Legal · Effective April 18, 2026
This Privacy Policy describes how Ledger Layer (“we”, “us”, “Ledger Layer”) handles personal information in connection with the Ledger Layer service (the “Service”), this website, and related communications. It applies to customers, prospects, Authorized Users of the Service, and visitors to https://ledgerlayer.app. It is read together with our Terms of Service and Advisory Disclaimer.
For personal information collected about website visitors, prospects, and our own account administrators, Ledger Layer acts as a data controller. For personal information that a Customer causes to be stored or processed in its workspace (for example, the business contact record of an Authorized User that a Customer invites), Ledger Layer acts as a data processor on the Customer's instructions. Ledger Layer is not engaged to process personal data embedded within Customer financial datasets or workbooks, and Customers agree in the Terms not to submit such data. A signed Data Processing Addendum (“DPA”) incorporating the 2021 EU Standard Contractual Clauses and the UK International Data Transfer Addendum is available on request.
We collect the following limited categories:
| Category | Examples | Source |
|---|---|---|
| Business contact | Work email, name, role, company, locale | You, at sign-up or invite acceptance |
| Authentication | Hashed password, MFA device identifiers, session tokens | You, when you secure your account |
| Billing | Plan, invoice history, Stripe customer ID, billing address | You, via Stripe checkout |
| Operational telemetry | Audit-trail events, API request logs, IP address, user agent, request timing | Automatically, to run and secure the Service |
| Support content | Ticket subject, message body, attachments | You, when you contact support |
| Marketing | Newsletter email, UTM tags, page views, form submissions | You, via our website |
The Service is engineered for financial, accounting and disclosure metadata. It is not designed to receive, and Customers contractually agree not to submit, any of the following through any file, API call, MCP tool, agent invocation, email, or other channel:
Customer responsibility. Customers are solely responsible for ensuring that any data they submit to the Service complies with applicable data-protection laws (including the GDPR, UK GDPR, CCPA/CPRA, PIPEDA and equivalent regimes) and that they have an appropriate lawful basis, notice, and — where required — consent before submitting personal data of any kind. Ledger Layer relies on those representations and is not in a position to inspect the substance of submitted data.
If you inadvertently submit any data described above, notify us at support@ledgerlayer.app and we will arrange deletion. Ledger Layer has no obligation to treat such data as if it were permitted data.
We use the limited information described above to:
Our lawful bases under the GDPR / UK GDPR are, as applicable, performance of a contract, legitimate interests in operating a secure B2B SaaS, legal obligation, and consent for the marketing newsletter.
Operational telemetry specifically. Request logs, IP address, user-agent string, and audit-trail events qualify as personal data under the GDPR. We process them strictly for security, fraud prevention, abuse detection, incident response, rate limiting, and service integrity, and we limit collection to what is necessary and proportionate for those purposes. Telemetry is not used for profiling, advertising, or secondary commercial purposes; access is restricted to personnel with a job-function need; and retention is capped as described in Section 8.
The Service integrates large language model providers (currently OpenAI and Anthropic) for workbook parsing, narrative drafting, and agent-style orchestration. These providers act as sub-processors of Ledger Layer under written agreements that prohibit retention, secondary use, and training on data submitted by Ledger Layer, and that impose confidentiality, security, and deletion obligations aligned with Article 28 of the GDPR. Where commercially available, we use zero-data-retention and no-training enterprise terms with these providers.
The design intent and implementation of the Service is narrow:
We rely on a small set of vetted sub-processors to deliver the Service:
| Provider | Role | Region |
|---|---|---|
| Stripe | Payments, subscription billing, tax | US / EU |
| OpenAI | Workbook metadata parsing, narrative drafting (no training) | US / EU |
| Anthropic | Agent orchestration, narrative drafting (no training) | US |
| Cloud hosting | Compute, storage, backups, logging | Customer-region-aligned where available |
| Transactional email | Security and operational email delivery | US / EU |
| Error monitoring | Application-error telemetry (scrubbed of content) | US / EU |
We maintain a current list of sub-processors and notify Customers of material additions at least thirty (30) days in advance via the operational channel. The DPA incorporates sub-processor flow- down obligations.
Personal information may be transferred to, and processed in, countries other than the one in which you are resident. Where such transfers are made out of the EEA, UK, or Switzerland, we rely on the 2021 EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss FADP adequacy mechanism as applicable, together with supplementary measures where required by Schrems II guidance. The DPA documents these transfer mechanisms in full.
We retain personal information only for as long as necessary for the purposes described in this Policy:
We operate the Service with: TLS 1.2+ in transit; AES-256 at rest; per-tenant logical isolation; role-based access control; hardware-backed MFA for production access; least-privilege service accounts; audit logging of administrative actions; automated vulnerability scanning; and a documented incident-response runbook. No system is infallible — we describe our measures in the DPA and the security addendum.
Breach notification. We will notify affected Customers of a confirmed personal data breach (as defined by Article 4(12) of the GDPR) affecting their data without undue delay after becoming aware of it, and in any event within the timelines required by applicable law — including the 72-hour supervisory-authority notification window under Article 33 of the GDPR / UK GDPR where Ledger Layer acts as controller. Notices are delivered to the primary administrator email on file and include the information required by Article 33(3): nature of the breach, categories and approximate number of data subjects and records concerned, likely consequences, and measures taken or proposed to address it. Where Ledger Layer acts as a processor, we will notify the Customer (controller) on the same without-undue-delay basis so they can meet their own regulatory obligations.
If you are in the EEA, UK, or Switzerland, you may request to:
Where Ledger Layer is a processor acting on a Customer's instructions, we will assist that Customer in responding to data-subject requests as required by Article 28 of the GDPR. Direct requests to support@ledgerlayer.app.
California residents have the right to know what personal information we collect and how we use it, to request deletion or correction, to limit the use of sensitive personal information, and to opt out of “sales” and “sharing” as those terms are defined by the CCPA/CPRA. We do not sell personal information, and we do not “share” it for cross-context behavioral advertising. We will not discriminate against you for exercising any CCPA/CPRA right. Send verifiable consumer requests to support@ledgerlayer.app.
On our marketing site and in the Service we use a small number of cookies and similar technologies. We do not deploy third-party advertising cookies, we do not use cross-site trackers, and we honor Global Privacy Control signals as opt-out requests.
| Category | Purpose | Provider | Retention |
|---|---|---|---|
| Strictly necessary | Session, load balancing, CSRF protection | Ledger Layer (first-party) | Session (browser close) to 24 hours |
| Authentication | Signed-in session, MFA state, remember-me | Ledger Layer (first-party) | Up to 30 days, revoked on logout |
| Preferences | Cookie-banner state, locale, UI preferences | Ledger Layer (first-party) | Up to 12 months |
| Analytics (first-party) | Aggregated page views and conversion attribution; no cross-site profile | Privacy-preserving first-party analytics (cookieless where possible; a short-lived identifier is used only to de-duplicate visits) | Up to 30 days at identifier level; aggregates retained up to 25 months |
| Payments | Fraud and risk scoring during Stripe Checkout | Stripe (set on Stripe domain only) | Per Stripe's cookie policy |
Where local law requires prior consent for non-essential cookies, our cookie banner collects that consent before setting them. You can change your choices at any time from the cookie banner footer link or by clearing cookies in your browser.
The Service is a B2B product intended for business use by individuals acting on behalf of an employer or client. It is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@ledgerlayer.app and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be announced by email or in-product notice at least thirty (30) days before they take effect, and the new effective date will appear at the top of this page.
Questions, requests to exercise privacy rights, and reports of suspected security incidents should be directed to support@ledgerlayer.app. For EU/UK representative requests, contact the same address and we will route your request to the appropriate representative.