Legal Documentation

Cookie & Tracking Policy

Effective Date: January 1, 2025 · Last Updated: April 14, 2026

The short version: Ledgr uses only essential cookies and local storage required for authentication and session management. We do not use advertising trackers, social media pixels, or third-party analytics cookies.

What We Use

Ledgr is a professional B2B SaaS platform, not a consumer website. Our approach to cookies and tracking reflects this: we use only what is strictly necessary to operate the platform securely.

Name / Mechanism	Type	Purpose	Duration	Third-Party?
ledgr_token (localStorage)	Essential	Stores your JWT authentication token to keep you logged in between page refreshes	7 days (token expiry); cleared on logout	No — stored locally in your browser only
ledgr_portal_token (localStorage)	Essential	Stores the portal authentication token for client portal users	Session or until expiry	No
Browser session state	Essential	Browser-managed session data for navigation state; automatically cleared when you close your browser	Browser session	No
Microsoft Entra ID / SSO tokens	Essential (if SSO configured)	MSAL.js stores SSO session tokens in localStorage for Microsoft Entra ID enterprise SSO users. These are set by Microsoft's authentication library.	Until session expiry or logout	Yes — Microsoft (for SSO users only)

What We Do NOT Use

No advertising or retargeting cookies — We do not use Google Ads, Facebook Pixel, LinkedIn Insight Tag, or any other advertising trackers
No analytics cookies — We do not use Google Analytics, Mixpanel, Amplitude, Hotjar, or similar tools that set persistent tracking cookies
No social media trackers — We do not embed social media buttons or widgets that set third-party cookies
No cross-site tracking — Nothing in the Ledgr platform is designed to track you across other websites
No behavioral profiling — We do not build behavioral profiles of users for any purpose outside of platform security (e.g., detecting anomalous login patterns)

Server-Side Analytics

We collect server-side access logs (request paths, timestamps, IP addresses, user agents) for security monitoring and debugging purposes. This is processed server-side without setting any cookies in your browser. These logs are used exclusively for security alerting, performance monitoring, and abuse prevention.

Our internal analytics (e.g., how many organizations are active, feature usage rates) are derived from our own database records, not from third-party tracking pixels or cookies.

Managing Your Preferences

Since we only use essential cookies and localStorage for authentication, there is no cookie consent banner needed — we cannot offer you a choice about essential authentication mechanisms without breaking the platform.

To clear Ledgr's stored data from your browser:

Log out of Ledgr (this clears authentication tokens)
Clear your browser's localStorage for ledgr-wealth.polsia.app via your browser settings
For enterprise SSO users: clearing Microsoft's MSAL tokens may require signing out of your Microsoft account

Future Changes

If we introduce any new cookies or third-party tracking in the future, we will update this policy and notify organization administrators before any changes take effect. We will not introduce advertising trackers or behavioral profiling without explicit consent from organization administrators.

Contact

Questions about this Cookie Policy or our approach to tracking?

Email: privacy@ledgr.com