Your data, handled honestly.

Ledgentry is a back-office SaaS for US freelancers — invoicing, proposals, expenses, taxes. To do its job, it stores the data you put into it (clients, invoices, expenses) and sends emails on your behalf. We don't sell your data. We don't use it to train AI models beyond the request needed to draft your document. You can export everything you've put in, and you can delete your account at any time.

The sections below get specific about what that means in practice.

Ledgentry is operated by the team behind this product. For privacy questions, data-export requests, or deletion requests, email support@ledgentry.com.

We collect only what the app needs to function:

• Account data — your email address, and a profile you fill in (business name, address, invoicing defaults). We never ask for a password — authentication is magic-link or Google sign-in only.
• Customer data you enter — the names, emails, and addresses of your own clients; the invoices, proposals, and expenses you create. This is the core data you put in; we store it so you can get it back.
• Payment data — if you subscribe or accept invoice payments, Stripe processes the payment details (card, bank account). We never see or store your card number; Stripe keeps it. We store references (customer IDs, subscription IDs) so we know which account paid for what.
• Usage data — standard server logs (IP address, request time, pages visited) for a few days for security and debugging. No third-party analytics tracking, cookies, or pixels.

• To run the service you signed up for (drafting invoices, sending emails, etc.).
• To send transactional emails — magic sign-in links, invoice/proposal emails to your clients on your behalf, and receipts. No marketing emails without your opt-in.
• To generate the AI drafts you request. Your request is sent to Anthropic's API to draft an invoice line, proposal text, or answer a question. Anthropic doesn't train on API data. We don't sell or share your prompts elsewhere.
• To charge your subscription or process invoice payments via Stripe.
• To debug issues — if something breaks and we need to inspect logs, we do. Engineering access is audited.

We use a small set of service providers to run Ledgentry. Each only receives what they need:

• Supabase (database + authentication) — your account and business data.
• Stripe (payments, subscriptions, Connect) — your payment method and your clients' payments when they pay your invoices. Stripe becomes the data controller for card/payment information.
• Brevo (transactional email) — the recipient address, subject, and body of emails we send on your behalf.
• Anthropic (AI models) — the specific request text you send when you use an AI drafting feature. Anthropic does not train on API data under their commercial terms.
• Vercel (hosting) — runs our servers. Sees HTTP request metadata.
• Cloudflare (DNS) — routes traffic to our domain. No request bodies.

We never sell your data. We don't share it for advertising. We don't share it with other freelancers or platforms.

As long as your account is active, plus up to 30 days after you delete it (we keep a short retention window for recovery in case of accidental deletion). Financial records (invoices, payments) may be retained longer where required by tax law.

You can, at any time:

• Export everything. Every major data type (clients, invoices, expenses) has CSV/PDF export in-app.
• Delete your account. Email support@ledgentry.com from your registered address and we'll aim to remove your account and associated data within 30 days, in line with applicable consumer privacy laws.
• Correct inaccurate data. Most fields are editable in-app. Ask us for anything you can't fix yourself.
• Object to processing. If you believe we're using your data improperly, email us and we'll aim to respond within 30 days.

We honor data subject rights requests (deletion, export, access, correction) consistent with CCPA requirements and GDPR principles where applicable. If you're in California, the European Union, or another jurisdiction with privacy laws, you may have additional rights including data portability and the right to lodge complaints with your local data protection authority. Although these specific rights are mandated only in certain jurisdictions, we aim to respond in good faith to verified requests from any user.

This section provides additional disclosures for California residents under the California Consumer Privacy Act (CCPA) as amended by the CPRA. These describe our data practices in the formal categories California requires.

Categories of personal information collected (past 12 months):

• Identifiers: name, email address, IP address, account ID
• Customer records (Cal. Civ. Code § 1798.80(e)): business name, billing address, business contact info
• Commercial information: subscription status, invoice and payment history
• Internet or network activity: server logs, page-view metadata
• Geolocation data: approximate (city-level, derived from IP)
• Sensitive personal information: none collected
• Inferences: none drawn

Sources of personal information:

• Directly from you when you sign up or use the Service
• Automatically through your use of the Service (logs, cookies)
• From third-party service providers (Stripe, Supabase, Brevo, Anthropic) acting on our behalf

Business purposes for collection:

• Providing the Service you signed up for
• Processing payments and managing subscriptions
• Sending transactional emails (magic links, invoices, reminders)
• Generating AI drafts you request
• Detecting and preventing fraud, security incidents, and abuse
• Complying with legal obligations

Categories of third parties with whom personal information is shared:

• Service providers acting on our behalf (Stripe, Supabase, Brevo, Anthropic, Vercel, Cloudflare)
• Government or law enforcement, only when required by valid legal process

Sale or sharing of personal information. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. There is no "Do Not Sell or Share My Personal Information" link required because we do not engage in either practice.

Your California rights:

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information (subject to legal exceptions)
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing (we do not sell or share)
• Right to limit use of sensitive personal information (we do not collect sensitive personal information as defined under CPRA)
• Right to non-discrimination for exercising any of these rights

To exercise any of these rights, email support@ledgentry.com with your request and the email address on your account. We will verify your identity before processing the request.

The optional Ledgentry Quick Capture Chrome extension lets you log expenses, time entries, and client notes from any tab. It collects the same kinds of data you would otherwise enter on the web app (amounts, vendors, categories, notes, client associations) and sends them only to the Ledgentry API at ledgentry.com. The extension stores a signed authentication token inchrome.storage.local so you don't have to re-pair on every popup open. It does not read or modify the contents of pages you visit, does not track your browsing, and does not contact any third-party services. You can disconnect at any time from the popup footer (clears the local token) or from Settings → Extension on the web app (revokes server-side).

We use a minimal set of first-party cookies for authentication and theme preference. No third-party analytics, no advertising cookies, no fingerprinting. If you block cookies entirely, sign-in won't work — that's the tradeoff.

Data is encrypted in transit using industry-standard TLS 1.2+ (HTTPS) and at rest via our managed database and payment providers (Supabase Postgres + Stripe PCI-compliant vault). We follow least-privilege access inside our team. No system is perfectly secure, but we take the standard precautions seriously — and if we ever have a confirmed breach involving your personal or financial data (as defined under applicable law), we'll notify you promptly and without unreasonable delay.

Ledgentry is for business use by people 18 or older. We don't knowingly collect data from children under 18.

Our application servers are in the United States. Some service providers we rely on (notably Brevo, our email delivery provider) are headquartered in the European Union and may process limited data there. By using Ledgentry from outside the US, you consent to your data being transferred to and processed in these locations, consistent with applicable safeguards.

If we change this policy meaningfully, we'll email you at the address on file at least 14 days before the new version takes effect. You can always see the current version at Ledgentry.com/privacy.

Questions, requests, or complaints about this policy: support@ledgentry.com.