Privacy Policy

Effective date: April 3, 2026

This Privacy Policy explains how LedgerLocked ("LedgerLocked," "we," "us," or "our") collects, uses, stores, and discloses information in connection with our website, communications, onboarding, and service delivery. It also explains your options and rights.

1) Scope

This Policy applies to information collected through the LedgerLocked website, lead and booking workflows, email communications, and services delivered under a client agreement. It does not apply to third-party services that are governed by their own policies.

2) Information We Collect

We may collect the following categories of information:

Contact and business profile information: name, business email, company/team details, and intake responses.
Verification and security data: one-time code requests, verification logs, request metadata, and fraud controls.
Commercial and onboarding information: selected service tier, billing status from payment provider callbacks, and implementation context.
Website and technical data: IP address, browser metadata, device information, and server logs used for reliability and abuse prevention.
Support and communications data: information you provide during calls, email threads, and support interactions.

3) Sources of Information

Directly from you (forms, booking flows, email, meetings).
Automatically from your use of the website and security infrastructure.
From integrated providers needed to deliver service (for example scheduling, payment, and transactional email providers).

4) Purposes of Processing

We process information only as needed for legitimate business and legal purposes, including:

Providing, maintaining, and improving services.
Authenticating users and preventing fraud, abuse, and unauthorized access.
Responding to inquiries and managing onboarding and account operations.
Processing payments and maintaining business records.
Complying with legal, tax, accounting, and regulatory obligations.

5) Legal Bases (Where Applicable)

Depending on jurisdiction, we rely on one or more of the following legal bases:

Performance of a contract or pre-contractual steps requested by you.
Legitimate interests (security, product quality, fraud prevention, operations).
Legal obligation (recordkeeping, compliance, lawful requests).
Consent, where required by law.

6) Local-First Data Positioning

LedgerLocked is architected for local-first deployment and client control. While operational implementations are designed to keep sensitive workflow data in client-managed environments whenever feasible, limited metadata and support records may still be processed for administration, support, billing, and security.

7) Disclosure of Information

We do not sell personal information. We may disclose information in the following circumstances:

To vendors and subprocessors that provide essential infrastructure (email delivery, scheduling, payment, hosting, analytics, security).
To professional advisors (legal, accounting, insurance) as needed.
To comply with legal process, enforce agreements, or protect rights and safety.
As part of a business transfer (merger, acquisition, asset sale), subject to confidentiality safeguards.

8) Cookies and Similar Technologies

We may use cookies or comparable technologies for session integrity, analytics, and abuse prevention. You can control cookies via browser settings, but some functionality may be limited if disabled.

9) Data Retention

We retain data only for as long as reasonably necessary for the purposes described in this Policy, including business continuity, contractual fulfillment, legal compliance, dispute resolution, and enforcement. Retention periods vary by data type and risk profile.

10) Security Measures

We implement reasonable administrative, technical, and organizational safeguards. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11) International Transfers

If information is processed in countries outside your own, we apply commercially reasonable safeguards appropriate to the transfer and legal context.

12) Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

Request access to personal information we hold about you.
Request correction of inaccurate or incomplete information.
Request deletion, subject to legal and contractual limits.
Object to or restrict certain processing.
Request data portability where legally applicable.

To exercise rights, contact [email protected].

13) Children

Services are intended for business users and not directed to children under the age required by applicable law. We do not knowingly collect personal information from children.

14) Third-Party Links and Services

Our website and workflows may contain links to third-party services. Their handling of data is governed by their own privacy terms, and we are not responsible for their content or practices.

15) Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by updating the effective date and, where required, providing additional notice.

16) Contact

For privacy inquiries, requests, or complaints, email [email protected].