LedgerClean — Privacy Policy
Last updated: April 14, 2026
Overview
LedgerClean is a diagnostic tool for professional bookkeepers. We process your clients' financial data to generate diagnostic reports, then delete the source files. We designed our data handling to minimize what we store and to protect your clients' information at every step.
What We Collect
Account information:
Your email address, password (hashed, never stored in plain text), firm name, and optional logo upload for branded PDF reports.
Project metadata:
Client display name (chosen by you, not pulled from the uploaded data), accounting platform, fiscal year end, period under review, industry type (optional).
Uploaded files:
QuickBooks Online export files (Excel and CSV) that you upload for diagnostic analysis. These files contain your clients' financial data, including transaction details, account names, vendor names, and balances.
Diagnostic results:
Health scores, category scores, issue lists with descriptions, checklist items, fix procedures, draft journal entry memos, and scan history. This is structured data derived from your uploaded files. It includes account names and aggregate transaction data (totals, date ranges, vendor counts) but not full line-item transaction records.
Usage data:
Basic analytics including pages visited, features used, and diagnostic processing times. We use Meta Pixel to measure ad performance and track pageviews. Meta Pixel collects standard browser data (pages visited, referral info, device type) but does not receive any financial or client data.
Payment information:
Processed by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. See Stripe's privacy policy at stripe.com/privacy.
How We Use Your Data
To provide the service:
We parse your uploaded files, run diagnostic checks, and generate reports. This is the core function of the tool.
To improve accuracy:
To maintain diagnostic accuracy, we may review anonymized diagnostic output patterns to identify detection errors and calibrate health scores. We do not share your clients' data with other users.
To communicate with you:
Account-related emails (trial expiration, billing, password reset) and occasional product updates. No marketing emails without your consent.
How We Handle Uploaded Files
This is the most important section of this policy. We built LedgerClean to avoid storing your clients' financial data.
During processing:
Your uploaded files are parsed server-side. The data is analyzed by our rule-based detection engine. A summary of findings, with personally identifiable information removed, is sent to the Anthropic Claude API for interpretation.
After processing:
Uploaded files are deleted within 1 hour of diagnostic completion. Parsed diagnostic data (findings, health scores, account lists) is retained as long as your account is active.
What we keep:
Diagnostic results (the report, not the source data). Think of it as keeping the doctor's notes but discarding the lab samples.
PII Handling and AI Processing
Before any data is sent to the Anthropic Claude API for analysis, LedgerClean strips structured personally identifiable information:
- Social Security numbers and Employer Identification Numbers are stripped (detected by pattern matching)
- Bank account numbers are stripped entirely
- Email addresses, phone numbers, and physical addresses are stripped
- Your client's business name is replaced with a generic label
Vendor and customer names are sent to the AI. The AI needs these names to generate accurate fix procedures (for example, identifying duplicate vendors or flagging potential 1099 misclassifications). Vendor and customer names are not anonymized or replaced with labels.
The Claude API does not see your client's business name, bank account numbers, Social Security numbers, or other structured PII. It does see vendor names, customer names, account names, transaction descriptions, and financial amounts, as these are necessary for meaningful diagnostic analysis.
Third-Party Services
Anthropic (Claude API):
Processes anonymized diagnostic findings for interpretation and narrative generation. Anthropic's commercial API terms prohibit use of API data for model training. Anthropic retains API logs for up to 7 days per their standard policy.
Stripe:
Processes subscription payments. Handles all payment credentials. See stripe.com/privacy.
Supabase:
Hosts our database and file storage. Data is encrypted at rest and in transit. Supabase servers are located in the United States.
Vercel:
Hosts the web application. See vercel.com/legal/privacy-policy.
Meta (Facebook Pixel):
Tracks pageviews for ad measurement and performance reporting. Meta Pixel collects standard browser data (pages visited, referral URL, device and browser type). It does not receive any financial data, client data, or uploaded file contents. See facebook.com/privacy.
We do not sell your data or your clients' data to anyone. We do not share financial or client data with advertisers. Meta receives standard pageview and browser data through the Meta Pixel. We do not use your data for purposes unrelated to providing the LedgerClean service.
Cookies and Tracking
Essential cookies:
LedgerClean uses cookies for essential site functionality, including authentication and session management. These cookies are required for signing in, staying signed in across pages, and keeping your account secure.
Meta Pixel:
We use Meta Pixel for advertising measurement, which sets third-party cookies to track ad performance. These cookies help us understand which ads led visitors to LedgerClean and measure the effectiveness of our marketing campaigns.
Google Analytics:
We use Google Analytics to understand how visitors use our site, including which pages are most popular and how users navigate through the product. Google Analytics sets cookies to distinguish returning visitors from new visitors and to aggregate usage patterns.
Your cookie controls:
You can control cookie settings through your browser preferences. Most browsers allow you to block or delete cookies, either entirely or from specific sites. Blocking or deleting cookies may affect site functionality, including the ability to sign in and stay signed in.
Data Security
- All data is encrypted in transit (TLS) and at rest (Supabase default encryption)
- Account passwords are hashed, never stored in plain text
- API keys and secrets are stored in environment variables, never in client-side code
- Row-level security ensures users can only access their own projects and data
- Structured PII (SSNs, EINs, bank accounts, emails, phones, addresses) is stripped before data is sent to the AI for processing
Your Rights
Access:
You can view all diagnostic reports and project data stored in your account at any time.
Export:
You can download PDF reports and CSV exports of your diagnostic data.
Deletion:
You can delete individual projects (which removes the diagnostic results and any associated data) or close your entire account. Upon account closure, all associated data is deleted.
Correction:
If you believe any stored data is inaccurate, contact us and we will correct or delete it.
Data Retention
| Data Type | Retention |
|---|---|
| Account information | Until you close your account |
| Project metadata | Until you delete the project or close your account |
| Diagnostic results | Until you delete the project or close your account |
| Uploaded files | Deleted within 1 hour of processing |
| Payment records | Retained by Stripe per their policies |
Children's Privacy
LedgerClean is a professional tool for bookkeepers and accountants. It is not intended for use by anyone under 18 years of age. We do not knowingly collect information from minors.
Changes to This Policy
We will notify registered users by email of material changes to this privacy policy at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
Questions about this privacy policy or your data can be directed to: privacy@ledgerclean.com