← Back to The Ledger
Privacy Policy
The Ledger — Privacy
We store what we must. Nothing more.
Last updated: 5 May 2026
TL;DR — Your tasks, notes, and journal entries belong to you. We don't sell them, advertise against them, or train models on them. We store them to sync across your devices. You can export or delete everything at any time.
1. What we collect
Account data
- Email address — used for sign-in, receipts, and service emails (password reset, billing, security alerts).
- Display name — only if you set one in the onboarding. Used in the greeting ("Good morning, [name]") and nowhere else.
- Authentication tokens — stored in your browser's localStorage by Supabase, used to keep you signed in.
App content
- Tasks, projects, notes, journal entries, ritual picks, tag definitions, calendar time-blocks, and settings you explicitly save.
- Stored on your device (always) and synced to Supabase Postgres if you sign in.
Operational data
- Error reports (via Sentry, if enabled) — browser, OS, a stack trace, and a short anonymised session replay. Helps us fix crashes. Contains no task content.
- Anonymous usage pings — we may log "sign-in happened", "matrix view opened" to Supabase for product analytics. No personally-identifying content, no task text.
- We do not use Google Analytics, Meta Pixel, or similar third-party trackers.
Billing (Pro subscribers only)
- Payment is processed by Lemon Squeezy. They handle your card details — we never see them.
- We store: your Lemon Squeezy customer ID, subscription status, plan tier, renewal date. That's it.
2. What we don't collect
- No location data.
- No device fingerprinting for ad targeting.
- No contacts, calendar integrations you didn't opt into, or social graph data.
- No tracking pixels in our emails.
3. Who we share data with
| Service | What they get | Why |
|---|
| Supabase | Your app content + account record | Hosting your data, syncing across devices |
| Google (OAuth only) | Email + basic profile (only if you sign in with Google) | Sign-in |
| Vercel | Request metadata (IP, timestamp, URL, user-agent — retained ≤24h) | Hosting the app; standard request logs for security and debugging |
| Resend | Your email address + email body | Sending waitlist confirmations, beta invites, feedback replies, and product updates |
| Sentry | Error details + browser metadata (PII scrubbed from error context) | Fixing bugs — only when an error occurs |
| Lemon Squeezy | Name, email, payment info (Pro users) | Processing subscriptions; Lemon Squeezy is the Merchant of Record and a separate data controller for tax purposes |
Nobody else. We don't share data with advertisers, data brokers, or AI model providers.
4. Where data is stored
- Supabase — our primary database. Region: US-East by default (may move to Asia for Indian users to reduce latency).
- Your browser's localStorage — always. Lets The Ledger work offline.
- Backups — Supabase takes automated daily backups, kept for 7 days.
5. Your rights
Under GDPR, India's DPDP Act, and similar regimes you have the right to:
- Access — export everything you've stored. Do it yourself: Matrix → Export. Or email us.
- Rectify — edit anything in the app directly, or ask us.
- Delete — use the reset link (dev-only currently; production delete flow is in progress) or email us for a full wipe. Account + data gone within 30 days.
- Portability — exported data is JSON; you can take it anywhere.
- Object / restrict processing — email us. We'll honour it.
6. How long we keep data
- Your account data and app content: as long as your account is active.
- After you delete your account: up to 30 days in backups, then fully gone.
- Billing records: 7 years (tax compliance).
- Error logs: 90 days.
7. Security
- All traffic is TLS 1.2+.
- Passwords are never stored — Supabase handles auth.
- Database access is restricted by Supabase Row-Level Security policies — your data is only readable by you.
- We don't promise unbreakable security (nobody can). We promise to notify affected users within 72 hours of any confirmed breach.
8. Cookies
We don't set marketing cookies. The only client-side storage we use is localStorage (for your app data and auth token) and sessionStorage (for remembering which tab you last viewed on mobile). No third-party cookies.
9. Children
The Ledger is not intended for users under 18 in India (per the Digital Personal Data Protection Act), under 16 in the European Economic Area (per the GDPR's age-of-consent rules in most member states), or under 13 in the United States (per COPPA). Don't sign up if you're below those ages in your jurisdiction. If you're a parent and believe your child has signed up, email us — we'll delete the account.
10. International transfers
If you're outside the US, your data may be transferred to US-based servers (Supabase + Vercel). Both are SOC 2 compliant. By using the app you consent to this transfer.
11. Changes to this policy
Material changes (what we collect, who we share with, where we store) will be emailed to signed-in users at least 14 days before taking effect. Minor edits (typos, clarifications) are published here with an updated date.
12. Contact
Questions, data requests, or privacy concerns: jaiveer@the-ledger-app.com. For GDPR/DPDP formal requests, put "Data request" in the subject line — we'll respond within 30 days.