๐ Plain English summary: LedgerDesk collects only what is necessary to run your accounting company. We do not sell your data. Your financial records belong to you and are stored in India on encrypted servers.
Information We Collect
When you create an account and use LedgerDesk, we collect information in the following categories:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, phone number, password (hashed) | Create and secure your account |
| Company data | Business name, GSTIN, PAN, registered address, state code | Multi-company setup and GST compliance |
| Financial data | Ledgers, vouchers, transactions, invoices, party details | Provide the core accounting service |
| Usage data | Pages visited, features used, session duration, IP address | Improve the product and detect abuse |
| Device data | Browser type, OS, screen size | Ensure compatibility |
| Communications | Support emails, feedback, chat messages | Respond to support requests |
We do not collect payment card numbers. Payments are processed by Razorpay and are subject to their privacy policy.
How We Use Your Information
We use your information strictly to operate and improve LedgerDesk. The specific uses are:
- Provide, maintain, and improve the accounting platform and all its modules.
- Generate vouchers, ledger entries, GST reports, and financial statements on your behalf.
- Send transactional emails โ account verification, password reset, invoices for our subscription plans.
- Notify you of important product changes, security alerts, or downtime notices.
- Detect, investigate, and prevent fraudulent transactions, abuse, and security breaches.
- Comply with applicable Indian laws including IT Act 2000, GST Act, and Income Tax Act.
- Respond to lawful requests from law enforcement or regulatory authorities.
- Analyse aggregated, anonymised usage patterns to guide product development.
We do not use your financial data to train machine learning models or to build profiles for advertising purposes.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal or financial data. We share data only in the following limited circumstances:
| Third Party | What is shared | Why |
|---|---|---|
| Razorpay | Name, email, subscription amount | Payment processing |
| AWS / hosting | Encrypted database backups | Cloud infrastructure (data in India region) |
| SendGrid / SES | Email address, message content | Transactional email delivery |
| Government authorities | As required by law | Legal compliance (GST, IT Act) |
All third-party processors are bound by data processing agreements and are prohibited from using your data for their own purposes.
โ No data is shared outside India except where you explicitly export data yourself (e.g. download a GSTR-1 JSON file to your device).
Data Storage & Security
All data is stored on encrypted servers located in the Mumbai, India AWS region (ap-south-1). We implement the following security measures:
- AES-256 encryption at rest for all database files and backups.
- TLS 1.3 in transit โ all communication between your browser and our servers is encrypted.
- Bcrypt hashing for passwords โ we never store your password in plain text.
- Company-level data isolation โ no user can access another company's data, enforced at the application layer on every query.
- Automated daily backups retained for 30 days, with point-in-time recovery capability.
- Role-based access control (RBAC) inside your company โ you control who sees what.
- Regular security audits and dependency vulnerability scanning.
Despite our measures, no system is 100% secure. We will notify you within 72 hours of becoming aware of a data breach that affects your account.
Your Rights
You have the following rights under India's Digital Personal Data Protection Act (DPDPA) 2023 and our own commitment to data transparency:
- Right to Access: Request a copy of all personal data we hold about you.
- Right to Correction: Ask us to correct inaccurate or incomplete information.
- Right to Erasure: Request deletion of your account and all associated data. Financial records required by law may be retained for the legally mandated period.
- Right to Data Portability: Export your full accounting data as CSV or JSON at any time from the Settings panel.
- Right to Withdraw Consent: Withdraw consent for non-essential communications (marketing emails) at any time via unsubscribe links.
- Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer (DPO) โ details in Section 9.
To exercise any of these rights, email us at privacy@LedgerDesk.in. We will respond within 30 days.
Cookies & Tracking
We use a minimal set of cookies to operate the platform:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
LedgerDesk_session | Essential | Maintain your login session | Session |
XSRF-TOKEN | Essential | Security โ prevent CSRF attacks | Session |
company_id | Essential | Track active company context | Session |
lp_analytics | Analytics | Anonymised page-view counting (no third party) | 90 days |
We do not use third-party advertising cookies or tracking pixels. We do not use Google Analytics. Our analytics are self-hosted and produce only aggregated, anonymised statistics.
Children's Privacy
LedgerDesk is a professional accounting tool intended for use by adults operating businesses. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has created an account, please contact us immediately at privacy@LedgerDesk.in and we will delete the account.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before the change takes effect.
- Show an in-app banner prompting you to review the updated policy on your next login.
Continued use of LedgerDesk after the effective date constitutes acceptance of the revised policy. If you disagree with any changes, you may close your account before they take effect.
Contact Us
For any privacy-related queries, data requests, or complaints, contact our Data Protection Officer:
Phone: +91 88512 41114 (MonโFri, 10amโ6pm IST)
Address: LedgerDesk โ 121001
We commit to responding to all privacy requests within 45 days.