Privacy Policy

Last updated 4 May 2026.

This policy describes what personal data LetLedger collects, why, and what we do with it. It is written in plain English. Defined terms (we, you, the service) match the Terms of Service.

1. Who's responsible

The data controller is [ENTITY NAME], a UK business based at [REGISTERED ADDRESS]. Contact: hello@letledger.uk.

2. What we collect

• Email address — for sign-in via magic link.
• Magic-link tokens — short-lived, single-use, hashed at rest.
• Bank transaction data — date, description, amount — uploaded by you via CSV.
• Property metadata — name, address, optional notes you create.
• Receipt images — if you upload them, plus extracted total/date.
• Usage logs — request timestamps, IP, user agent, error traces. Retained ~30 days.

We do not collect: bank account numbers, sort codes, full statements (only the rows you choose to upload), payment cards, identity documents, biometrics.

3. Why we process it

• Run the service — sign you in, store and categorise your transactions, render PDFs.
• Improve the service — anonymous aggregate metrics (e.g. how often categorisation is corrected).
• Comply with the law — tax-record retention, fraud prevention, lawful requests.

Lawful bases under UK GDPR: contract (running the service you signed up to), legitimate interests (improving the product, securing the service), and legal obligation where applicable.

4. AI processing — read this

Transaction descriptions and amounts are sent to a third-party large language model provider for categorisation. Today that provider is OpenAI (gpt-4o-mini); we may change provider as the field evolves. We send only:

• Description text.
• Amount in pence.
• An anonymous index number per batch.

We do not send your email, your name, or any other identifying information to the AI provider. The AI provider's data handling is governed by their own terms (typically: 30-day retention for abuse monitoring, no training on API data). You should not upload data you are not contractually allowed to share with such a provider.

5. Where data is stored

• Database — UK / EU servers operated by our infrastructure provider.
• Receipt images — Cloudflare R2 (EU/UK region).
• AI requests — routed to OpenAI; OpenAI processes in the US under Standard Contractual Clauses.
• Email delivery — Resend (EU / US, SCCs).

6. How long we keep it

• Account data — while your account is active, plus 30 days after deletion.
• Transactions and reports — while the account is active. You can delete an account from inside the app.
• Magic-link tokens — 15 minutes (then expire) or until used.
• Logs — ~30 days.

HMRC's record-keeping rules require you to retain underlying records for at least the period HMRC requires (typically several years). If you delete your account, export your data first.

7. Your rights

Under UK GDPR you can:

• Access the data we hold about you (subject access request).
• Correct inaccurate data.
• Delete your account and the data tied to it.
• Export your data in a machine-readable format (CSV/JSON).
• Object to processing for legitimate-interest purposes.
• Lodge a complaint with the ICO.

Email hello@letledger.uk for any of these. We aim to respond within 30 days.

8. Security

HTTPS for all traffic. Passwords (where used) hashed with bcrypt. Magic-link tokens hashed with SHA-256 before storage. Database backups encrypted at rest. We are not perfect — no system is — and we will tell affected users without undue delay if a breach occurs.

9. Cookies

We use a single first-party cookie or localStorage entry to keep you signed in (a JWT). No third-party tracking. No advertising cookies. See Cookies for detail.

10. Changes

We may update this policy. Material changes take effect 14 days after we post the updated version at this URL.

11. Contact

Privacy questions: hello@letledger.uk. ICO complaints: ico.org.uk.