your name, date of birth, and address with TransUnion and Equifax through HART Credit Technology for the purpose of the credit inquiry. These bureaus operate as independent data controllers and maintain their own privacy policies governing the consumer data they hold.
Advertising Partners
Meta (Facebook / Instagram):
We use Meta's advertising pixel and receive leads through Meta's lead form ad product. These technologies may share your website activity with Meta for campaign measurement and advertising optimization. This sharing may be characterized as "sharing" of personal information under California's CPRA. You may opt out through our cookie consent banner or through the "Do Not Sell or Share My Personal Information" link in our website footer.
Legal, Regulatory, and Business Transfer Disclosures
We may disclose your personal information when:
- Required by law, court order, subpoena, or regulatory demand
- Necessary to protect the rights, property, or safety of Legacy Alarm, our customers, or the public
- In connection with a merger, acquisition, or sale of substantially all of our assets — in which case the acquiring party will be bound by this policy or will notify you of any material changes
11. Your California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights regarding your personal information.
Categories of Personal Information Collected and How It Is Used
| Category | Collected | Sold for Money | Shared for Advertising |
|---|---|---|---|
| Identifiers (name, email, phone, IP address) | Yes | No | Yes — Meta Pixel |
| Personal records (financial, credit information) | Yes | No | No |
| Sensitive personal information (SSN, DOB, bank account) | Yes | No | No |
| Internet / network activity (session, usage data) | Yes | No | Yes — Meta Pixel |
| Geolocation (property address) | Yes | No | No |
| Commercial information (service purchase history) | Yes | No | No |
| Inferences (eligibility determination, lead routing) | Yes | No | No |
Your Rights
Right to Know
You may request that we disclose: the categories and specific pieces of personal information we have collected about you; the categories of sources; the business or commercial purpose for collecting it; and the categories of third parties we share it with.
Right to Delete
You may request that we delete your personal information. We will comply unless an exception applies — for example, we may retain information needed to complete a transaction, detect fraud, comply with a legal obligation, or maintain an active service agreement.
Right to Correct
You may request that we correct inaccurate personal information we hold about you.
Right to Opt-Out of Sale or Sharing
You may direct us to stop sharing your personal information with third parties for cross-context behavioral advertising. To exercise this right, use the cookie preferences banner on our website or click Do Not Sell or Share My Personal Information in the footer of our website.
Right to Limit Use of Sensitive Personal Information
You may direct us to limit our use and disclosure of sensitive personal information — including your Social Security Number, financial account information, and date of birth — to only what is necessary to perform the services you requested. To exercise this right, contact us using the information in Section 14.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under this section. We will not deny you services, charge you different prices, or provide you a different level of quality because you exercised a privacy right.
How to Submit a Request
You — or your authorized agent — may submit a request by:
- Email: support@legacyalarm.com — use subject line "California Privacy Rights Request"
- Mail: Brijon Holdings LLC d.b.a. Legacy Alarm, Attn: Privacy Request, 1029 Emerson St, Pasadena, CA 91106
We will acknowledge your request within 10 business days and respond substantively within 45 calendar days. If we require additional time, we will notify you in writing and explain the reason. We may ask you to verify your identity before processing your request. We respond to two verified requests per person per 12-month period at no charge.
12. Data Security
We implement technical and organizational measures to protect your personal information:
- Encryption at rest: Social Security Numbers are encrypted using AES-256-GCM before being written to our database. Encryption keys are stored separately as protected environment secrets.
- Encryption in transit: All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
- Access controls: Credit check records in our database are accessible only via a service-level role — they are not exposed through client-facing API calls. Access to credit report storage is restricted to authorized personnel.
- Key separation: Encryption keys are not stored in the same system as the encrypted data they protect.
- Vendor data agreements: Our third-party service providers are contractually required to implement appropriate security measures for the data we share with them.
Despite these measures, no method of electronic transmission or data storage is 100% secure. We cannot guarantee absolute security against all threats.
Breach notification: In the event of a security breach involving your personal information, we will notify you as required by California Civil Code §1798.82 and other applicable laws. Our most sensitive data exposures — which would trigger breach notification obligations — include any unauthorized access to the Supabase credit_checks table combined with our encryption key, and any unauthorized access to credit report files stored in Cloudflare R2, which may contain unencrypted SSNs in standard bureau format.
13. Eligibility — Age and Property Requirements
Our Services are intended for adults who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we discover we have inadvertently collected information from a minor, we will delete it promptly. If you believe we have done so, please contact us at support@legacyalarm.com.
Brinks Home contract services additionally require that you be a homeowner or have documented authority to install a security system at the service address.
Legacy Alarm direct services — equipment purchase plus month-to-month monitoring — are available to qualifying renters and homeowners 18 and older, with no long-term contract obligation.
14. Contact Us
For questions, concerns, or requests related to this Privacy Policy or your personal information:
Brijon Holdings LLC d.b.a. Legacy Alarm
1029 Emerson St
Pasadena, CA 91106
Email: support@legacyalarm.com
For California privacy rights requests, use subject line: California Privacy Rights Request
For general privacy questions, use subject line: Privacy Inquiry
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in our data practices, services, or legal requirements. When we do, we will update the "Last Updated" date at the top of this page. For material changes — particularly those affecting how we handle sensitive personal information, credit data, or consumer rights — we will provide notice to active customers via email or a prominent notice on our website at least 30 days before the change takes effect. Your continued use of our Services after an update constitutes acceptance of the revised policy.
Brijon Holdings LLC d.b.a. Legacy Alarm is an authorized dealer for Brinks Home monitoring services. Dealer #854490000. Legacy Alarm does not provide legal, financial, or credit advice. This policy is provided for informational purposes and describes our data practices as of the effective date above. Consumers are encouraged to review the privacy policies of all third-party services referenced herein.