Privacy Policy

Last updated: 28 February 2026

1. Data Controller

Ledgi ("we", "us", "our") is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

2. What We Collect

We collect the following categories of data:

Account Information

  • Email address and display name
  • Authentication credentials (managed by Firebase Authentication)

Financial Data

  • Bank account names, types, and balances
  • Investment holdings (ticker symbols, quantities, values)
  • Budget categories and amounts
  • Net worth snapshots
  • Transaction records

Usage & Analytics Data

  • Pages visited, features used, and interactions within the app
  • Device type and browser information
  • Session duration and frequency

Payment Data

  • Payment information is processed by Stripe. We never receive or store your full card number, CVV, or other sensitive payment details on our servers.
  • We receive confirmation of payment status and subscription details from Stripe.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you have signed up for, including storing your financial data and managing your subscription.
  • Legitimate interest: Analytics and product improvement to ensure the Service functions correctly and to improve the user experience.
  • Consent: Where required, such as for optional marketing communications.

4. How We Use Your Data

  • Service delivery: To provide, maintain, and improve the Ledgi application and its features.
  • Analytics: To understand how users interact with the Service and identify areas for improvement.
  • Support: To respond to your queries and provide customer support.
  • Communication: To send you important service updates, billing notifications, and (with your consent) product news.

5. Third-Party Services

We use the following third-party services to operate Ledgi:

Firebase / Google Cloud

Provides authentication (Firebase Authentication) and database storage (Cloud Firestore). Your account credentials and financial data are stored on Google Cloud infrastructure.

Stripe

Handles all payment processing for subscriptions. We never store your card numbers on our servers. Stripe's handling of your payment data is governed by their Privacy Policy.

PostHog

Provides product analytics to help us understand how the Service is used. PostHog is configured with the following privacy considerations:

  • Analytics events are primarily sent from our backend server.
  • On the frontend, PostHog uses memory-only persistence (no cookies, no local storage).
  • Only identified user profiles are tracked (no anonymous tracking).
  • PostHog instance is hosted in the EU.
  • You can opt out of analytics tracking at any time from Settings.

EmailOctopus

Handles marketing email communications. If you opt in to marketing emails during setup or in Settings, your email address and first name are shared with EmailOctopus to deliver product updates. You can opt out at any time from Settings. EmailOctopus's handling of your data is governed by their Privacy Policy.

Alpha Vantage & CoinGecko

Provide stock, ETF, and cryptocurrency price data. Only ticker symbols are sent to these services. No personal data is shared with them. Alpha Vantage is US-based; CoinGecko is UK-based.

6. Data Storage & Security

Your financial data is stored in Cloud Firestore with user-scoped isolation. Each user's data is stored under a separate path and is not accessible to other users.

All data is encrypted at rest by Google Cloud. Sensitive fields (email, display name, balances, account names, holding values) are additionally encrypted at the field level before being written to the database.

All data in transit is encrypted using TLS/HTTPS.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal and financial data within 30 days. Some data may be retained in backups for up to 90 days before being permanently removed.

API activity logs (for CLI and agent access) are automatically deleted after 90 days. We may retain anonymised, aggregated data (which cannot identify you) for analytical purposes indefinitely.

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data.
  • Right to data portability: Request your data in a structured, machine-readable format. You can export all your data as JSON from Settings at any time.
  • Right to restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to object: Object to processing based on legitimate interest.

9. Exercising Your Rights

To exercise any of the above rights, please contact us at support@ledgi.app. We will respond to your request within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. International Data Transfers

Your data may be processed in the following regions:

  • Firebase / Google Cloud: Data may be stored in US or EU data centres. Transfers to the US are covered by Google's Data Processing Addendum and Standard Contractual Clauses (SCCs) approved by the UK ICO.
  • Stripe: Payment data is processed in the US, covered by Stripe's Data Processing Agreement incorporating Standard Contractual Clauses (SCCs).
  • PostHog: Analytics data is hosted in the EU (Frankfurt). No transfer outside the UK/EEA.
  • EmailOctopus: Email marketing data is processed in the UK/EU.

Where data is transferred outside the UK, we rely on Standard Contractual Clauses (SCCs) as approved by the UK Information Commissioner's Office, or UK adequacy regulations, as the legal mechanism for transfer. We maintain Data Processing Agreements (DPAs) with all processors listed above.

11. Children's Privacy

Ledgi is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information.

12. Cookies

Ledgi does not use cookies. Our analytics provider (PostHog) is configured to use memory-only persistence, meaning no cookies or local storage are used for tracking. Authentication state is managed through Firebase's client-side SDK.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through an in-app notification and update the "Last updated" date above. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@ledgi.app.