Privacy Policy

1. What We Collect

Account information: name, email address, role (client or accountant).
Business information: business type, payment methods used, platforms used — provided during intake.
Self-declaration responses: your answers to intake questions.
Uploaded files: bank statements, payment processor exports, credit card statements, and optional supporting documents.
Usage data: pages visited, features used, time spent. Collected for product improvement only. Never sold.
Device and browser information: collected for troubleshooting and security only.

2. What We Do Not Collect

Bank login credentials. We never connect to your bank.
Social Security numbers or tax identification numbers.
Credit card numbers. Payment processing is handled by Stripe. We never store payment card data.
Data from any source other than what you explicitly upload or enter.

3. How We Use Your Data

To process uploads through automated noise removal (duplicates, reversals, authorization holds).
To generate preparation artifacts (Pre-Accounting Record, Setup Blueprint, Assumptions, and related outputs).
To run the Preparation Intelligence Engine and surface structured observations from your transaction data.
To provide platform-specific guided setup instructions.
To suggest transaction categories (accountant-facing only; requires accountant confirmation).
To display preparation status to your linked accountant.
To provide accountant-facing investigation summaries, explanations of deterministic observations, and grounded question answering on prepared engagement data.
To improve the product through aggregate, anonymized usage analytics.

4. Preparation Intelligence Processing

When Preparation Intelligence features are active, the Platform processes your transaction data using automated, rule-based algorithms to generate structured observations. This processing occurs on LedgerReady's infrastructure.

LedgerReady does NOT:

Pool transaction data across customer accounts.
Use customer transaction data to train generalized models.
Sell, share, or monetize customer transaction data.
Impose a fixed 12-month source-file expiration timer while your account remains active.

LedgerReady maintains its status as a Data Processor / Service Provider with respect to all customer transaction data. Your designated accounting firm remains the Data Controller.

5. AI and Automated Processing

LedgerReady uses automated processing for the following purposes:

Preparation Intelligence Engine: Rule-based algorithms that identify transaction patterns (such as potential duplicates and coverage gaps). This is rule-based.
Clean Statement Mode: Automated pattern-matching to identify and suppress duplicate, reversed, or noise transactions.
Category Suggestions (accountant-only): Proposed category assignments for transactions. These are suggestions only. They are never applied without accountant confirmation. They are never visible to clients.

LedgerReady currently uses third-party AI providers for limited accountant-facing features, including OpenAI for engagement investigation summaries and Anthropic for certain categorization or assistant workflows. Data sent to these providers is used only to process the specific request, not to train public models on our behalf, and is handled under the provider terms and retention controls that apply to those API services.

6. Who Sees Your Data

You: Full access to everything you have uploaded and all artifacts generated.
Your linked accountant: Access to your preparation record, clean statement output, artifacts, Preparation Intelligence observations, and (if enabled) category suggestions and accountant investigation responses. Accountants can access your raw source files while they remain stored in the workspace and can batch delete source files by client year or entire year when cleanup is needed.
LedgerReady team: Access for troubleshooting and support only, under strict access controls.
Sub-processors: Hosting provider and, where applicable, AI model provider. A current list of sub-processors is available upon request.
No one else. We do not sell, rent, or share your data with advertisers, data brokers, or any third party not listed here.

7. Data Security

All data is encrypted in transit (TLS) and at rest.
Database access is controlled by row-level security policies enforced at the database level.
Role-based access ensures clients cannot access accountant features and vice versa.
We conduct regular security assessments and maintain an incident response plan for data breaches.
In the event of a security incident affecting your data, we will notify the relevant parties without unreasonable delay following confirmation of the incident, consistent with applicable state and federal notification requirements.

8. Data Retention

Structured preparation records (Pre-Accounting Record, certificates, audit trails, Preparation Intelligence observations) are stored while your account is active.
Raw uploaded source files (bank statements, CSVs, PDFs) are stored until you or your accountant delete them, or until account deletion and related cleanup workflows require their removal.
Accountant-controlled cleanup can be performed in batches by client year or by selecting an entire year across clients.
Deleted source files are soft-deleted first and then permanently purged after a short safety window built into our deletion pipeline.
Account data is retained while your account is active and deleted within 30 days of account deletion.
Anonymized aggregate data may be retained indefinitely for product improvement. This data is irreversibly de-identified and cannot be used to identify any individual, business, or specific client account. Anonymized data is never pooled in a manner that could enable re-identification of any customer's transaction data.

Upon account deletion, subscription termination with a deletion request, or a valid instruction under an applicable Data Processing Agreement, LedgerReady will return or delete customer data according to the applicable workflow and legal obligations.

9. Your Rights

Access: You can view all data associated with your account at any time.
Export: You can download your data (uploads, preparation records, artifacts) at any time.
Deletion: You can delete your account and associated data at any time.
Correction: You can update your account information at any time.
Objection: You can object to specific data processing by contacting us.

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@ledgerready.app.

For Virginia, Colorado, and Connecticut residents: You have rights under the VCDPA, CPA, and CTDPA respectively, including access, correction, deletion, and data portability. To exercise your rights, contact privacy@ledgerready.app.

For New York residents: We maintain reasonable safeguards as required by the NY SHIELD Act to protect your private information.

For EU/EEA residents: If applicable, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Contact privacy@ledgerready.app.

We will respond to verified requests within the timeframes required by applicable law.

10. Cookies

LedgerReady uses only essential cookies. See our Cookie Policy for full details.

11. Children's Privacy

LedgerReady is not intended for users under 18. We do not knowingly collect data from minors. If we become aware that we have collected personal information from a minor, we will delete it promptly.

12. International Users

LedgerReady is operated from the United States. Data is stored and processed in the United States. If you are accessing the Platform from outside the United States, you consent to the transfer of your data to the United States upon account creation. For EU/EEA users, transfers are conducted under applicable legal mechanisms.

13. Data Processing Agreement

A Data Processing Agreement (DPA) is available upon request for accountants who require a formal DPA for compliance with their professional obligations or client agreements.

The DPA covers:

LedgerReady as a Data Processor acting on behalf of the accountant (Data Controller) for their linked clients.
Processing scope limited to preparation services described in these terms.
Sub-processor list with notification of changes.
Data breach notification procedures.
Data deletion and return procedures upon termination.

Contact support@ledgerready.app to request a DPA.

14. Changes to This Policy

Material changes will be communicated via email and in-app notification at least 30 days before taking effect. The "Last Updated" date at the top of this page will always reflect the current version.

Changelog

Version	Date	Summary of Changes
1.1	March 2026	Updated the AI provider disclosure, removed the 12-month source-file expiration policy, and added accountant-controlled batch deletion language.
1.0	February 2026	Initial release

1. What We Collect

Account information: name, email address, role (client or accountant).
Business information: business type, payment methods used, platforms used — provided during intake.
Self-declaration responses: your answers to intake questions.
Uploaded files: bank statements, payment processor exports, credit card statements, and optional supporting documents.
Usage data: pages visited, features used, time spent. Collected for product improvement only. Never sold.
Device and browser information: collected for troubleshooting and security only.

2. What We Do Not Collect

Bank login credentials. We never connect to your bank.
Social Security numbers or tax identification numbers.
Credit card numbers. Payment processing is handled by Stripe. We never store payment card data.
Data from any source other than what you explicitly upload or enter.

3. How We Use Your Data

To process uploads through automated noise removal (duplicates, reversals, authorization holds).
To generate preparation artifacts (Pre-Accounting Record, Setup Blueprint, Assumptions, and related outputs).
To run the Preparation Intelligence Engine and surface structured observations from your transaction data.
To provide platform-specific guided setup instructions.
To suggest transaction categories (accountant-facing only; requires accountant confirmation).
To display preparation status to your linked accountant.
To provide accountant-facing investigation summaries, explanations of deterministic observations, and grounded question answering on prepared engagement data.
To improve the product through aggregate, anonymized usage analytics.

4. Preparation Intelligence Processing

LedgerReady does NOT:

Pool transaction data across customer accounts.
Use customer transaction data to train generalized models.
Sell, share, or monetize customer transaction data.
Impose a fixed 12-month source-file expiration timer while your account remains active.

LedgerReady maintains its status as a Data Processor / Service Provider with respect to all customer transaction data. Your designated accounting firm remains the Data Controller.

5. AI and Automated Processing

LedgerReady uses automated processing for the following purposes:

Preparation Intelligence Engine: Rule-based algorithms that identify transaction patterns (such as potential duplicates and coverage gaps). This is rule-based.
Clean Statement Mode: Automated pattern-matching to identify and suppress duplicate, reversed, or noise transactions.
Category Suggestions (accountant-only): Proposed category assignments for transactions. These are suggestions only. They are never applied without accountant confirmation. They are never visible to clients.

6. Who Sees Your Data

You: Full access to everything you have uploaded and all artifacts generated.
Your linked accountant: Access to your preparation record, clean statement output, artifacts, Preparation Intelligence observations, and (if enabled) category suggestions and accountant investigation responses. Accountants can access your raw source files while they remain stored in the workspace and can batch delete source files by client year or entire year when cleanup is needed.
LedgerReady team: Access for troubleshooting and support only, under strict access controls.
Sub-processors: Hosting provider and, where applicable, AI model provider. A current list of sub-processors is available upon request.
No one else. We do not sell, rent, or share your data with advertisers, data brokers, or any third party not listed here.

7. Data Security

All data is encrypted in transit (TLS) and at rest.
Database access is controlled by row-level security policies enforced at the database level.
Role-based access ensures clients cannot access accountant features and vice versa.
We conduct regular security assessments and maintain an incident response plan for data breaches.
In the event of a security incident affecting your data, we will notify the relevant parties without unreasonable delay following confirmation of the incident, consistent with applicable state and federal notification requirements.

8. Data Retention

Structured preparation records (Pre-Accounting Record, certificates, audit trails, Preparation Intelligence observations) are stored while your account is active.
Raw uploaded source files (bank statements, CSVs, PDFs) are stored until you or your accountant delete them, or until account deletion and related cleanup workflows require their removal.
Accountant-controlled cleanup can be performed in batches by client year or by selecting an entire year across clients.
Deleted source files are soft-deleted first and then permanently purged after a short safety window built into our deletion pipeline.
Account data is retained while your account is active and deleted within 30 days of account deletion.
Anonymized aggregate data may be retained indefinitely for product improvement. This data is irreversibly de-identified and cannot be used to identify any individual, business, or specific client account. Anonymized data is never pooled in a manner that could enable re-identification of any customer's transaction data.

9. Your Rights

Access: You can view all data associated with your account at any time.
Export: You can download your data (uploads, preparation records, artifacts) at any time.
Deletion: You can delete your account and associated data at any time.
Correction: You can update your account information at any time.
Objection: You can object to specific data processing by contacting us.

For New York residents: We maintain reasonable safeguards as required by the NY SHIELD Act to protect your private information.

For EU/EEA residents: If applicable, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Contact privacy@ledgerready.app.

We will respond to verified requests within the timeframes required by applicable law.

10. Cookies

LedgerReady uses only essential cookies. See our Cookie Policy for full details.

11. Children's Privacy

LedgerReady is not intended for users under 18. We do not knowingly collect data from minors. If we become aware that we have collected personal information from a minor, we will delete it promptly.

12. International Users

13. Data Processing Agreement

A Data Processing Agreement (DPA) is available upon request for accountants who require a formal DPA for compliance with their professional obligations or client agreements.

The DPA covers:

LedgerReady as a Data Processor acting on behalf of the accountant (Data Controller) for their linked clients.
Processing scope limited to preparation services described in these terms.
Sub-processor list with notification of changes.
Data breach notification procedures.
Data deletion and return procedures upon termination.

Contact support@ledgerready.app to request a DPA.

14. Changes to This Policy

Material changes will be communicated via email and in-app notification at least 30 days before taking effect. The "Last Updated" date at the top of this page will always reflect the current version.

Changelog

Version	Date	Summary of Changes
1.1	March 2026	Updated the AI provider disclosure, removed the 12-month source-file expiration policy, and added accountant-controlled batch deletion language.
1.0	February 2026	Initial release

In short:

1. What We Collect

2. What We Do Not Collect

3. How We Use Your Data

4. Preparation Intelligence Processing

5. AI and Automated Processing

6. Who Sees Your Data

7. Data Security

8. Data Retention

9. Your Rights

10. Cookies

11. Children's Privacy

12. International Users

13. Data Processing Agreement

14. Changes to This Policy

Changelog

Privacy Policy

In short:

1. What We Collect

2. What We Do Not Collect

3. How We Use Your Data

4. Preparation Intelligence Processing

5. AI and Automated Processing

6. Who Sees Your Data

7. Data Security

8. Data Retention

9. Your Rights

10. Cookies

11. Children's Privacy

12. International Users

13. Data Processing Agreement

14. Changes to This Policy

Changelog