Privacy Policy

Last updated: 20 November 2025

1. Introduction to the LedgerLet Privacy Notice

This Privacy Notice explains how LedgerLet Ltd ("we", "us", "our") collects, uses and protects your personal data when you use our website (www.ledgerlet.com) and the LedgerLet software platform.

By providing us with your personal information, you confirm that you are over 18 years old and that you understand how your data may be used.

LedgerLet Ltd is the Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our details

LedgerLet Ltd
Company number: 16501093
ICO registration reference: C1798368
Registered office:
Crown House, 27 Old Gloucester Street
London, United Kingdom, WC1N 3AX
Email: info@ledgerlet.com

If your personal information changes, please notify us via email.

2. Types of Data We Collect

We may collect and process the following categories of data:

2.1. Information you provide

Name, email, contact information
Property details
Financial information you enter manually
Messages, chat interactions
Uploaded documents or receipts

2.2. Open Banking data (with consent)

Transaction descriptions
Income and expense data
Merchant data
Payment metadata

We never receive or store your online banking login credentials.

2.3. Automatically collected analytics

IP address
Browser and device identifiers
Site usage patterns
Cookie and tracking data

2.4. Special-category data

We do not knowingly collect special-category data. If submitted voluntarily, it is processed only when necessary.

3. How We Use Your Data

We process your data to:

Provide AI-assisted bookkeeping and expense categorisation
Generate MTD-ready Profit & Loss statements
Prepare Self Assessment documentation
Improve classification accuracy
Maintain secure digital records (as required under MTD)
Provide customer support
Prevent fraud and misuse
Comply with legal obligations
Send essential service notifications

4. How We Use AI (Anonymisation First)

LedgerLet uses AI components to deliver core platform functions. We use AI for:

Transaction categorisation
Drafting P&L reports
Responding to user questions
Suggesting allowable expenses

We do NOT send personal identifiers to AI providers.

Before data is processed by OpenAI, Anthropic or similar services:

✔ All personal identifiers are removed
✔ Bank details are never transmitted
✔ Data is minimised
✔ Only relevant transaction text is processed

Internal model training

We may use fully anonymised transaction patterns to improve our private classification models and vector search.

This cannot identify you and complies with GDPR Recital 26.

5. Lawful Bases for Processing

We rely on:

Contract — to deliver the LedgerLet service
Legitimate Interests — to improve security, accuracy, fraud prevention
Consent — for marketing, analytics, and Open Banking permissions
Legal Obligation — HMRC requirements

6. Marketing Communications

We send marketing emails only if you opt in. You may unsubscribe at any time.

We do not sell or rent your data.

7. Sharing Your Data With Third Parties

We may share data with:

●
Open Banking providers (e.g., TrueLayer, Plaid)
●
Cloud hosting providers (AWS, GCP, Azure)
●
Email service providers (e.g., SendGrid)
●
Payment processors (Stripe)
●
AI processing vendors (OpenAI, Anthropic) — anonymised data only
●
Analytics providers (Google, Meta, Hotjar)
●
Professional advisors
●
Regulators and law enforcement, where required

Sub-processor compliance

We only engage sub-processors who provide sufficient guarantees and have entered into Data Processing Agreements with us in accordance with Article 28 UK GDPR.

Advertising audiences (Meta & Google)

We may create hashed, pseudonymised, non-reversible advertising audiences, e.g.:

Meta Custom Audiences
Google Customer Match

Your raw email or other personal identifiers are never shared directly. You may opt out at any time by emailing info@ledgerlet.com.

8. Reviews & Reputation Management (e.g., Trustpilot)

If we use a reviews platform such as Trustpilot or Feefo, we may share your name, email and service usage metadata (e.g., "active customer") exclusively for sending review invitations.

The reviews provider then becomes an independent data controller.

9. Security Measures

We use encryption in transit and at rest, strict access control, secure cloud infrastructure, firewalls, monitoring, regular audits, role-based security and data minimisation.

No internet-based service can be 100% secure, but we follow industry best practices.

10. International Transfers

Some sub-processors may store data outside the UK. We use legally recognised safeguards (adequacy regulations, UK Addendum to EU Standard Contractual Clauses and additional technical protections).

11. Data Retention

Account data — while your account is active
Financial records — 6 years (HMRC requirement)
Support messages — up to 24 months
Marketing data — until withdrawal of consent

12. Your Rights (UK GDPR)

You have the right to:

Access your data
Correct inaccuracies
Request deletion
Restrict processing
Object to processing or marketing
Request portability
Withdraw consent at any time

Contact: info@ledgerlet.com

We will respond within 30 days. We may charge a reasonable fee or refuse to comply with manifestly unfounded or excessive requests (in accordance with UK GDPR).

13. Cookies & Tracking Technologies

We use cookies for analytics, security, personalisation and performance.

We use Google Consent Mode v2 and equivalent tools — analytics and advertising cookies are disabled by default and activate only after explicit consent via our cookie banner.

You may disable cookies in your browser; some features may not function correctly.

14. Contact Us

Email: info@ledgerlet.com

Address:

LedgerLet Ltd, Crown House, 27 Old Gloucester Street, London, WC1N 3AX

15. Complaints

You may contact the UK Information Commissioner's Office (ICO):

https://ico.org.uk

16. Updates

We may update this Privacy Policy as needed. Please check back regularly.