Legal Documentation

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: April 14, 2026 · Version 2.0

Who this policy applies to: This Privacy Policy applies to wealth advisory firms, financial advisors, and their authorized personnel who use the Ledgr platform ("you," "your firm"), and to clients whose data is entered into the platform by those firms. It does not apply to end consumers dealing directly with your firm.

1. Information We Collect

1.1 Account and Organization Data

When your firm creates a Ledgr account, we collect:

Firm name, billing address, and contact information
User names, email addresses, and role assignments (admin, advisor, viewer)
Authentication credentials (passwords are hashed; we never store plaintext passwords)
Microsoft Entra ID / Azure AD identity tokens for enterprise SSO users
Multi-factor authentication (MFA) configuration and backup codes (stored encrypted)
Login history, device and browser information, and IP addresses

1.2 Client Financial and Personal Data

Ledgr is designed to manage records for ultra-high net worth (UHNW) wealth advisory clients. Your firm may enter and store the following categories of client data:

Personal identifiers: Full legal names, dates of birth, Social Security Numbers (SSN), taxpayer identification numbers
Contact information: Home addresses, email addresses, phone numbers
Financial data: Net worth figures, asset values, investment portfolio information, beneficiary designations
Insurance policy data: Policy numbers, carrier names, coverage amounts, premium schedules, beneficiary information, policy documents (life insurance, disability, long-term care, liability)
Loan and liability data: Loan balances, interest rates, repayment schedules, collateral descriptions, lender information
Entity structure data: Trust structures, LLC/partnership formations, family office details
Documents: Policy certificates, financial statements, estate planning documents, uploaded by your firm
Planning scenarios: Financial projections, stress-test models, planning notes

Important: Ledgr is a tool for advisors, not a direct-to-consumer service. Your firm is the data controller for all client data you enter. Ledgr acts as a data processor on your behalf. Your firm is responsible for obtaining any required consents from your clients before entering their data.

1.3 Usage and Technical Data

Pages visited, features used, and session durations
API request logs (for security and debugging)
Error reports and performance metrics
Browser type, operating system, and device type

1.4 Third-Party Integration Data

If your firm connects optional integrations, we may receive:

Airtable: CRM records, contact data, and custom fields you specify in the integration configuration
Egnyte: Document metadata and file access tokens (file contents are fetched on-demand; not stored permanently in Ledgr)
Microsoft Teams: Webhook URL for notifications only; no Teams data is stored in Ledgr

2. How We Use Your Information

Purpose	Data Used	Legal Basis
Providing and operating the Ledgr platform	All account, client, and usage data	Contract performance
Authentication and access control	Credentials, session data, MFA config, IP addresses	Contract performance; legitimate interest (security)
Generating reports, scenarios, and PSR summaries	Client financial, insurance, and loan data	Contract performance (processing on your behalf)
Security monitoring and fraud prevention	Login events, IP addresses, access logs	Legitimate interest; GLBA Safeguards Rule compliance
Sending system notifications (anniversary alerts, renewal reminders)	Email addresses, policy/loan dates	Contract performance
Compliance auditing and evidence retention	Access logs, privileged action evidence	Legal obligation (GLBA, SEC recordkeeping)
Platform improvement and debugging	Anonymized usage data, error logs	Legitimate interest

We do not sell your data or your clients' data to third parties. We do not use client financial data for advertising, profiling, or any purpose beyond operating the platform for your firm.

3. Data Storage and Security

3.1 Encryption

In transit: All data transmitted between your browser and Ledgr servers is encrypted using TLS 1.2 or higher (HTTPS enforced; HTTP is not supported)
At rest: Database data is encrypted at rest by Neon (AES-256). OAuth tokens and integration credentials are additionally encrypted at the application layer using AES-256-GCM before storage
Documents: Files stored in Cloudflare R2 are encrypted at rest (AES-256)
Passwords: Hashed using bcrypt (cost factor 12) — never stored in plaintext

3.2 Access Controls

Role-based access control (RBAC): Super Admin, Admin, Advisor, and Viewer roles with least-privilege defaults
Multi-tenant isolation: Each firm's data is strictly isolated; no cross-organization data access is possible by design
Multi-factor authentication (MFA) available for all users; enforceable by organization policy
Account lockout after 5 failed login attempts (15-minute lockout)
Session timeout configurable by organization (default: 8 hours)
All privileged actions (user creation, role changes, org settings changes) are logged with before/after state

3.3 Infrastructure Security

Hosted on Render (SOC 2 Type II certified) in US-West (Oregon)
Database hosted on Neon (SOC 2 Type II certified) in US-East
No production database access without explicit authorization and logging
Security headers deployed: X-Frame-Options (SAMEORIGIN), X-Content-Type-Options (nosniff), Referrer-Policy (strict-origin-when-cross-origin), Permissions-Policy

4. Data Retention

We retain data in accordance with applicable financial regulations and your firm's configuration:

Data Type	Default Retention	Regulatory Basis
Financial records (portfolios, valuations, loan data)	7 years	GLBA, SEC Rule 17a-4
Insurance policy records	10 years	State insurance regulations
User access logs and audit trails	7 years	GLBA Safeguards Rule § 314.4(f)
Security events and alerts	3 years	GLBA Safeguards Rule
Login and session records	1 year	Security best practice
Uploaded documents	Until deletion by your firm	Contractual
Account/organization data after cancellation	90 days (then permanently deleted)	Contractual

Your firm can request deletion of specific records at any time through the platform's deletion workflow. Regulatory-minimum retention periods apply and cannot be shortened for data subject to GLBA or SEC recordkeeping requirements.

5. Third-Party Processors (Subprocessors)

We use the following subprocessors to provide the Ledgr platform. Each has been evaluated for data security and compliance posture:

Subprocessor	Purpose	Data Processed	Location	Compliance
Neon Inc.	Primary database (PostgreSQL)	All application data including PII and financial records	US (AWS us-east-2)	SOC 2 Type II
Render	Application hosting and runtime	Application logs, environment variables, request data in-transit	US (AWS us-west-2)	SOC 2 Type II
Cloudflare R2	Document and file storage	Uploaded documents, PDF reports, signed agreements	US (Cloudflare global, US data residency)	SOC 2 Type II, ISO 27001
Postmark (Wildbit)	Transactional email	Email addresses, names, notification content (no financial data)	US	SOC 2 Type II
Microsoft (Entra ID)	Enterprise SSO (optional)	Identity tokens, email addresses, display names (if SSO configured)	US / EU (configurable)	ISO 27001, SOC 2, FedRAMP
Airtable	CRM integration (optional, org-configured)	Contact and record data per integration config	US	SOC 2 Type II
Egnyte	Document management integration (optional)	Document metadata, scoped access tokens	US	SOC 2 Type II, HIPAA eligible

An up-to-date subprocessor list is maintained in the Ledgr Security Center. We will notify subscribed firms of any material changes to subprocessors with at least 30 days' notice where practicable.

6. GLBA Financial Privacy Disclosures

Ledgr serves Registered Investment Advisors (RIAs), insurance professionals, and other financial service providers subject to the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule (16 C.F.R. Part 314).

6.1 Our Role as a Service Provider

Under GLBA, Ledgr operates as a service provider to financial institutions (your firm). We receive and process "nonpublic personal information" (NPI) about your clients on your behalf and under your direction.

As your service provider, Ledgr:

Maintains safeguards to protect NPI consistent with GLBA and the Safeguards Rule
Does not disclose NPI for any purpose other than providing services to your firm
Does not use NPI for its own marketing or analytics
Maintains a Written Information Security Program (WISP) addressing the requirements of § 314.4
Designates a qualified individual responsible for our information security program

6.2 Your Firm's GLBA Obligations

Your firm, as the financial institution, remains responsible for:

Providing required privacy notices to your clients
Ensuring this use of Ledgr is disclosed in your firm's own privacy notice
Maintaining a WISP that covers Ledgr as a service provider
Implementing appropriate technical controls at your firm level (device security, employee training, etc.)

Note on HIPAA: Ledgr does not handle protected health information (PHI) as defined under HIPAA and does not represent itself as HIPAA-compliant or a HIPAA-covered entity or Business Associate. If your firm's clients share health-related documents via Ledgr, your firm is responsible for ensuring compliance with any applicable HIPAA obligations.

7. Your Rights (CCPA and State Privacy Laws)

For users and clients in states with applicable privacy laws (including California under CCPA/CPRA), the following rights apply:

7.1 Rights for Firm Administrators and Users

Right to Know: Request a summary of personal information we hold about you
Right to Delete: Request deletion of your personal information (subject to legal retention requirements)
Right to Correct: Request correction of inaccurate personal information
Right to Opt Out: We do not sell personal information; this right is not applicable
Non-Discrimination: We will not discriminate against you for exercising these rights

7.2 Rights for Clients Whose Data Is Managed by Your Firm

If you are an individual whose data has been entered into Ledgr by a wealth advisory firm, your rights requests should be directed to that firm, not to Ledgr. We are a processor on their behalf. Upon verified instruction from your firm, we will assist with data access, correction, or deletion requests.

To exercise your rights, contact us at: privacy@ledgr.com

8. Data Sharing and Disclosure

We share data only in these circumstances:

Subprocessors: As listed in Section 5, for the specific purposes described
Legal requirements: When required by law, regulation, court order, or valid legal process from a government authority
Safety: To protect the safety, rights, or property of Ledgr, its users, or the public
Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate data protection continuity
With your consent: Any other sharing requires your explicit, informed consent

We do not:

Sell personal information or client financial data
Share data with data brokers
Use client data for advertising targeting
Disclose data to any third party without a legitimate basis

9. International Data Transfers

Ledgr's primary infrastructure is located in the United States. If your firm is located outside the United States, data you enter into Ledgr will be transferred to and processed in the US.

For firms subject to GDPR or other international data protection frameworks, please contact us at privacy@ledgr.com to discuss appropriate data transfer mechanisms (Standard Contractual Clauses or equivalent).

10. Children's Privacy

The Ledgr platform is a professional B2B service intended for use by wealth advisory firms and their staff. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. Client records in Ledgr may include minor beneficiaries in the context of estate planning data; such data is subject to the same protections as all other NPI.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify organization administrators via in-app banner and email
Provide at least 30 days' notice before material changes take effect for existing subscribers
Maintain a version history of significant policy changes

Continued use of Ledgr after the effective date of changes constitutes acceptance of the revised policy.

12. Contact Us

Privacy and Data Protection Inquiries:

Email: privacy@ledgr.com

Subject line: "Privacy Request — [Your Firm Name]"

Security Incident Reports:

Email: security@ledgr.com

General Support:

Support portal available at ledgr-wealth.polsia.app

We aim to respond to all privacy requests within 10 business days. For CCPA requests, we will respond within 45 days as required by law.