1. Who This Notice Applies To
This notice applies to visitors to ledgelog.io, users of the LedgeLog web application, waitlist applicants, invited beta users, and people who contact LedgeLog for support, legal, or privacy matters.
LedgeLog is the controller for the personal data described in this notice when it decides why and how that data is processed. Exchanges you connect to LedgeLog remain separate controllers for your relationship with those exchanges and their own platform activity.
1A. Identity and Contact Details
The operator identified in the Support and Legal Notice is responsible for the personal data described in this notice. For the full legal notice, contact point, and service address, see Support and Legal Notice.
2. Personal Data LedgeLog Processes
Waitlist and prospect data
- Email address submitted through the landing page waitlist form.
- Your selected primary exchange for beta-fit review and onboarding prioritization.
- IP address, user-agent, referrer, and UTM attribution parameters collected with that request.
- Status fields used to track whether a waitlist request is pending, approved, or removed.
Account and identity data
- Email address, password hash, invite-code acceptance, and security/session state.
- Persistent remember-me preference when you choose to stay signed in.
Trading, journaling, and connection data
- Journal notes, strategy labels, tags, daily reflections, and other content you enter.
- Trade, fill, fee, funding, balance, and position data imported from exchanges you connect.
- Encrypted exchange API credentials and connection metadata needed to maintain sync.
Technical, security, and support data
- Authentication, session, abuse-prevention, and operational logs.
- Support and legal communications you send to LedgeLog.
- Consent preferences and records about your analytics choices.
3. Why LedgeLog Uses Personal Data and the Legal Bases
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Operate the account, provide sign-in, maintain sessions, and secure the service | Account identifiers, password hash, session data, security logs | Performance of a contract and legitimate interests in service security |
| Import exchange data, compute analytics, and display journals, dashboards, and reports | Connected exchange data, journal entries, metadata, settings | Performance of a contract |
| Review and manage waitlist requests, issue invites, and respond to onboarding interest | Email address, selected primary exchange, waitlist telemetry, invite status | Steps taken at your request before entering a contract and legitimate interests in beta operations |
| Respond to support, privacy, legal, and security requests | Contact details, correspondence, account context | Legitimate interests and, where applicable, legal obligations |
| Detect abuse, enforce limits, investigate incidents, and protect the platform | IP address, device/browser signals, logs, request metadata | Legitimate interests in fraud prevention and platform security |
| Run optional analytics on the landing site or app | Consent preference, page and performance telemetry described in the Cookies Policy | Consent |
| Keep records required by law, regulators, tax rules, or dispute handling | Relevant account, support, financial, and audit records | Legal obligation and legitimate interests in establishing and defending claims |
4. Recipients and Processors
LedgeLog shares personal data only where needed to run the service, comply with law, or protect the platform.
- Cloudflare, Inc. for security, content delivery, DNS, and optional Cloudflare Web Analytics when analytics consent has been given.
- Hosting, database, and infrastructure providers that run the application, storage, and background jobs.
- Transactional email providers or SMTP relays used to send password resets, invites, and support follow-ups.
- PostHog, only if product analytics is later enabled and only subject to the consent controls described in the Cookies Policy.
- Professional advisers, regulators, law enforcement, or courts where disclosure is legally required or necessary to defend rights and claims.
LedgeLog does not sell personal data. LedgeLog does not use advertising trackers or share personal data for cross-context behavioral advertising.
5. International Transfers
Some service providers may process data outside the European Economic Area or the United Kingdom. Where that happens, LedgeLog uses an appropriate transfer mechanism such as an adequacy decision, the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful safeguard.
If optional analytics are enabled, Cloudflare or any configured analytics provider may process telemetry outside your country. Details about those technologies are described in the Cookies Policy.
6. Retention
LedgeLog keeps data only for as long as reasonably necessary for the purposes above.
| Category | Normal Retention |
|---|---|
| Waitlist and invite records | Usually up to 12 months after the request if no account is created, or sooner if removal is requested. |
| Account profile, exchange connections, journal entries, and trading history | While the account remains active and normally deleted or anonymized within 30 days after a verified closure request is processed, subject to legal and backup exceptions. |
| Security, abuse-prevention, and authentication logs | Normally up to 12 months unless a longer period is needed for an active investigation or legal claim. |
| Support, privacy, and legal correspondence | Normally up to 24 months after the matter is closed, unless a longer record is needed for legal compliance or dispute handling. |
| Optional analytics consent records | Up to 12 months from your latest choice so LedgeLog can respect and evidence that preference. |
| Billing, accounting, or tax records if paid plans are introduced | Up to 7 years where required by applicable accounting or tax rules. |
Backup copies may persist for a limited rolling cycle before they are overwritten. Where deletion cannot happen immediately, LedgeLog will isolate the data and keep it only for compatible purposes.
7. Cookies, Similar Technologies, and Analytics
LedgeLog uses necessary authentication and security technologies, plus optional analytics that stay disabled
until you choose to accept them. The app may also set an optional persistent remember_token cookie
when you choose "Keep me signed in."
The full list of current cookies and analytics technologies, including the session cookie, remember-me cookie, analytics-consent preference record, Cloudflare Web Analytics, and potential future PostHog usage, is described in the Cookies Policy.
8. Your Rights
Depending on your location and applicable law, you may have the right to:
- access personal data LedgeLog holds about you;
- request correction of inaccurate or incomplete data;
- request deletion of your data in appropriate cases;
- restrict or object to certain processing;
- receive a copy of your data in a structured, commonly used, machine-readable format such as JSON or CSV;
- withdraw consent at any time where processing relies on consent; and
- lodge a complaint with the Irish Data Protection Commission or the supervisory authority where you live or work.
Rights requests can be submitted through the contact channels listed in the Support and Legal Notice. LedgeLog may ask for reasonable identity verification before fulfilling a request. LedgeLog aims to respond within 30 days where GDPR applies, subject to any lawful extension.
You can contact the Irish Data Protection Commission at www.dataprotection.ie.
9. Automated Decision-Making
LedgeLog does not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. Closed-beta approvals and account decisions are reviewed manually.
10. Security
LedgeLog uses technical and organizational measures designed to protect personal data, including strong password hashing, encrypted credential storage for supported exchange API keys, transport security, access controls, and security monitoring. No system is completely risk free, and users remain responsible for choosing strong passwords, protecting their email accounts, and using read-only exchange permissions.
11. California and Other Local Notices
LedgeLog does not sell personal information. If local privacy law gives you additional rights, LedgeLog will handle qualifying requests in accordance with that law.
12. Changes to This Notice
LedgeLog may update this Privacy Policy from time to time. The current version is always posted on this page with its effective date. If a change is material, LedgeLog will take reasonable steps to highlight it before or when it takes effect.