Ledgr

Privacy Policy

How we collect, use, and protect your data

Effective March 23, 2026

Ledgr (“we,” “us,” “our”) is a personal finance tracking application operated by Joseph Gindi, a sole proprietor based in Long Branch, NJ. We take your privacy seriously. This policy explains what data we collect, why we collect it, how we protect it, and what control you have over it. We’ve written this in plain language — no unnecessary legalese.

01

Information We Collect

Account Information

When you create a Ledgr account, we collect:

  • Your email address
  • Your password — hashed by Supabase Auth before storage. We never store your plaintext password.

Financial Data

Ledgr connects to your financial accounts to display your transactions and balances. We store:

  • Transaction date, merchant name, amount, and category
  • Account metadata: institution name, last 4 digits of your account number, and account type

This data comes from two sources:

  • Plaid API — when you link a bank account through Plaid, we receive transaction and balance data directly from your institution.
  • CSV / PDF uploads — if you manually upload a bank statement, it is processed entirely in memory and immediately discarded. We extract transaction data from it; we do not store the original file.
×
We never store: bank login credentials · full account numbers · routing numbers · uploaded statement files

Payment Information

Subscription billing is handled entirely by Stripe. Ledgr never receives, sees, or stores your credit card number or any raw payment card data. Stripe handles all payment processing and is governed by their own privacy policy.

02

How We Use Your Information

We use your information for the following purposes:

  • Display your financial data to you within the app
  • Categorize transactions using AI (Z.AI GLM-5) or rules-based categorization
  • Generate budget tracking, spending insights, and financial reports
  • Process subscription payments through Stripe
  • Maintain your account and authenticate your identity
✓
What we don’t do: We do not sell, share, or provide your financial data to any third party for advertising, marketing, or any commercial purpose.
03

Third-Party Services

Ledgr integrates with several trusted third-party services. Here’s exactly who they are and what data they touch:

ServicePurposeData Involved
SupabaseDatabase & AuthStores all user and financial data. Encrypts at rest with AES-256.
PlaidBank connectivityConnects to your bank accounts. Governed by Plaid's privacy policy.
StripePaymentsProcesses subscription billing. Governed by Stripe's privacy policy.
Z.AI (GLM-5)AI categorizationReceives merchant names and amounts only. No PII is sent.
VercelApp hostingHosts the Ledgr application. Minimal request metadata only.
UpstashRate limitingEnforces API rate limits. No user data is stored.
CloudflareDNS / DomainManages domain routing. No personal data processed.
04

Data Security

We implement multiple layers of security to protect your data:

  • Encryption at rest — all data stored in Supabase is encrypted with AES-256.
  • Encryption in transit — all data transmitted between your browser and our servers uses TLS 1.2 or higher.
  • Plaid token encryption — Plaid access tokens are additionally encrypted with AES-256-GCM before being stored.
  • Row-level security — all database tables enforce row-level security, ensuring users can only access their own data.
  • Multi-factor authentication — MFA (TOTP) is available for all user accounts.
  • Rate limiting — all API endpoints are rate-limited to protect against abuse.
05

Data Retention and Deletion

Your data is retained for as long as your account remains active. You are in full control:

  • Account deletion — you can permanently delete your account at any time from the Settings page.
  • Complete removal — deleting your account permanently removes all of your data from our systems via cascading deletion across all database tables.
  • Plaid revocation — all Plaid bank connections are revoked upon account deletion.

We do not retain archived copies of deleted user data.

06

Your Rights

You have the following rights over your data:

  • Access — view all of your financial data directly within the Ledgr app.
  • Export — download your transaction data as a CSV file from the Transactions page.
  • Delete — delete your account and all associated data from Settings at any time.
  • Correct — edit transaction categories and account information at any time within the app.
07

Cookies

Ledgr uses a minimal set of cookies, all of which are functional:

CookiePurposeExpiry
SessionRequired for authentication. Keeps you logged in.Session
Theme preferenceStores your light/dark mode preference.1 year
Banner dismissalRemembers if you’ve dismissed the upgrade banner.7 days
✓
No tracking. Ledgr uses no tracking cookies, analytics cookies, or advertising cookies of any kind.
08

Children’s Privacy

Ledgr is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

09

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email. The effective date at the top of this document will always reflect when it was last updated. Continued use of Ledgr after changes constitutes acceptance of the updated policy.

10

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, reach out:

Joseph Gindi — Founder, Ledgr

Emailmadrapid222@gmail.com
Websiteledgrfinance.net
LocationLong Branch, NJ, USA