Privacy Policy

This Privacy Policy explains how LedgerCopilot ("the App", "we", "us") collects, uses, stores, and protects your personal and financial information.

1. Information We Collect

a) Account Information

• Email address (used for authentication and communication)
• Hashed password (we never store your password in plain text)
• Authentication provider (e.g., Google, Apple) if you use social login

b) Financial Data

• Bank statements you upload (PDF, image, or other supported formats)
• Transaction records parsed from your statements (date, amount, merchant, narration)
• Categories and rules you create for organizing transactions

c) Usage Data

• How you interact with the App (screens visited, features used)
• Device information (operating system, app version)
• Crash reports and error logs for improving reliability

d) Notification Data

• Push notification tokens (if you enable notifications)
• Reminder preferences and schedules

2. How We Use Your Information

• To provide, maintain, and improve the App's functionality
• To parse and categorize your financial transactions
• To generate AI-powered financial insights and summaries
• To send you notifications and reminders you have configured
• To authenticate your identity and secure your account
• To respond to your support requests
• To detect and prevent fraud, abuse, or security incidents

3. AI Processing

Your transaction data may be processed by AI models to provide categorization, insights, and chat-based financial analysis. AI-generated outputs are informational only and do not constitute financial advice.

4. Data Storage & Security

• All data is encrypted in transit (TLS/SSL) and at rest
• Passwords are hashed using industry-standard algorithms
• Financial data is stored on secure, access-controlled servers
• We implement regular security audits and monitoring
• Access to production data is restricted to authorized personnel only

5. Data Retention

• Your data is retained for as long as your account is active
• When you delete your account, all associated personal and financial data is permanently deleted within 30 days
• Anonymized, aggregated data may be retained for analytics and service improvement purposes

6. Data Sharing

We do not sell your personal or financial data. We may share data only in these limited circumstances:

• With service providers who assist in operating the App (e.g., cloud hosting, AI processing), under strict confidentiality and data processing agreements
• When required by law, regulation, legal process, or governmental request
• To protect the rights, safety, or property of LedgerCopilot, our users, or the public
• With your explicit consent

7. Third-Party Services

The App may use the following categories of third-party services:

• Cloud infrastructure providers (for data storage and processing)
• AI/ML service providers (for transaction categorization and insights)
• Authentication providers (Google, Apple for social login)
• Push notification services (for delivering reminders)

These providers are contractually bound to protect your data and use it only for the purposes we specify.

8. Cookies & Local Storage

• On mobile, we use secure device storage for authentication tokens
• On web, we use secure httpOnly cookies for session management
• We do not use tracking cookies or third-party advertising cookies

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain types of data processing
• Restriction: Request restriction of processing under certain circumstances
• Withdraw Consent: Withdraw any previously given consent at any time

To exercise any of these rights, contact us at [email protected] or use the relevant features in the App (e.g., account deletion in Settings).

10. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. International Data Transfers

Your data may be processed in countries other than your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or via email. The "Last updated" date at the top of this policy indicates when it was last revised.