Privacy Policy

Last updated: 10 July 2026

We take privacy seriously because our customers do — you're trusting us with your clients' financial lives. This policy explains, in plain English, what we collect and why.

1. Who this policy applies to

This Privacy Policy explains how Ledger One processes personal data when you visit our website, sign up for an account, or use our software. It applies to visitors, prospective customers, account holders, and — indirectly — the clients of the accounting practices that use Ledger One.

2. Our role: controller vs processor

For personal data about you as a Ledger One account holder or website visitor, Ledger One acts as the data controller. For personal data your practice uploads about its own clients (financial records, contact details, receipts), your practice is the controller and Ledger One is the processor. A Data Processing Agreement is available on request.

3. What we collect

Account data (name, email, firm name, role); billing metadata received from Paddle.com Market Ltd, our Merchant of Record and payment reseller (billing country, VAT number, last four digits of card, transaction IDs — full card details are handled by Paddle and never stored by us); product usage data (pages visited, features used, timestamps, IP addresses, device/browser info); and any content you upload including client books, receipts, and messages to our AI copilot.

4. Why we process it (lawful basis)

To provide the service and honour our contract with you (Art. 6(1)(b) UK GDPR); to keep the service secure and detect abuse (legitimate interests); to comply with legal obligations such as tax and anti-money-laundering law; and, only where you've opted in, to send product marketing (consent — withdrawable at any time).

5. Who we share it with

A short list of vetted recipients and subprocessors: Paddle.com Market Ltd, our Merchant of Record and payment reseller, which handles checkout, billing, tax, invoicing, refunds and fraud checks; our cloud hosting provider (UK/EU regions); our transactional email provider; our error monitoring provider; and our AI model provider for copilot features. The current subprocessor list is available on request from privacy@ledgerone.app. We never sell personal data.

6. International transfers

Data is stored in the UK and EU. If a subprocessor or Paddle transfers data outside the UK/EEA, we rely on the UK IDTA, EU Standard Contractual Clauses, or an equivalent adequacy mechanism.

7. How long we keep it

Account and billing data are kept for the life of your account plus 7 years to meet UK statutory retention rules. Uploaded books and financial records are kept while your subscription is active, and for 30 days after cancellation to allow export. Web analytics identifiers are retained for 26 months maximum.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent where processing is based on it. Contact privacy@ledgerone.app to exercise any of these rights. You can also complain to the UK Information Commissioner's Office (ico.org.uk).

9. Security

We use TLS 1.3 in transit, AES-256 at rest, row-level tenant isolation, and immutable audit logging. Full detail on our Security page.

10. Cookies

We use a small number of strictly-necessary cookies (session, CSRF) that don't need consent, plus optional analytics cookies you can accept or reject via the banner on your first visit. You can change your choice any time by clearing site data.

11. Contact

Privacy questions or requests: privacy@ledgerone.app. Data protection lead: Data Protection Lead, Ledger One, United Kingdom.