Security & Trust at Legion AI
Legion AI is built for regulated verticals — medspas, healthcare-adjacent services, and multi-location operators. Our security program covers data encryption, access controls, TCPA compliance for AI calling, and vendor due diligence.
Data protection
All customer data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Backups run daily with point-in-time recovery.
Access controls
Role-based access, SSO for enterprise plans, and detailed audit logs on every user action.
TCPA & compliance
AI calling honors DNC lists, per-state calling hours, and consent capture on every touch.
Sub-processors
We maintain a current list of sub-processors. Contact us for the full DPA and vendor list.