Privacy Policy

LedgerWell is operated by Forgewell, a division of Valmonte Digital Solutions, based in Ontario, Canada. We can be reached at hello@ledgerwell.app.

The data we hold about you falls into three buckets:

• Account data — email address, name, hashed password (or magic-link tokens), and (if enabled) a 2FA secret.
• Documents you upload — receipts, invoices, statements, and contracts in PDF / CSV / image form, plus the metadata we extract from them (vendor, amount, date, category).
• Billing data — handled entirely by Stripe. We receive a customer ID, subscription tier, and renewal date. We never see your card number.

We do not connect to your bank accounts or pull transactions automatically. Imports are CSV/PDF only and initiated by you.

Only to run the product:

• Storing and organizing the documents you upload.
• Sending the weekly digest email (opt-out in Settings).
• Processing your subscription via Stripe.
• Authenticating you on each visit and protecting your account with 2FA if you turn it on.

We do not sell your data, share it with advertisers, or use it to train AI models for any party outside LedgerWell. We do not run third-party tracking pixels on the app.

We use a small set of vendors. Each only sees the data they need to do their job:

• Neon — database and authentication (US region).
• Vercel — web hosting, edge functions, and file storage (Vercel Blob).
• Google — AI analysis features (Gemini). Document text is sent for analysis only when you use an AI feature; it is not used to train models.
• Stripe — payment processing and subscription management.
• Resend — transactional email (digest, password reset, account-deletion notice).

For as long as your account is open. When you delete your account, we set a 30-day grace period during which we can still restore everything — useful if you change your mind. After 30 days, your auth record, documents, file storage, and associated data are hard-deleted automatically.

Stripe retains billing records independently for tax and audit purposes per their own retention policy.

Every database table enforces row-level security tied to your authenticated user ID. Even our own application code cannot read another user's data without explicitly assuming that user's session. Enterprise workspaces are isolated by the same mechanism: a client invited into your workspace can only see their own documents, never another client's.

You can, at any time:

• Export all your data as a ZIP from Settings → Export.
• Edit or delete individual documents or your entire account.
• Disable the weekly digest in Settings.
• Request a copy of all data we hold about you by emailing hello@ledgerwell.app.

If you're in the EU, UK, or California, you have additional rights (GDPR / UK GDPR / CCPA) including the right to object to processing and the right to lodge a complaint with your supervisory authority. Email us and we'll handle it.

All traffic is HTTPS-only with HSTS. Passwords are hashed and managed by our authentication provider (Neon Auth) — we never see or store them. Bank access tokens are server-side only and never exposed to the browser. We don't log full request bodies or document contents to our error tracking.

If we ever experience a breach affecting your data, we'll notify you by email within 72 hours of confirming it.

LedgerWell is not directed at anyone under 16. We don't knowingly collect data from children.

If we change anything material, we'll email account holders and update the date at the top of this page. Continued use of the product after the effective date counts as acceptance.

Questions, requests, or complaints: hello@ledgerwell.app.