Privacy Policy

Last updated: April 2026

1. Introduction

Ledger ("the Service") is operated by Jumpstone Technology Inc. ("we", "us", "our"), a company incorporated in Ontario, Canada. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, and business name. This information is necessary to provide the Service and communicate with you.

Financial Data

The financial data you enter into Ledger — including transactions, invoices, receipts, customer records, and account balances — is stored to provide the Service. We do not independently access, review, or analyse your financial data except as necessary to provide support you have requested or to maintain the Service.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, device type, browser type, and IP address. This helps us improve the Service and diagnose issues.

Cookies

We use a small number of cookies for authentication and error monitoring. For details, see our Cookie Policy.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process payments and manage your subscription
  • Send you important notices about the Service (security alerts, billing, changes to our terms)
  • Respond to your support requests
  • Improve the Service and develop new features
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information. We do not use your financial data for advertising or marketing purposes.

4. Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contractual necessity: Processing required to provide the Service you have signed up for
  • Legitimate interest: Improving the Service, preventing fraud, and ensuring security
  • Consent: Where you have given specific consent (e.g., for marketing communications)
  • Legal obligation: Where we are required by law to process or retain certain data

5. Data Sharing and Sub-Processors

We share your data only with the third-party service providers ("sub-processors") necessary to operate the Service:

Provider Purpose Data Shared
Cloudflare Hosting and infrastructure All service data (stored and processed on Cloudflare infrastructure)
Stripe Payment processing Billing information, payment method details
SendGrid Transactional email Email address, name
Sentry Error monitoring Error reports, device and browser information (no financial data)

All sub-processors maintain SOC 2 Type II certification or equivalent security standards. We do not share your data with advertisers, data brokers, or any parties not listed above.

6. Data Retention

We retain your data according to the following schedule:

  • Active account data: Retained for as long as your account is active
  • Deleted account data: Retained for 90 days after deletion (to allow recovery), then permanently deleted
  • Audit logs: Retained for 7 years for compliance purposes
  • Payment records: Retained as required by applicable tax and financial regulations

7. Data Security

We take the security of your data seriously. We employ encryption in transit (TLS 1.2+), strict access controls, and a tamper-evident audit trail on all write operations. For a detailed description of our security practices, visit our Security page.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for processing based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

The Service is hosted on Cloudflare's global network. Your data may be processed in locations outside Sri Lanka. Cloudflare maintains SOC 2 Type II certification and implements appropriate safeguards for international data transfers.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].