← Back to home

Privacy policy

Last updated: 6 March 2026

LedgerSignal Pty Ltd ("LedgerSignal", "we", "us") is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy describes how we collect, use, disclose, and protect personal information.

What we collect

We only collect personal information that is reasonably necessary to provide the service. This includes:

  • Account information: name, email address, organisation name
  • Documents you upload: bank statements and financial records for transaction analysis
  • Usage data: how you interact with the service
  • Technical data: browser type, IP address, device information

Where practicable, you may interact with us without identifying yourself (for example, browsing our public website). However, an account with your name and email is required to use the service.

How we use your data

We use your personal information only for the purposes for which it was collected:

  • Provide and improve the service
  • Extract and analyse transaction data from your documents
  • Send service-related communications
  • Ensure security and prevent fraud

We do not use your personal information for purposes other than those stated above without your consent.

AI processing

We use AI services (OpenAI and Google Gemini) to extract and analyse transaction data from documents you upload. Your data is processed via API to provide the service only — our AI providers do not store your data and are contractually prohibited from using it to train their models.

Cross-border disclosure

Your personal information is processed and stored in the United States by our subprocessors, including Vercel (hosting), Neon (database), Upstash (background jobs), OpenAI and Google (AI processing), Clerk (authentication), Resend (email), PostHog (analytics), and Intercom (support).

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in accordance with the APPs, as required by APP 8. All of our subprocessors maintain SOC 2 Type II or ISO 27001 certifications. For a full list, see our Trust & security page.

Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access or disclosure:

  • AES 256-bit encryption for data at rest and in transit
  • Organisation-level access controls
  • Authentication with multi-factor authentication support via Clerk

Data sharing

We do not sell, rent, or trade your personal information. We only share data with:

  • Service providers who help us operate the service (hosting, AI processing, authentication, email, analytics, support)
  • When required or authorised by Australian law or a court order

Direct marketing

We may send you service-related communications (such as product updates or feature announcements) by email. You can opt out of these communications at any time by using the unsubscribe link in the email or by contacting us. We will not use or disclose your personal information for direct marketing by third parties.

Data retention

We retain your personal information only while your account is active and for as long as necessary to fulfil the purposes for which it was collected. You can delete case data at any time from within the application. When you close your account, we delete all your data within 30 days.

Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information (APP 12)
  • Correct inaccurate or out-of-date information (APP 13)
  • Request deletion of your data
  • Export your transaction data as CSV

To exercise any of these rights, email john@ledgersignal.com. We will respond within 30 days.

Cookies

We use essential cookies to keep you logged in and remember your preferences. We use analytics (PostHog) to understand how the service is used.

Changes

We'll notify you of significant changes to this policy via email or in-app notification.

Complaints

If you believe we have breached the Australian Privacy Principles, please contact us at john@ledgersignal.com. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Contact

Privacy questions? Email john@ledgersignal.com

See also our Trust & security and Data processing agreement