Last updated: 10 July 2026
We take privacy seriously because our customers do — you're trusting us with your clients' financial lives. This policy explains, in plain English, what we collect and why.
This Privacy Policy explains how Ledger One processes personal data when you visit our website, sign up for an account, or use our software. It applies to visitors, prospective customers, account holders, and — indirectly — the clients of the accounting practices that use Ledger One.
For personal data about you as a Ledger One account holder or website visitor, Ledger One acts as the data controller. For personal data your practice uploads about its own clients (financial records, contact details, receipts), your practice is the controller and Ledger One is the processor. A Data Processing Agreement is available on request.
Account data (name, email, firm name, role); billing metadata received from Paddle.com Market Ltd, our Merchant of Record and payment reseller (billing country, VAT number, last four digits of card, transaction IDs — full card details are handled by Paddle and never stored by us); product usage data (pages visited, features used, timestamps, IP addresses, device/browser info); and any content you upload including client books, receipts, and messages to our AI copilot.
To provide the service and honour our contract with you (Art. 6(1)(b) UK GDPR); to keep the service secure and detect abuse (legitimate interests); to comply with legal obligations such as tax and anti-money-laundering law; and, only where you've opted in, to send product marketing (consent — withdrawable at any time).
A short list of vetted recipients and subprocessors: Paddle.com Market Ltd, our Merchant of Record and payment reseller, which handles checkout, billing, tax, invoicing, refunds and fraud checks; our cloud hosting provider (UK/EU regions); our transactional email provider; our error monitoring provider; and our AI model provider for copilot features. The current subprocessor list is available on request from privacy@ledgerone.app. We never sell personal data.
Data is stored in the UK and EU. If a subprocessor or Paddle transfers data outside the UK/EEA, we rely on the UK IDTA, EU Standard Contractual Clauses, or an equivalent adequacy mechanism.
Account and billing data are kept for the life of your account plus 7 years to meet UK statutory retention rules. Uploaded books and financial records are kept while your subscription is active, and for 30 days after cancellation to allow export. Web analytics identifiers are retained for 26 months maximum.
Under UK GDPR you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent where processing is based on it. Contact privacy@ledgerone.app to exercise any of these rights. You can also complain to the UK Information Commissioner's Office (ico.org.uk).
We use TLS 1.3 in transit, AES-256 at rest, row-level tenant isolation, and immutable audit logging. Full detail on our Security page.
We use a small number of strictly-necessary cookies (session, CSRF) that don't need consent, plus optional analytics cookies you can accept or reject via the banner on your first visit. You can change your choice any time by clearing site data.
Privacy questions or requests: privacy@ledgerone.app. Data protection lead: Data Protection Lead, Ledger One, United Kingdom.