Ledgy
Open dashboard Join the beta
Legal

Privacy Policy

Last updated May 10, 2026 privacy@ledgy.app

Summary

The short version: Ledgy is local-first. Your transactions live on your device. If you turn on Cloud, an encrypted copy syncs to our servers so other devices and shared groups can see it. We never sell your data, never look at your transactions, and never use them to train AI.

This Privacy Policy explains what data Ledgy ("we", "us") collects when you use the Ledgy iOS app, the Ledgy web dashboard at dashboard.ledgy.app, the Ledgy Telegram bot, and any related services (collectively, the "Service"). It is written in plain English and aligned with the GDPR (EU 2016/679) and Apple App Store requirements.

What we collect

Account data (when you sign up for Cloud)

  • Email address — used to identify your account and send you transactional email.
  • Authentication tokens — issued by Apple Sign-In or our own auth flow.
  • Subscription status — whether you have an active Cloud entitlement, supplied by RevenueCat.

Application data (when you use Cloud)

  • Transactions, accounts, categories, tags, budgets, recurring rules, group memberships, and category rules.
  • Receipt photos you attach.
  • Voice recordings — not stored. Speech is transcribed on your device by Apple's on-device speech framework. Only the resulting text is sent to our AI for parsing.
  • For Telegram users: your Telegram user ID, used as the join key for your Ledgy account.
  • For Apple Wallet users: transaction notifications you choose to forward — merchant, amount, currency, and timestamp. We never receive card numbers.

Diagnostic data

  • Crash reports — anonymized, sent through Apple's standard crash reporting (which you can opt out of in iOS Settings).
  • Aggregate usage events — page views and click events, no personal content. We use a privacy-respecting analytics provider that does not set tracking cookies and does not build cross-site profiles.

What we never collect

  • Your bank credentials, card numbers, or banking sessions. Ledgy does not connect to bank accounts.
  • Your contacts, photos library, calendar, or location.
  • Identifiers For Advertisers (IDFA). Ledgy does not show ads.
  • Voice audio. Speech-to-text runs on your device.
  • Anything we don't strictly need to deliver the features above.

How we use it

We use the data above only for the following purposes:

  • Sync your ledger across your own devices.
  • Share visibility with people you have explicitly invited to a shared resource.
  • Parse the text from your voice/photo/SMS into a transaction (AI processing).
  • Send you transactional email — sign-in links, invoices, security notices, account changes.
  • Diagnose crashes and improve the product.

We do not sell your data, share it for advertising, or use it to train third-party AI models.

Subprocessors

To deliver the Service we rely on the following providers. Each is bound by a Data Processing Agreement and processes data only on our instructions.

  • Hetzner — hosting our backend and database in Germany (EU).
  • OpenAI / Anthropic — AI parsing of transaction text. Your transcribed message is sent for parsing; outputs are not used to train their models per their API terms.
  • RevenueCat — subscription state on iOS.
  • Apple — payment processing for in-app subscriptions and crash reporting.
  • Resend — transactional email delivery.
  • Telegram — bot relay for users who opt into the Telegram intake.

If you'd like a list of subprocessor sub-locations or DPA copies, write to privacy@ledgy.app.

Retention & deletion

  • Transactions and receipts you create are kept until you delete them or delete your account.
  • If you cancel Cloud, your local copy stays on your device. The Cloud copy is retained for 30 days, then deleted.
  • Account deletion: open Settings → Account → Delete account. Everything on the server is wiped within 7 days. Backups roll off within 30 days.

Your rights

If you're in the EU, UK, or California you have rights to access, correct, port, delete, or object to the processing of your personal data. You can exercise all of these from inside the app under Settings → Account, or by emailing privacy@ledgy.app. We respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

Children

Ledgy is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from minors. If you believe a child has signed up, contact us and we'll delete the account.

Changes

If we change this policy in a way that affects how we handle your data, we'll notify you in-app and by email at least 14 days before the change takes effect. Continued use of the Service after the change constitutes acceptance.

Contact

Email: privacy@ledgy.app