ledgr.Open app

Privacy policy

Last updated: May 6, 2026

The short version

  • Your accounts, balances, and ledger live on your device. We never see them.
  • We never ask for, store, or sell your bank logins or financial data.
  • You can use ledgr anonymously with the 5-instrument free tier — no account, no email. Email is only collected if you choose to start a Pro trial or buy Pro, and even then we use it only for licensing and magic-link sign-in.
  • When you do verify an email, we store a canonical hash of it so a single person can't farm multiple free trials with Gmail dots / plus-aliases. That hash is identity-only — it never sees your financial data.
  • We use privacy-friendly analytics to count visits and basic product usage. No personal data, no third-party ad tracking.

What we collect

ledgr is designed so that the data that matters to you — your instruments, balances, and history — never leaves your device. The only data that reaches our servers is what you deliberately give us.

Stays on your device

  • Instruments you create (bank accounts, investments, loans, property, custom items).
  • Monthly balance entries and the history you build over time.
  • Your chosen base currency and display preferences.
  • Your vault password, if you set one. We never receive it and we cannot recover it for you.

May reach our servers

  • Email address — only if you submit it to the waitlist or use it to sign in to the app. Used to send you product updates and the messages you opted into.
  • Display name — only if you provide one during onboarding. Used to personalize the app.
  • Aggregate usage events — for example, that an instrument was created or a backup was exported. These never contain balances, instrument names, or any identifiable financial detail.
  • Standard request logs — like most websites, our servers record IP address, user agent, page URL, and timestamp for security and to keep the site running. These are kept for a short period and never sold.

Analytics we use

We use lightweight, privacy-friendly analytics to understand how people find and use ledgr. None of these tools receive your vault password, your balances, or your decrypted ledger.

  • Plausible — counts page views in aggregate. No cookies, no cross-site tracking. See Plausible's privacy approach.
  • Umami — open-source, cookieless page and event analytics, self-hosted on our infrastructure. See Umami's privacy policy.
  • PostHog — counts high-level product events (e.g. an instrument was added, a backup was exported). We never send balances or any data that could identify your finances. See PostHog's privacy notice.

You can block analytics scripts in your browser at any time. ledgr keeps working — those tools are not required to use the app.

Third-party services

A few features rely on services run by other companies. We only share what is needed for that feature to work.

  • Google Drive — only if you choose to enable cloud backup. ledgr writes an encrypted backup file to a folder in your own Drive. We have no access to it.
  • Stripe— handles payments if you upgrade to Pro or Lifetime. Your card details are entered on Stripe's hosted checkout, never on ours, and we only receive the email, country, and Stripe customer ID needed to tie the purchase to your license key.
  • Currency API (jsdelivr / currency-api) — public, anonymous endpoints used to fetch exchange rates. Only the currency code is requested; no personal data is sent.

Cookies and local storage

ledgr stores its own data in your browser's IndexedDB and localStorage so the app works offline and remembers your settings. We do not use third-party advertising cookies. The analytics tools listed above are configured to be cookie-free where possible.

Your rights and choices

Because the data that matters lives on your device, most control sits directly in your hands:

  • Export, import, or wipe your ledger from Settings at any time.
  • Disconnect cloud backup with one click. Your local copy is unaffected.
  • Block analytics scripts in your browser if you prefer.
  • For data we hold on our servers (your email, display name, server logs), you can request access, correction, or deletion at teamledgr@gmail.com.

If you are in the EU, UK, or another region with similar data protection laws, the rights granted by those laws (access, rectification, erasure, objection, portability) apply to data we process about you.

Children

ledgr is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has used ledgr, contact us and we will remove any data we hold.

Legal notices & product version

The public website and installable web app identify their current build with a dated release label (currently v2026.5.3.2). That label is for support and communication only; it is not a warranty of fitness for a particular purpose.

  • Not advice. ledgr helps you record and visualize balances you enter yourself. Nothing in the app or on this site is financial, investment, tax, or legal advice. We do not recommend specific securities, products, or strategies.
  • No professional relationship. Using ledgr does not create a client, advisory, or fiduciary relationship with the ledgr team or any partner.
  • Accuracy & responsibility. You are responsible for the numbers you enter and for verifying them against your own statements and professionals you trust.
  • Software "as is". We work hard to ship reliable software, but we do not guarantee uninterrupted or error-free operation. Personal data practices are described in the sections above.

v2026.5.3.2 · Legal notices · Privacy policy · Contact

ledgr is software for organizing your own records. It is not financial, legal, or tax advice, and we are not a fiduciary or advisor.

Changes to this policy

When we update this policy we change the date at the top of this page. Material changes are also announced in the app or via email if you have subscribed.

Contact

Questions about this policy or how ledgr handles your data? Write to teamledgr@gmail.com.