Privacy Policy

Last updated: November 1, 2025

1. Introduction

LedgerApp ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our team expense tracking service.

By using LedgerApp, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly when you:

  • Create an account: Name, email address, password
  • Set up your team: Team name, company information, team member emails
  • Use the Service: Expense data (amount, category, date, notes), receipt images, payment information
  • Contact us: Your name, email, and any information in your messages
  • Subscribe to communications: Email address and communication preferences

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • Device information: Browser type and version, operating system, device identifiers
  • Usage data: Pages visited, features used, time spent, click patterns
  • Location data: IP address and approximate geographic location
  • Cookies and tracking: Session data, preferences, analytics information
  • Log data: Access times, error logs, page requests

2.3 Payment Information

Payment information (credit card numbers, billing addresses) is processed securely by our payment processor, Stripe. We do not store complete credit card information on our servers. We only retain the last four digits and expiration date for display purposes.

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create and maintain your account, process expenses, generate reports
  • Process transactions: Charge subscription fees, process upgrades and refunds
  • Communicate with you: Send transactional emails, respond to inquiries, provide customer support
  • Improve the Service: Analyze usage patterns, develop new features, fix bugs
  • Security and fraud prevention: Monitor for suspicious activity, verify identities, protect against threats
  • Marketing: Send promotional emails (with your consent), newsletters, product updates
  • Legal compliance: Comply with laws, regulations, and legal processes
  • Analytics: Understand how users interact with our Service to improve performance

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 Within Your Team

Expense data and team information is shared with other members of your team as part of the core functionality of the Service.

4.2 Service Providers

We work with third-party companies that provide essential services:

  • Hosting: Vercel (application hosting)
  • Database: Supabase (data storage and authentication)
  • Payment processing: Stripe (subscription and payment management)
  • Email delivery: AWS SES (transactional and marketing emails)
  • Analytics: Usage analytics and performance monitoring
  • Customer support: Help desk and communication tools

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, law enforcement).

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data transmitted to and from our Service is encrypted using TLS/SSL
  • Data at rest: Sensitive data is encrypted when stored in our databases
  • Access controls: Strict authentication and authorization for data access
  • Secure infrastructure: Industry-standard hosting providers
  • Regular audits: Security assessments and vulnerability scanning
  • Employee training: Staff are trained on data protection best practices
  • Incident response: Procedures in place for security breach notification

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

  • Active accounts: Data is retained while your account is active
  • Closed accounts: Data is deleted or anonymized within 90 days of account closure
  • Legal obligations: Some data may be retained longer to comply with legal, tax, or regulatory requirements
  • Backup data: Deleted data may persist in backups for up to 30 days

You can request deletion of your data at any time by contacting us at [email protected].

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

  • Request a copy of your personal information
  • Receive your data in a portable, machine-readable format
  • Export your expense data as CSV or PDF

7.2 Correction and Updates

  • Update your account information through settings
  • Request correction of inaccurate data

7.3 Deletion

  • Delete your account and associated data
  • Request erasure of your personal information

7.4 Marketing Communications

  • Opt out of marketing emails using the unsubscribe link
  • Manage communication preferences in your account settings
  • Note: You will still receive transactional emails necessary for the Service

7.5 Object and Restrict

  • Object to processing of your data for direct marketing
  • Request restriction of processing in certain circumstances

7.6 Withdraw Consent

Where we rely on your consent to process your information, you may withdraw that consent at any time by contacting us.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies

  • Essential cookies: Required for basic functionality (authentication, security)
  • Performance cookies: Help us understand how you use the Service
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Track usage patterns and measure performance

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service. Most browsers allow you to refuse cookies or delete them.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

10. International Data Transfers

Your information may be transferred to and maintained on servers located in different countries, including the United States. These countries may have data protection laws that differ from your jurisdiction.

We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Privacy Shield certification (where applicable)
  • Encryption and security measures during transfer

11. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR:

11.1 Legal Basis for Processing

We process your data based on:

  • Contract: To provide the Service you have subscribed to
  • Consent: For marketing communications and optional features
  • Legitimate interests: To improve our Service, prevent fraud, and ensure security
  • Legal obligation: To comply with applicable laws and regulations

11.2 Your GDPR Rights

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days.

13. Do Not Track Signals

Our Service does not currently respond to Do Not Track (DNT) browser signals. We may adopt a DNT protocol in the future as standards develop.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on the Service
  • Updating the "Last updated" date at the top of this page

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: ledgerapp.team

We will respond to your inquiry within 30 days. For urgent privacy matters, please include "URGENT" in the subject line.