Privacy Policy

Last updated: June 1, 2025

Jump to section

1. Overview 2. Data We Collect 3. How We Use Data 4. Data Sharing 5. Retention 6. Security 7. Your Rights 8. Cookies 9. International Transfers 10. Children 11. Changes 12. Contact
Your privacy matters to us. This policy explains clearly what data we collect, why we collect it, and how you can control it.

1 Overview

LedgrBee ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business operations platform ("Service").

This policy applies to all users of the LedgrBee platform, including Tenant Administrators, employees and staff of subscribing organisations, and visitors to our website.

LedgrBee acts as the Data Controller for account and usage information we collect directly. For data that Tenant organisations input into their workspace, LedgrBee acts as a Data Processor, and the Tenant organisation is the Data Controller.

2 Data We Collect

2.1 Information You Provide Directly

CategoryExamplesPurpose
Account DataFull name, email address, password (hashed)Authentication, communication
Organisation DataCompany name, industry, address, tax IDTenant provisioning, invoicing
Business RecordsContacts, invoices, transactions, productsCore platform functionality
Payment InformationBilling period, amount, payment referenceSubscription billing (no card numbers stored)
Support DataSupport tickets, feedback messagesCustomer support

2.2 Information Collected Automatically

CategoryExamplesPurpose
Log DataIP address, browser type, pages visited, timestampsSecurity, debugging
Device DataOperating system, screen resolution, languagePlatform optimisation
Usage DataFeatures used, session duration, click patternsProduct improvement
Cookie DataSession tokens, preferencesAuthentication, personalisation

2.3 Information We Do NOT Collect

  • Full payment card numbers (we use payment processors that handle this directly)
  • Passwords in plaintext (all passwords are hashed using industry-standard algorithms)
  • Biometric data
  • Sensitive personal data as defined under GDPR Article 9 (unless you voluntarily provide it)

3 How We Use Your Data

We use the data we collect for the following purposes, relying on the legal bases indicated:

PurposeLegal Basis
Providing and maintaining the ServiceContractual necessity
Creating and managing your accountContractual necessity
Processing billing and paymentsContractual necessity
Sending transactional emails (invoices, password resets)Contractual necessity
Sending service announcements and product updatesLegitimate interest
Responding to support requestsContractual necessity / Legitimate interest
Preventing fraud and ensuring platform securityLegitimate interest / Legal obligation
Analytics and product improvementLegitimate interest
Complying with legal obligationsLegal obligation
Marketing communications (opt-in only)Consent

4 Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following limited circumstances:

4.1 Service Providers (Sub-processors)

We engage trusted third-party vendors to help us operate the Service. These include:

  • Cloud Hosting: Infrastructure providers for data storage and compute
  • Email Delivery: SMTP providers for transactional emails
  • Analytics: Aggregated, anonymised usage analytics tools

All sub-processors are bound by data processing agreements that require them to protect your data.

4.2 Legal Requirements

We may disclose your data if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of LedgrBee, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

5 Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

Data TypeRetention Period
Active account and business dataDuration of subscription
Data after account termination30 days (export window), then deleted
Financial and billing records7 years (legal/tax obligation)
Support and communication records3 years after resolution
Security and access logs90 days
Marketing opt-in recordsUntil consent is withdrawn

6 Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Password hashing using industry-standard algorithms (ASP.NET Core Identity)
  • Multi-tenant data isolation — your data is logically separated from other tenants
  • Role-based access controls within tenant workspaces
  • Regular security assessments and dependency audits
  • Two-factor authentication (2FA) availability for all users

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7 Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request that we limit how we process your data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, please contact us at privacy@ledgrbee.com. We will respond within 30 days. In some cases, we may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your local data protection supervisory authority.

8 Cookies

We use cookies and similar tracking technologies. For full details, please see our Cookie Policy.

9 International Data Transfers

Your data may be processed in countries other than your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by relevant data protection authorities, to protect your privacy rights.

10 Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to remove such data.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice within the Service at least 14 days before the change takes effect. The updated policy will include a revised "Last Updated" date.

12 Contact Our Data Protection Team

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

LedgrBee — Privacy Team

privacy@ledgrbee.com

https://ledgrbee.com

Terms of Use

Platform rules and agreements

Cookie Policy

How we use cookies

Disclaimer

Limitations and warranties