Ledgerize Limited ("Ledgerize", "we", "us" or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and disclose your information when you use the Ledgerize.ai website and services (collectively, the "Service"). It also outlines your rights under the UK General Data Protection Regulation (GDPR) and other applicable laws. We aim to be transparent and clear, so please contact us if you have any questions about our privacy practices.

1. Information We Collect

We only collect the information that is necessary to provide and improve our Service for you. This includes:

Account Information: When you sign up or log in with Google Authentication, we receive basic profile information from your Google account. This typically includes your name, email address, and Google ID. We do not receive your Google password or any other Google data beyond your profile basics. The email address is used as your login identifier and for communication purposes (e.g. sending receipts or important account notices).
Uploaded Documents: When you upload bank statements or other financial documents to Ledgerize.ai, we process those files to extract data and convert them to Excel or other formats as requested. These documents may contain personal or financial information. We treat all uploaded documents as highly confidential. They are stored temporarily on our secure servers for processing and to allow you to download the results. By default, we retain uploaded files and the converted outputs for a limited time (for example, 24 hours) after conversion, after which they are automatically deleted from our systems. This retention period allows you to re-download results if needed shortly after conversion, while ensuring your data does not linger longer than necessary. You may also delete your uploaded documents from our system at any time via your account interface, and we will remove them promptly. We do not use the content of your documents for any purpose other than providing the conversion service to you.
Payment Information: If you subscribe to a paid plan or make a purchase, your payment details (such as credit card number, billing name and address) are collected by our payment processor (Stripe). We do not store your full credit card information on our servers. Stripe, which is a PCI-DSS-compliant service, processes your payment securely on our behalf. We may retain some payment-related information such as transaction IDs, the last four digits of your card, or your subscription plan details for record-keeping, invoicing, and to handle billing inquiries or refunds. All such information is protected and only used for financial transactions and accounting.
Usage Data: Like most online services, we automatically collect certain information about how you use Ledgerize.ai. This includes log data such as your IP address, browser type, device information, pages visited, and the dates/times of access. We may also record actions like uploading a document, performing a conversion, or clicking on features, to help us analyze usage trends and improve the Service. This data is generally aggregated and is not used to identify you personally. For example, we might track how many conversions happen per day or which file formats are most popular, but not what a specific user uploaded beyond the necessary processing.
Cookies and Similar Technologies: We use cookies (small text files stored on your device) to provide the Service and improve your experience. For instance, when you sign in, a cookie helps keep you logged in as you navigate the site. We may use cookies for remembering your preferences and settings. We do not use any advertising cookies. You can set your browser to refuse cookies, but note that some features of the Service (like maintaining your login session) may not function properly without them.

2. How We Use Your Information

We use the collected information for the following purposes, and we rely on certain legal bases to do so:

Providing the Service: First and foremost, we use your information to operate Ledgerize.ai and deliver our features to you. This includes processing your login through Google, converting your uploaded documents to the desired format, and enabling core site functionality. We process your personal data because it is necessary to fulfill our contract with you (the Terms of Service you agree to by using Ledgerize).
Account Maintenance and Communication: We use your email to identify your account and to communicate with you. For example, we may send you service-related emails such as confirmations of successful file conversions, payment receipts, important updates about your account or subscription, or alerts if a problem occurs (like a failed upload). We may also respond to you if you contact our support with questions. These communications are part of our service to you.
Improvement and Analytics: We analyze usage data (mostly on an aggregate basis) to understand how our Service is performing and where we can improve. For instance, knowing that a majority of users upload a certain type of bank statement format could guide us to optimize that format. Or, we might track if any errors occur during conversion to fix bugs. We consider this processing to be in our legitimate interest, as it helps us enhance the user experience and ensure the Service's reliability. However, we do not profile you or make automated decisions that have legal or significant effects on you without your consent.
Security and Fraud Prevention: Information like IP addresses and account activity may be used to monitor for suspicious or fraudulent behavior. This helps us keep the platform secure. For example, we may detect multiple account creation attempts or unusual upload patterns that could indicate abuse. If we discover abuse, we may use data to intervene and prevent harm, which is in our legitimate interests and often also necessary to comply with law.
Compliance with Legal Obligations: We may process and retain personal data as required to comply with laws and regulations. For example, keeping transaction records for accounting and tax purposes, or disclosing information if required by law enforcement or regulatory authorities in accordance with due process. If we are under a legal obligation to retain or disclose certain data, we will do so in compliance with the applicable laws (such as UK tax law or lawful requests under UK legislation).

We will not use your personal information for any purpose that is incompatible with the purposes outlined above without asking for your permission first.

3. How We Share and Disclose Information

We understand that your information is important, and we only share it in a few specific situations:

Service Providers and Partners: We use trusted third-party services to help run Ledgerize.ai. These include:
- Google (OAuth): for authentication – when you click "Sign in with Google", you are redirected to Google to log in. Google then shares your basic profile info with us to log you in. This is done through secure protocols and you can control what info you share when authorizing the Google login.
- Stripe: for payment processing – when you enter payment details, you are interacting with Stripe (embedded via our website). Stripe processes the payment and shares the payment status and basic customer info with us. Stripe is contractually obligated to protect your data and use it only for payment processing.
- Hosting/Cloud Providers: We may host our servers and data on reputable cloud infrastructure (for example, Amazon Web Services or a UK/EU-based cloud provider). These providers store data on our behalf. We ensure any cloud service we use has strong security measures and, if outside the UK, that appropriate data transfer mechanisms (like standard contractual clauses or adequacy decisions) are in place.
- Analytics Tools: We might use analytics services (like Google Analytics or a self-hosted analytics solution) to collect usage data. These tools might set their own cookies to track user interactions. Any analytics provider will be obligated to process data only for our analytic purposes and not share it further. You can opt out of analytics cookies via our cookie banner or by using browser settings if applicable.
Each of these third parties only gets the information necessary for their function (for example, Stripe gets payment info but not your uploaded documents; our hosting provider stores your data but doesn't access it; Google gets your login request but not your financial documents, etc.). We have data processing agreements in place as needed to ensure they protect your information.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand under applicable law). In such cases, we will only provide the minimum necessary information and, if permitted, we will inform you of such disclosure.
Business Transfers: If Ledgerize Limited is involved in a merger, acquisition, investment, or asset sale, your information may be transferred to the new owner or party as part of that transaction. We would ensure that any such party is contractually bound to respect the terms of this Privacy Policy. If a transfer results in a material change in the handling of your personal data, we will notify you and you will have choices as permitted by law.
With Your Consent: Aside from the cases above, we will explicitly ask for your consent before sharing your personal information with any third party. For example, if in the future we introduce an integration where you ask us to send your converted data to a third-party service (like directly importing into an accounting software), we would do so only with your request and consent.

Importantly, we do not sell your personal data to third parties. We also do not share documents you upload or their contents with any third-party for any purpose other than as necessary to process them for you (and in practice, the processing is automated on our servers). No one except you (and those you authorize) sees the contents of your financial documents.

4. Data Security

We take data security very seriously. We implement a variety of technical and organizational measures to protect your personal information and uploaded documents from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All data transfers between your browser and our servers are secured using HTTPS/TLS encryption. This means your uploads and downloads are encrypted in transit. Additionally, we encrypt sensitive data at rest. For example, documents stored on our servers for processing are kept in encrypted storage, and are accessible only by our service with proper authentication.
Access Controls: Within our company, access to personal data and user files is strictly limited. Only authorized personnel who need to access data to support you or maintain the system are permitted to do so, and even then, they only access what is necessary. Our staff are trained on data privacy and security practices. Administrative access to databases or servers is protected by strong authentication and is logged.
Secure Infrastructure: We use reputable cloud hosting with robust security certifications (such as ISO 27001, SOC 2, etc.). Servers are kept up to date with security patches, and we utilize firewalls and monitoring to prevent and detect intrusions. Regular backups are performed to prevent data loss, but those backups are also secured and purged according to our retention policies.
Testing and Improvements: We periodically review our security measures and update them as new threats emerge. Our systems undergo testing (and may in the future undergo third-party security audits or certifications) to ensure that your data remains safe. If we ever identify a security vulnerability, we act promptly to fix it.
Payment Security: All payment transactions are handled by Stripe, which is a Level 1 PCI-DSS compliant entity. This means they adhere to the highest security standards in the payment industry. We do not store sensitive payment info ourselves, as described above, to further reduce risk.

Despite all these measures, it's important to note that no method of transmission over the Internet or electronic storage is 100% secure. We strive to protect your personal data, but we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law, and we will take all steps necessary to mitigate the impact.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal or reporting requirements. Here are our general retention practices:

Account Information: Your account data (name, email, etc.) is kept for as long as you have an active account with us. If you decide to delete your account, we will also delete or anonymize your personal information associated with the account (unless we are required to keep something for legal reasons). We might keep a hashed (irreversible) form of your email solely to ensure we can honor any request not to be contacted in the future, or to keep suppression lists if needed.
Uploaded Documents: As noted, uploaded files and their converted results are kept only briefly on our servers — by default, we automatically delete them after 24 hours of conversion completion (unless you delete them earlier). We may retain logs or derived metadata (for example, file name, number of pages, conversion time) for internal analytics, but these logs do not contain the actual content of your documents. If you need us to retain a document longer (for example, if you're on a workflow that processes documents over a few days), that would be an opt-in setting and the default is deletion for privacy.
Transaction Records: We keep payment transaction records, invoices, and related accounting information for at least the period required by UK law (which can be up to 6 years for financial records). This information is limited to what is necessary for financial and legal auditing.
Usage Data: Analytics and log data is typically retained for a shorter period (perhaps 1-2 years) in aggregate form. We use this data to observe trends over time. After it's no longer needed, we either delete it or continue to store it in a form that does not identify individuals.
Communications: If you correspond with us (e.g., support emails), we may retain those communications for a period of time in order to follow up and improve our services. These will be kept secure and only accessible to authorized team members.

When we no longer have a legitimate need to retain your personal data, we will securely dispose of it or anonymize it so that it can no longer be associated with you.

6. Your Rights and Choices

As a user of Ledgerize.ai and as a data subject under GDPR (to the extent it applies), you have certain rights regarding your personal data. We are committed to honoring these rights. Your principal rights include:

Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. Most of your basic information can be viewed in your account profile. If you require additional information, you can contact us and we will provide it, provided it does not adversely affect the rights of others.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or updated. For example, if your email address changes, you can update it in your profile, or ask us for help to update our records.
Right to Erasure: Also known as the "right to be forgotten." You may request that we delete the personal data we hold about you. This is not an absolute right – if we have a legal obligation or a compelling legitimate interest to keep certain data, we may not be able to delete it immediately. However, we will honor this right to the fullest extent possible. For instance, you can delete your account and we will remove personal info and uploaded files (except that which we must retain legally, like payment records). If you simply want us to delete your uploaded documents or specific data, you can also request that at any time.
Right to Restrict Processing: You can ask us to limit the processing of your data in certain circumstances – for example, if you contest the accuracy of the data or have objected to processing (see below), while we are considering your request.
Right to Object: You have the right to object to certain types of processing, such as processing for direct marketing or if we were processing on the basis of legitimate interests in a way you consider infringes your rights. In practice, we do not send marketing emails without consent, so this would mainly apply if you object to our analytics or improvement processing. We will review objections and comply unless we have compelling grounds not to.
Right to Data Portability: You may request to receive your personal data that you have provided to us in a structured, commonly used, machine-readable format, and have the right to transmit that data to another controller (where technically feasible). For example, this could apply to basic profile data. For the converted documents (which are outputs you requested), you already receive those as downloads, and you can of course take your Excel files wherever you want.
Right not to be subject to Automated Decision-Making: Ledgerize does not make any automated decisions about you that have legal or similarly significant effects. We do use automated processes to convert documents, but this does not negatively affect your rights or opportunities. If this ever changes, you have the right to human intervention and to contest decisions.

To exercise any of these rights, you can contact us at support@ledgerize.ai or through our support channels. We will respond to your request in accordance with applicable law, typically within one month. Please note we will need to verify your identity before fulfilling certain requests to ensure we don't disclose data to the wrong person.

If you are a resident of the UK or EU and have concerns about our data practices, you also have the right to lodge a complaint with the relevant Data Protection Authority. In the UK, this is the Information Commissioner's Office (ICO). We would, however, appreciate the chance to address your concerns directly first, so please feel free to reach out to us with any issues.

7. International Data Transfers

Ledgerize is based in the United Kingdom. However, the nature of cloud services means that your data may be transferred to and stored in countries outside of the UK. For example, if we use a cloud server in the EU or in the United States, or if our support team works from another country, personal data might flow across borders.

Whenever we transfer personal data out of the UK (or the European Economic Area, if applicable), we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. Our typical approaches include:

Adequacy Decisions: If transferring to the EEA or to a country that the UK government has deemed to have adequate data protection laws, we rely on that decision (for instance, the EU is currently considered adequate under UK law, and vice versa).
Standard Contractual Clauses: For transfers to countries without an adequacy decision (like the US), we use the ICO-recommended International Data Transfer Agreement or Addendum, or EU Standard Contractual Clauses as applicable, supplemented where necessary to ensure your data is protected. These are legal contracts that bind the recipient to protect your data to GDPR standards.
Additional Technical Measures: We also employ encryption and other technical measures so that, in the unlikely event data is intercepted or accessed, it remains protected.

Our goal is that no matter where your data is processed, it remains secure and your privacy rights are maintained. If you'd like more information about international data transfers or specific measures in place, you can contact us for details.

8. Third-Party Links

Our website may occasionally contain links to third-party websites or services that are not operated by Ledgerize (for example, a link to our blog, documentation, or an article we found useful, or our presence on social media platforms). If you click on a third-party link, you will be directed to that third party's site.

Please note that we do not control and are not responsible for the content or privacy practices of external sites. This Privacy Policy does not apply to your activities on those websites. We encourage you to review the privacy policies of any third-party sites or services you visit, as their policies may differ from ours.

9. Children's Privacy

Ledgerize.ai is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use the Service or provide any personal data to us. In the event that we learn we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a minor has provided us with personal data, please contact us so we can investigate and take appropriate action.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the "Last updated" date at the top of this policy. If changes are significant, we may also provide a more prominent notice or seek your consent as required by law (for example, by emailing you or placing a notice on our homepage).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Ledgerize.ai after any changes to this policy will signify your acceptance of the updated terms, to the extent permitted by law.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Ledgerize Limited
Email: support@ledgerize.ai
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

We will be happy to assist you and will respond as promptly as we can. Your privacy is important to us, and we're committed to being transparent and helpful in addressing your concerns.

Thank you for trusting Ledgerize.ai with your financial document processing needs. We value your trust and will continue to work hard to keep your data safe and secure.