Cookie Policy

1. What Are Cookies

Cookies are small text files a website stores on your device when you visit. They let a site remember things between page loads — most commonly, whether you are logged in. Some related technologies (such as localStorage and sessionStorage) are not technically cookies but play a similar role; this policy covers them too.

Ledger uses a minimal set of cookies and storage keys. We do not use any advertising or marketing cookies, and we do not load third-party analytics scripts on the landing site or in the application.

2. Cookies We Use

CSRF protection is provided by SameSite=Lax cookies plus Origin-header validation; no separate CSRF token cookie is set.

Sentry (our error-monitoring sub-processor) does not set an HTTP cookie. It attaches an in-memory session identifier to error reports for de-duplication only.

We do not currently set any non-essential cookies. If that ever changes (for example, if we add product analytics), we will gate those cookies behind the consent banner and update this table before they are set.

3. localStorage Inventory

In addition to the cookies above, the Ledger application uses a small set of localStorage keys to remember UI preferences. None of these are sent to our servers; they exist only in your browser.

• ledger_locale / locale — selected interface language
• firm_contacts_store — contact list draft state
• client_groups_store — client grouping selections
• Line-item column layout preferences (per document type)
• Dashboard widget order and visibility
• Banner dismissals (cookie banner, contextual hints)
• Contextual help acknowledgements
• PWA install prompt cooldown
• Discussion drafts (unsent message text)

You can clear any of these at any time from your browser’s site-data settings. Doing so will not log you out (sessions are cookie-based) but will reset your UI preferences to defaults.

4. Types of Cookies

Essential cookies

These cookies are required for the Service to function. They handle authentication, bot protection, and the cookie-banner state. Without them you could not log in or safely submit forms. Essential cookies cannot be disabled through our consent banner, but you can still block them in your browser settings at the cost of being unable to use the Service.

Functional cookies

These remember user preferences that are not essential to the Service but improve your experience (currently: language selection). They do not track you across sites.

Operational / Error Monitoring

We use Sentry to capture application crash reports. Sentry does not set an HTTP cookie on your device — it attaches an in-memory session identifier to error reports for de-duplication only.

Performance / analytics cookies

We do not currently use any. We do not run Google Analytics, Plausible, Mixpanel, or Segment. PostHog analytics may be enabled in the future, gated behind explicit opt-in consent. Currently no PostHog SDK is loaded on the landing site or in the application.

Advertising / marketing cookies

We do not currently use any. We do not run ad pixels, retargeting, or any third-party tracker.

5. Third-Party Cookies

We deliberately load very few third-party scripts. The third parties below may set cookies or attach identifiers strictly to operate their piece of the Service:

• Cloudflare — sets __cf_bm for bot management and security when traffic passes through its edge. Not used for cross-site tracking or advertising.
• Stripe — the Stripe checkout iframe may set Stripe’s own cookies on the checkout page. These are governed by Stripe’s Cookie Policy. We do not have access to them.
• Sentry — attaches an anonymous session identifier to error reports. No HTTP cookie is set.

We do not allow any third-party advertising or tracking cookies on our website or in the application.

6. How to Manage Cookies

Most web browsers let you manage cookies through their settings. You can typically:

• View the cookies stored on your device
• Delete individual cookies or clear all cookies
• Block cookies from specific sites
• Block all third-party cookies

You can also clear our cookie-banner preference by clearing localStorage for this site, which will cause the banner to reappear on your next visit. You can update your consent preferences at any time inside the app at Settings → Privacy. Note that disabling essential cookies will prevent you from logging in to the Ledger application.

7. Legal References

This policy is informed by, and seeks to comply with, the following instruments where applicable to you:

• GDPR Article 7(3) — right to withdraw consent at any time.
• ePrivacy Directive 2002/58/EC — consent requirements for cookies and similar technologies in the EU.
• Sri Lanka Personal Data Protection Act No. 9 of 2022, s.13 — consent requirements.
• PIPEDA (Canada) — meaningful consent and purpose limitation for tracking technologies.
• CCPA / CPRA (California) — notice of no sale of personal information; we do not sell personal information.

8. Changes to This Policy

If we add new types of cookies or change how we use existing ones, we will update this page and revise the "Effective Date". If we introduce non-essential cookies that require consent, we will implement a working consent gate before doing so — not after.

9. Contact

Questions about our use of cookies? Email legal@ledgerpro.ai or, for general support, support@ledgerpro.ai.