Ledger Privacy Policy
Effective date: July 3, 2026 Last updated: July 3, 2026
Ledger is a bookkeeping automation tool from Productive Studio, powered by Ellestra Studio. Ledger is provided by 1348596 B.C. Ltd., based in Parksville, British Columbia, Canada (the "Company"). This Privacy Policy explains what information we collect when you use Ledger, how we use it, who we share it with, and your rights over your data.
By using Ledger, you agree to the practices described here. If you don't agree, don't use the service.
1. Who this policy applies to
This policy applies to anyone who:
- Creates an account on Ledger
- Uploads receipts, invoices, or financial documents to Ledger
- Connects a QuickBooks Online, Google Drive, or bank account to Ledger
- Interacts with Ledger's AI features (categorization, anomaly detection, chat)
2. What we collect
Account information
- Your name, email address, and business name
- Login credentials (encrypted)
- Subscription and billing information (processed by Stripe — see §5)
Financial data you provide
- Receipts (images, PDFs) you upload
- Bank and credit card transaction data (via CSV import, Flinks connection, or manual entry)
- QuickBooks Online data (chart of accounts, vendors, tax codes, transactions) — accessed only after you explicitly connect your QBO account via OAuth
- Google Drive metadata (if you connect Drive for archive — we only see files Ledger creates in the folder you authorize)
Usage data
- Actions you take in the app (uploads, posts, approvals)
- Timestamps and IP address for security/audit purposes
- Error logs
We do NOT collect:
- QuickBooks data outside the company you explicitly connect
- Files in your Google Drive outside the Ledger Archive folder we create
- Contents of your email accounts (unless you explicitly forward receipts to a Ledger address)
- Cross-site tracking data
3. How we use your data
We use your data only to:
- Provide bookkeeping automation (extract receipt data, categorize transactions, propose journal entries)
- Detect anomalies (duplicate charges, missed GST, misclassified accounts)
- Post approved entries to your connected QuickBooks Online company
- Archive receipts to your connected Google Drive folder
- Send notifications about pending approvals, monthly closes, and account activity
- Prevent fraud and enforce our Terms of Service
- Comply with legal obligations
We do NOT:
- Sell your data to anyone
- Use your financial data to train AI models
- Share data with advertisers
- Use your data for marketing to third parties
4. Artificial intelligence and your data
Ledger uses AI (specifically Anthropic's Claude models) to read receipts, categorize transactions, and detect anomalies.
Our AI arrangement includes:
- A Zero Data Retention (ZDR) contract with Anthropic — Anthropic does not store or train on your data
- Data sent to Anthropic is processed for your query only, then deleted
- Anthropic is contractually prohibited from using your data to improve or train their models
What this means for you:
- Your receipt images, transaction data, and financial documents are processed by AI to serve you
- They are not used to train the next generation of AI models
- No other Ledger customer sees your data
5. Third parties we share data with
We share data only with the following providers, only to the extent necessary to operate Ledger:
| Provider | What they receive | Why |
|---|---|---|
| Anthropic (AI processing) | Receipt content, transaction descriptions, chat queries | AI extraction, categorization, chat. Bound by ZDR contract. |
| Intuit / QuickBooks Online | The QBO data you authorize via OAuth | To read + post to your connected QBO company. |
| Google (Drive) | Files Ledger creates in your authorized folder | Archive storage, at your choice. |
| Flinks (optional) | Bank transaction data you authorize | Canadian bank aggregation. Read-only. |
| Stripe (payments) | Payment method, billing address | Subscription billing. |
| Render.com (hosting) | Encrypted data at rest | Infrastructure hosting. Data encrypted, isolated per tenant. |
We do NOT share data with: advertisers, data brokers, or governments (unless legally required by court order — we will notify you unless legally prohibited).
6. Data retention
- Active accounts: We retain your data for as long as your account is active
- Cancelled accounts: Data is retained for 24 months after cancellation, then permanently deleted (this supports audit/tax reassessment periods under Canadian law)
- Immediate deletion request: You may request full data deletion at any time by emailing ellestrastudio@gmail.com. We honour these within 30 days
- Legal holds: Data subject to audit or legal matter may be retained until the matter concludes
7. Your rights (PIPEDA)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:
- Access your personal information we hold — request a copy any time
- Correct inaccurate information
- Withdraw consent for us to use your data (which typically means account cancellation)
- File a complaint with the Office of the Privacy Commissioner of Canada if you believe we've mishandled your data
- Export all your data in a portable format (CSV / JSON)
To exercise any of these rights, email ellestrastudio@gmail.com.
8. Security
- All data encrypted in transit (TLS 1.3)
- All data encrypted at rest
- Per-tenant database isolation (your data lives in a separate database from other customers')
- OAuth tokens stored encrypted, never in plain text
- Employee access to customer data is logged and restricted to support cases you initiate
In the event of a data breach, we will notify affected users within 72 hours per PIPEDA reporting standards.
9. Cookies
Ledger uses functional cookies only:
- Session cookies for keeping you logged in
- No advertising cookies
- No third-party tracking cookies
10. International data transfers
Ledger's servers are hosted on Render.com in Oregon, USA. Your data may be transferred to and processed in the United States. All transfers are covered by contractual data protection clauses. Anthropic also processes data in the United States under the same protections.
If you are outside Canada or the USA, by using Ledger you consent to this transfer.
11. Children
Ledger is a business bookkeeping tool. We do not knowingly collect data from anyone under 18.
12. Changes to this policy
We may update this policy. If we make material changes:
- We will notify you by email at least 30 days before changes take effect
- We will post the updated policy at this URL with a revised "Last updated" date
- Continued use of Ledger after changes take effect = your acceptance
13. Contact us
Email: ellestrastudio@gmail.com Address: 1348596 B.C. Ltd., Parksville, British Columbia, Canada
We respond to privacy inquiries within 3 business days.
14. Governing law
This Privacy Policy is governed by the laws of the Province of British Columbia and the federal laws of Canada applicable therein.