Legal
Privacy Policy.
The short version: we collect only what the product needs to draft and reconcile your books, we never store banking credentials, we never sell data, and your clients’ financial data is never used to train models across firms unless you explicitly opt in. Delete your account and we delete your data.
1. Who we are
Ledgza, Inc. (“Ledgza,” “we,” “us”) provides bookkeeping automation software for accounting professionals. This policy describes how we handle personal and financial information when you use ledgza.com and the Ledgza application (together, the “Service”). Questions: support@ledgza.com.
Ledgza is designed for accounting professionals. Your clients’ data enters the Service because you connect it; you remain responsible for having the appropriate authority from your clients to do so.
2. What we collect
Account information
- Name, email address, firm name, and password (stored as a salted hash, which we cannot read)
- Billing information, processed by our payment provider; we do not store full card numbers
Financial data you connect
- Ledger data from QuickBooks Online or Xero via their official APIs: chart of accounts, transactions, journal entries, vendor and customer names
- Bank transaction data, read primarily from the bank feed already connected inside your ledger, or through Plaid for accounts without a feed. We never see or store banking usernames or passwords. Credential exchange happens directly with Plaid or your bank, and we hold only a revocable, read-only access token
Usage information
- Product actions needed for the audit trail (who approved, edited, or rejected an entry, and when)
- Basic technical logs (IP address, browser type, timestamps) for security and debugging
- Pilot signup form submissions (email, firm size, accounting software)
We do not use third-party advertising trackers on the Service.
3. How we use it
- To operate the core product: match transactions, draft journal entries, compute confidence scores, and maintain your audit trail
- To learn your clients’ patterns from your corrections. This learning is scoped to your firm
- To communicate with you about the Service (onboarding, security notices, product updates)
- To secure the Service and comply with law
Cross-firm model training: off by default. Financial data from your firm is never used to train models shared across firms unless you explicitly opt in from your account settings. Opting out (the default) never degrades your access to the Service.
4. What we never do
- We never sell or rent personal or financial data
- We never store banking credentials
- We never initiate payments or move money; all bank connections are read-only
- We never post to your ledger without either a 95%+ confidence score or your explicit approval, and every post is attributed in the audit trail
5. Who we share it with
Only service providers necessary to run Ledgza, each bound by contract to use data solely to provide their service to us:
- Cloud hosting and database (currently Vercel and our database provider): encrypted storage and compute
- Intuit (QuickBooks Online) and Xero: the connections you authorize via OAuth
- Plaid: read-only bank transaction retrieval where you set it up
- Payment processing: subscription billing
- AI model providers: where model inference is used in drafting, requests are made under agreements that prohibit the provider from training on your data
We may disclose information if required by law, and we will notify you unless legally prohibited. If Ledgza is acquired, data remains protected under this policy or a successor policy at least as protective, and you will be notified before any material change applies to you.
6. Security
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). OAuth tokens are encrypted per firm. Access to production data is restricted and logged. Details on our Security & Data Handling page.
7. Retention and deletion
- Account and connected financial data: retained while your account is active
- On account deletion: connected-data and learned-pattern deletion within 30 days; encrypted backups age out within 90 days
- Audit-trail records of entries posted to your ledger may be retained longer where required for legal or accounting-integrity purposes
- You can disconnect QuickBooks, Xero, or Plaid at any time from the app or from the provider’s side; disconnection revokes our access immediately
8. Your rights
You may access, correct, export, or delete your data by emailing support@ledgza.com. We honor applicable rights under state privacy laws (including the CCPA/CPRA for California residents: right to know, delete, correct, and non-discrimination; note that we do not sell personal information). If you are outside the US, we process data in the United States.
9. Children
The Service is for business use by adults. We do not knowingly collect data from anyone under 16.
10. Changes
We will post changes here and update the effective date. Material changes will be announced by email to account holders before they take effect.