Your data stays
your data.
LegacyBridge is a transit layer. We route your legacy API calls — we do not store, analyze, or monetize your business data.
Zero payload retention
LegacyBridge acts exclusively as a transit layer between your application and your legacy SOAP/WSA system. Request and response payloads are processed in memory for the duration of the HTTP transaction and immediately discarded.
Your business data — customer records, financial transactions, inventory, or any other legacy payload — never touches our database.
This architecture is intentional. It means LegacyBridge cannot become a liability in the event of a data breach, and eliminates a broad class of compliance concerns for our customers.
What we do store
We collect only what is strictly necessary to operate the platform securely.
| Data type | What exactly | Payload included? |
|---|---|---|
| User profiles | Name, email, role, hashed password, daily quota | NO |
| API error logs | HTTP status code, endpoint path, timestamp — no request/response body | NO |
| Audit trail | Admin actions: login, config changes, impersonation — no business data | NO |
| Usage statistics | API call counts per hour, per user — no content | NO |
| Legacy source config | WSDL endpoint URLs, auth credentials (AES-256 encrypted at rest) | CONFIG ONLY |
Data hosting
All data is stored in the European Union.
| Component | Provider | Region |
|---|---|---|
| API backend | Render (AWS-backed) | US Oregon (transit only — no persistence) |
| Database | Supabase (PostgreSQL on AWS) | eu-central-1 (Frankfurt) |
| Frontend | Vercel (Edge CDN) | Global CDN — static assets only |
All connections are encrypted in transit (TLS 1.2+). Database credentials are stored as environment variables, never in source code.
Retention periods
| Data | Retention | Deletion |
|---|---|---|
| User profiles | Duration of account | On account termination |
| API error logs | 90 days | Automatic purge |
| Audit trail | 12 months | Automatic purge |
| Usage statistics | 36 months | Automatic purge |
| SOAP payloads | Never stored | N/A |
Your rights
Whether you are in the European Union (GDPR) or California (CCPA), you have the right to:
| Right | How to exercise it |
|---|---|
| Access — obtain a copy of your data | Email privacy@alm77it.com |
| Rectification — correct inaccurate data | Via your account settings or email |
| Erasure — delete your account and data | Email privacy@alm77it.com |
| Portability — export your data | Email privacy@alm77it.com |
| Objection — opt out of processing | Email privacy@alm77it.com |
We respond to all privacy requests within 30 days.
Contact & DPA
For enterprise customers requiring a Data Processing Agreement (DPA), security questionnaire, or custom data handling arrangements, contact us directly.
Request a DPA
Data Processing Agreement available for enterprise and regulated industry customers.
Data controller: ALM77 IT
Privacy contact: privacy@alm77it.com
Last updated: May 2026