Privacy Policy

Effective Date: 2026-05-20

Template pending legal review

This document is an engineering-prepared template published for transparency. It has not yet been reviewed by external legal counsel and should not be relied on as legal advice. It will be superseded by a lawyer-reviewed version before the Service accepts paid customers. If you are evaluating Ledger for a regulated use case, please contact us at legal@ledgerpro.ai and we will share the most current draft.

1. Introduction — Who We Are

In plain language: Ledger is run by Jumpstone Technology Inc., a Canadian company. This page explains what data we collect about you and what rights you have.

Ledger ("the Service") is operated by Jumpstone Technology Inc. ("we", "us", "our"), a company incorporated in the Province of Ontario, Canada. We are the data controller for personal information you provide to the Service.

This Privacy Policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to the ledger.lk and ledgerpro.ai websites and the Ledger application.

2. Information We Collect

In plain language: we collect what's needed to run your account — login details, the financial records you enter, basic usage data, and error reports. We do not collect more than we need.

Account information

When you create an account we collect your name, email address, phone number, business name, country, and a hashed password. We need this to create your account and communicate with you.

Financial data you enter

The financial records you create in Ledger — transactions, invoices, receipts, customer and supplier records, chart of accounts, and bank feeds — are stored so we can provide the Service to you. We treat this data as confidential. We do not mine it for advertising, sell it, or use it to train machine learning models. Our staff only access this data if you explicitly request support that requires it, or in the rare case that we must investigate a security incident or comply with a lawful order.

Usage and device telemetry

We automatically record which pages you visit inside the app, which features you use, your device type, browser, approximate location derived from IP address, and the timestamps of requests. This helps us diagnose problems and improve the product.

Error logs

When something breaks, we capture a structured error report and send it to Sentry (our error-monitoring sub-processor). Error reports may include the URL you were on, the action you were taking, and a stack trace. We scrub these reports for obvious personal or financial data before they leave your browser, but you should assume that some contextual data may be included.

Cookies

We use a very small number of cookies, all of which are strictly necessary for the Service to function. See our Cookie Policy for the full list.

3. How We Use Your Information

In plain language: we use your data to deliver the Service, secure your account, bill you, support you, and meet our legal obligations — nothing else.

We use your information to:

Provide, operate, and maintain the Service
Authenticate you and keep your account secure
Process payments and manage your subscription
Send transactional messages (security alerts, billing notices, changes to our terms)
Respond to your support requests
Diagnose bugs and improve the product
Detect and prevent fraud, abuse, and security incidents
Comply with legal, tax, and accounting obligations that apply to us or to you

We do not sell your personal information. We do not use your financial data for advertising, marketing, or model training.

4. Legal Basis for Processing

In plain language: for EU/UK and Sri Lanka users, we rely on contract performance, legitimate interest, your consent, or legal obligation for every type of processing.

For users in jurisdictions that require a lawful basis for each processing activity (such as the EU/UK GDPR, and the Sri Lanka Personal Data Protection Act No. 9 of 2022), we rely on the following bases:

Performance of a contract: most processing is required to deliver the Service under our Terms of Service (your contract with us).
Legitimate interest: securing the Service, preventing fraud, debugging, and general product improvement, where that interest is not overridden by your rights.
Consent: any optional marketing communications, and any non-essential cookies we may introduce in the future.
Legal obligation: retention of financial and tax records, responding to lawful requests from regulators or courts.

5. Data Sharing and Sub-Processors

In plain language: we share data only with the named third parties we need to run the Service. No advertisers. No data brokers.

We share your data only with the third-party service providers ("sub-processors") strictly necessary to run the Service. We do not share your data with advertisers, data brokers, or any party not listed below.

Provider	Purpose	Data processed	Data location
Cloudflare	Hosting, CDN, Workers compute, D1 database, Durable Objects, R2 storage, KV, DDoS and bot protection	All customer financial data — accounts, invoices, transactions, contacts, documents	European Union (WEUR region). Primary storage is EU-resident; Cloudflare edge nodes serve reads globally from cache.
Mindee	Receipt/bill OCR (when used)	Uploaded receipt and bill images	France (EU). EU sub-processor — SCCs not required for intra-EU transfer.
Sentry	Application error monitoring and crash reporting	Anonymized error reports: URL, action, stack trace, browser and device type. We scrub PII and financial values before sending. No names, email addresses, or monetary amounts are included.	United States. Covered by Sentry’s DPA and Standard Contractual Clauses.
Stripe	Payment processing and subscription billing	Billing data only: name, email, billing address, payment method. Card numbers are handled directly by Stripe; we never see or store them.	United States (Stripe infrastructure). Covered by Stripe’s DPA and Standard Contractual Clauses.
SendGrid (Twilio)	Transactional email delivery (invoices, receipts, password resets, billing notices)	Email addresses, recipient names, and the content of transactional emails (e.g. invoice amounts and line items). Failed delivery records are purged after 30 days.	United States. Covered by Twilio’s DPA and Standard Contractual Clauses.
Grafana Cloud	Infrastructure metrics and operational logs (latency, error rates, uptime)	Anonymized operational metrics only — request counts, latency percentiles, error rates. No customer identifiers, financial data, or PII are sent to Grafana.	United States. No personal data processed; metrics are aggregate and anonymized.
GitHub	Source code hosting and CI/CD pipeline	No customer data. Source code, build artifacts, and engineering issue tracking only. If you file a support ticket via GitHub, only the content you choose to include is stored there.	United States. No customer financial data is processed.

All sub-processors that handle personal data maintain SOC 2 Type II certification or an equivalent independently audited security standard, and we have a Data Processing Agreement (DPA) in place with each. We maintain an up-to-date sub-processor register and will notify customers of material changes at least 30 days before they take effect.

6. Data Location and EU Residency

In plain language: your financial records are stored in the EU. Read copies may be cached closer to you for speed; writes only happen in the EU.

All customer financial data is stored in the European Union. Our primary database, object storage (R2), and Durable Objects are all provisioned in Cloudflare’s WEUR region (Western Europe). This is a hard architectural constraint — not a preference — chosen to satisfy GDPR Article 44, the Sri Lanka Personal Data Protection Act 2022, and Canada’s PIPEDA cross-border transfer requirements simultaneously.

Cloudflare’s edge network serves requests from data centres closest to your location, which means your HTTP requests may be received at a Cloudflare point of presence outside the EU. However, all durable writes — the records that constitute your financial data — are committed to WEUR storage only. Read replicas for performance may exist in other regions (e.g. North America, Asia-Pacific) but are read-only copies; no personal data is written outside the EU.

Cloudflare is SOC 2 Type II, ISO 27001, and ISO 27701 certified. We have a Data Processing Agreement with Cloudflare that includes Standard Contractual Clauses (SCCs) for transfers outside the EEA where applicable.

7. Data Retention

In plain language: we keep active data while you use the Service, financial records for ~7 years (legally required), and security logs for 90 days.

We retain your data according to the following schedule:

Active account data: retained for as long as your account is active.
Financial records (invoices, journal entries, tax filings): retained for the duration required by applicable accounting and tax law (typically 7 years in Sri Lanka and Canada; varies by jurisdiction). This retention period satisfies Canadian Income Tax Act requirements (s.230), Sri Lanka Inland Revenue Act requirements, and aligns with standard international accounting practice.
Soft-deleted records (documents or contacts you delete within the app): retained for 90 days in a soft-deleted state, recoverable on request. Permanently purged after 90 days.
Email delivery records: failed delivery logs held by SendGrid are purged after 30 days. Successfully delivered emails are not stored by us beyond what is necessary to generate the email.
Application and access logs: retained for 90 days for security monitoring and incident investigation, then automatically deleted.
Deleted accounts: when you delete your account, data enters a 30-day grace period during which it can be restored on request. After 30 days, active records are purged; financial records we are legally required to retain are moved to a restricted archive for the legally required retention period and then permanently deleted.
Backups: encrypted backups age out on a rolling basis within 35 days.

8. Your Rights

In plain language: you can ask for a copy of your data, correct it, delete it, or export it. Email legal@ledgerpro.ai and we will respond within 30 days.

Depending on where you live, you have some or all of the following rights over your personal information:

Access (PIPEDA s.8; GDPR Art. 15; SL PDPA s.19) — ask for a copy of the personal data we hold about you. We will respond within 30 days of receiving your written request and will provide the information at no charge (or explain any reasons for refusing, as required by PIPEDA s.8(3)).
Correct (PIPEDA s.8(7); GDPR Art. 16) — have inaccurate or incomplete personal information amended. Where we cannot make a correction, we will annotate your file to note your challenge.
Delete (GDPR Art. 17; SL PDPA s.21) — have your data erased, subject to legal retention requirements (e.g. the financial record obligation).
Export / portability (GDPR Art. 20) — receive your data in a structured, machine-readable format (JSON or CSV).
Object (GDPR Art. 21) — object to processing based on legitimate interest, including profiling.
Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a complaint — with a data protection authority (see below).

To exercise any of these rights, email legal@ledgerpro.ai. We will verify your identity and respond within 30 days. Under PIPEDA, if we refuse a request, we will give you reasons in writing and tell you which provision of PIPEDA we are relying on.

Where to complain

If you believe we have mishandled your data, we would prefer you contact us first so we can put it right. You also have the right to lodge a complaint with the data protection authority for your country, including:

Canada (PIPEDA): Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca, or the privacy commissioner of your province (e.g. Information and Privacy Commissioner of Ontario). Under PIPEDA, you must first contact us before complaining to the OPC, and we have 30 days to respond.
Sri Lanka (PDPA 2022): the Data Protection Authority of Sri Lanka, established under the Personal Data Protection Act No. 9 of 2022.
European Union / UK (GDPR): the supervisory authority in the EU member state where you live, work, or where the alleged infringement took place; or the UK Information Commissioner's Office (ICO).
California, USA (CCPA/CPRA): California Privacy Protection Agency (CPPA).

9. Data Security

In plain language: encryption in transit and at rest, tenant isolation, an append-only audit trail, and strict staff access controls.

We protect your data with defence-in-depth controls:

TLS 1.2+ for all data in transit, with HSTS enforced
Encryption at rest on all Cloudflare storage primitives
Tenant isolation at the database level (each firm's data lives in its own Durable Object)
Hash-chained, append-only audit trail on every write
Strict access controls and least-privilege for Jumpstone staff
Session revocation on password change and on suspicious activity

We are actively working toward SOC 2 Type II and ISO 27001 certification. Certification has not yet been achieved. See our Security page for the full, candid status.

10. Cross-Border Data Transfers

In plain language: the primary store of your data lives in the EU. A few ancillary services (Stripe, Sentry) run in the US under Standard Contractual Clauses.

Jumpstone Technology Inc. is incorporated in Ontario, Canada. We operate a global service. This section explains how we handle cross-border transfers of personal data under each applicable privacy regime.

For Canadian users (PIPEDA)

Under PIPEDA Principle 4.1.3, organizations are accountable for personal information transferred to third parties for processing. Your financial data is stored in Cloudflare’s EU infrastructure (see Section 6). Cloudflare Inc. is a US-headquartered company; however, the data itself is stored and written exclusively in the European Union under our contractual arrangement.

Sub-processors such as Stripe, SendGrid, Sentry, and Grafana Cloud operate infrastructure in the United States. Where personal data is transferred to these processors, we rely on contractual protections (Data Processing Agreements) to require that they provide a comparable level of protection to PIPEDA Principle 4.1.3. The nature of the data transferred to each processor is limited and described in the sub-processor table in Section 5.

By using the Service, you acknowledge that your personal information may be transferred to and processed in countries outside Canada. We take contractual steps to ensure that personal information receives protection equivalent to PIPEDA wherever it is processed.

For EU/EEA users (GDPR Art. 44–46)

All primary storage of customer financial data is in the EU (Cloudflare WEUR region), so the main data store does not involve a transfer outside the EEA within the meaning of GDPR Article 44.

For ancillary processing by Stripe, SendGrid, Sentry, and Grafana Cloud (all US-based), we rely on Standard Contractual Clauses (SCCs) adopted under GDPR Article 46(2)(c) as the transfer mechanism. We carry out Transfer Impact Assessments for these transfers and apply supplementary measures (data minimization, PII scrubbing, pseudonymization) where appropriate.

For Sri Lankan users (PDPA 2022)

Under the Sri Lanka Personal Data Protection Act No. 9 of 2022, personal data may only be transferred outside Sri Lanka if adequate protections are in place. We store all customer financial data in the European Union, which provides a comprehensive data protection framework (GDPR). Transfers to ancillary sub-processors in the United States are covered by contractual safeguards equivalent to those required by the PDPA.

11. PIPEDA-Specific Disclosures (Canadian Users)

In plain language: this section sets out the specific disclosures Canada's PIPEDA requires — who controls your data, why we collect it, how to access or correct it, and how to complain.

This section fulfills disclosure requirements under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and its ten fair information principles.

Identity of the data controller

Legal name: Jumpstone Technology Inc.
Jurisdiction of incorporation: Province of Ontario, Canada
Privacy contact: legal@ledgerpro.ai
Designated Privacy Officer: Ashwin B. Mohan (Data Protection Officer)

Purposes of data collection (PIPEDA Principle 2)

We collect personal information for the following identified purposes, disclosed at or before the time of collection:

To create and maintain your account and authenticate your identity
To provide the accounting and bookkeeping features of the Ledger Service
To process subscription payments and manage your billing relationship with us
To send transactional communications required for the operation of the Service (security alerts, billing notices, system notifications)
To diagnose software errors, investigate security incidents, and improve the Service
To comply with legal obligations applicable to us or to you (tax record retention, lawful court orders)

We do not use personal information for purposes beyond those listed above without obtaining fresh consent or as permitted by law. We do not collect personal information indiscriminately; collection is limited to what is reasonably necessary for the identified purposes (PIPEDA Principle 4).

Consent (PIPEDA Principle 3)

By creating an account and accepting our Terms of Service, you provide meaningful consent to the collection, use, and disclosure of your personal information for the purposes described above. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at legal@ledgerpro.ai. Withdrawal of consent may mean we can no longer provide some or all of the Service.

Right to access and correct personal information (PIPEDA s.8)

Under PIPEDA s.8, you have the right to:

Access — request, in writing, access to your personal information held by us. We will respond within 30 days of receiving your written request (or advise you if we need an extension, up to an additional 30 days as permitted by PIPEDA s.8(4)). We will provide the information at no charge unless the volume of information requested makes a nominal fee reasonable, in which case we will notify you in advance.
Correction — challenge the accuracy or completeness of your personal information. Where we agree a correction is warranted, we will amend the information and, where appropriate, send the corrected information to third parties who received the original. Where we disagree, we will annotate your file to note your challenge (PIPEDA s.8(7)).
Refusal reasons — if we refuse an access request, we will tell you in writing which provision of PIPEDA we are relying on and that you may complain to the Office of the Privacy Commissioner of Canada.

To submit an access or correction request: email legal@ledgerpro.ai with subject line "PIPEDA Access Request" or "PIPEDA Correction Request". Include your full name, the email address associated with your account, and a description of the information you are requesting or the correction you are seeking.

How to submit a privacy complaint (PIPEDA s.11)

If you believe we have not complied with PIPEDA, you may:

Contact us first — email legal@ledgerpro.ai. We will acknowledge receipt within 5 business days and investigate within 30 days.
Escalate to the OPC — if you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or by mail to 30 Victoria Street, Gatineau, Quebec K1A 1H3.

12. Breach Notification

In plain language: if your data is breached, we tell the regulator within 72 hours and tell you as soon as we can.

If a personal data breach occurs that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

EU/EEA users (GDPR Article 33): notify the lead supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to rights and freedoms, we will also notify affected individuals without undue delay (GDPR Article 34).
Canadian users (PIPEDA s.10.1): notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible where the breach poses a real risk of significant harm. We will also keep a record of every breach as required by PIPEDA.
Sri Lankan users (PDPA 2022): notify the Data Protection Authority and affected individuals in accordance with the timelines and thresholds set by the Act and any subsequent regulations.

Internally, every suspected incident is triaged within 1 hour, contained as quickly as possible, and root-caused with a written post-mortem.

13. Automated Decision-Making

In plain language: no algorithm in Ledger makes a decision about you that has a legal or similarly significant effect.

We do not make decisions about you based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you within the meaning of GDPR Article 22. All material decisions about your account (e.g. account closure, refund denials) involve human review.

14. Cookies

We use a minimal set of strictly necessary cookies — no analytics, no advertising, no third-party tracking. Details are in our Cookie Policy. If we ever introduce non-essential cookies, we will gate them behind a consent mechanism before setting them.

15. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has given us personal information, please contact legal@ledgerpro.ai and we will delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or by posting a notice inside the application at least 30 days before the changes take effect. The "Effective Date" at the top of this page always reflects the most recent revision.

17. Data Protection Officer

We have designated a Data Protection Officer (DPO) responsible for overseeing our compliance with this Privacy Policy and applicable data protection law (including the EU/UK GDPR and the Sri Lanka Personal Data Protection Act No. 9 of 2022).

Name: Ashwin B. Mohan
Role: Data Protection Officer, Jumpstone Technology Inc.
Contact: legal@ledgerpro.ai

You may contact the DPO directly with any question about how we process your personal data, to exercise the rights described in Section 8, or to raise a concern before lodging a complaint with a supervisory authority. We aim to acknowledge enquiries within 5 working days and respond substantively within 30 days.

18. Contact Us

Questions about this Privacy Policy, or want to exercise a privacy right? Email legal@ledgerpro.ai.

For general support, use support@ledgerpro.ai. Our postal address: Jumpstone Technology Inc., Toronto, Ontario, Canada (full address available on request via legal@ledgerpro.ai).