Skip to main content

Privacy Policy

Last Updated: January 3, 2026

Introduction

EmLedger ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting software and services.

Information We Collect

Account Information

  • Name, email address, and contact details
  • Company information and business details
  • Billing and payment information
  • Account credentials and authentication data

Financial Data

  • Transaction records and accounting entries
  • Bank connection information (through secure third-party providers)
  • Financial reports and statements
  • Customer and vendor information
  • Invoice and bill data

Usage Information

  • Website analytics (via Plausible Analytics - privacy-focused, no cookies)
  • Application error tracking and performance monitoring (via Sentry - with privacy controls enabled)
  • Device and browser information
  • Feature usage and interaction data
  • Pages visited and time spent

How We Use Your Information

  • Provide and maintain our accounting services
  • Process payments and manage subscriptions
  • Send service updates, support communications, and account notifications
  • Improve our software and user experience
  • Comply with legal obligations and prevent fraud
  • Analyze website usage patterns (anonymously via Plausible)
  • Monitor application errors and performance (via Sentry with privacy controls)
  • Generate financial reports and statements you request
  • Troubleshoot technical issues and provide customer support

Data Security

We implement industry-standard security measures to protect your data:

  • Enterprise-grade encryption for data in transit (HTTPS) and at rest
  • Mandatory multi-factor authentication (MFA) using time-based one-time passwords (TOTP)
  • Daily encrypted backups
  • Regular security audits and vulnerability assessments
  • Secure password handling and storage practices
  • Access controls and role-based permissions
  • Audit trails for all data modifications

Data Sharing

We do not sell or share your personal information for advertising purposes. We may share data with:

  • Infrastructure Providers: Hosting (Vercel), database and authentication (Supabase)
  • Payment Processing: Stripe for subscription billing and payment processing
  • Bank Connections: Teller for secure bank account connections and transaction syncing
  • Email Delivery: Resend for transactional emails (invoices, notifications, invitations)
  • Website Analytics: Plausible Analytics (privacy-focused, no cookies)
  • Error Monitoring: Sentry for application error tracking (with privacy controls: text masking, media blocking)
  • Product Updates: Headway for in-app changelog and product announcements
  • Typography: Google Fonts for web font delivery
  • Legal Requirements: When required by law, court order, or to protect our rights
  • Your Team: Team members you invite to your account

Your Rights

You have the right to:

  • Access your personal and financial data
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Export your data in standard formats (CSV, PDF)
  • Opt-out of marketing communications
  • Withdraw consent at any time
  • Request information about how your data is used
  • File a complaint with your data protection authority

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We Do Not Sell or Share Your Personal Information

EmLedger does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We only share data with service providers who help us operate our business, as described in this policy.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers: Name, email address, account credentials
  • Commercial Information: Subscription and billing records, transaction history
  • Financial Information: Bank account information (via Teller), payment card details (via Stripe)
  • Internet Activity: Browsing history on our website, interaction with our services
  • Professional Information: Business name, company details

How to Submit a Request

To exercise your California privacy rights, please contact us at privacy@emledger.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf. We will respond to verifiable requests within 45 days.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account deletion, we retain certain data as required for legal and compliance purposes:

  • Financial records: 7 years (IRS/tax compliance requirements)
  • Transaction history: 7 years
  • System backups: 30-90 days
  • Audit logs: 12 months
  • Other personal data: deleted within 30 days of request

Cookies and Tracking

EmLedger uses minimal tracking technologies:

  • Website Analytics: Plausible Analytics (privacy-focused, does not use cookies)
  • Error Tracking: Sentry may use cookies for session tracking in the application
  • Authentication: Session cookies for secure login and session management
  • Security: Cookies for fraud prevention and security tokens
  • Preferences: Local storage for remembering user interface preferences

We do not use third-party cookies or tracking pixels for advertising or behavioral targeting purposes.

Data Storage and Processing

Your data is stored and processed primarily in the United States through our service providers (Supabase and Vercel). By using our Service, you consent to the transfer and processing of your data in the United States. We implement appropriate security measures to protect your data regardless of where it is stored.

Third-Party Services

Our service integrates with the following third-party providers. We encourage you to review their privacy policies:

  • Supabase: Database, authentication, and serverless functions
  • Vercel: Website and application hosting
  • Stripe: Payment processing and subscription management
  • Teller: Bank account connections and transaction syncing
  • Resend: Transactional email delivery
  • Sentry: Error tracking and performance monitoring
  • Plausible: Privacy-focused website analytics
  • Headway: Product changelog and announcements
  • Google Fonts: Web typography

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete such information and terminate the child's account.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our service. Continued use after changes constitutes acceptance. We encourage you to review this policy periodically.

State Privacy Law Compliance

EmLedger complies with applicable United States privacy laws, including:

  • California: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia: Virginia Consumer Data Protection Act (VCDPA)
  • Colorado: Colorado Privacy Act (CPA)
  • Connecticut: Connecticut Data Privacy Act (CTDPA)
  • Other States: We monitor and comply with emerging state privacy legislation

Residents of these states have specific rights regarding their personal information. Please see the California Privacy Rights section above or contact us at privacy@emledger.com to exercise your rights under applicable state law.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users promptly via email and/or in-app notification
  • Provide notification within the timeframes required by applicable state law (typically 30-72 hours after discovery)
  • Describe the nature of the breach and the types of information potentially affected
  • Explain the steps we are taking to address the breach and protect your data
  • Provide guidance on steps you can take to protect yourself
  • Notify relevant regulatory authorities as required by law

Contact Us

For privacy-related questions or to exercise your rights, please contact us:

  • Email: privacy@emledger.com

We will respond to all inquiries within 30 days or as required by applicable law.

Privacy Concerns

If you have concerns about our privacy practices or wish to exercise your privacy rights, please contact us at privacy@emledger.com. You may also file a complaint with your state's Attorney General office or the Federal Trade Commission (FTC) if you believe your privacy rights have been violated.