Privacy Policy
Effective date: 27 April 2026· Last updated: 27 April 2026
This Privacy Policy explains what information Ledger Tome ("we", "us", "the Service") collects, how we use it, and what rights you have over it. It applies to ledgertome.com and the connected web application.
If you have questions or want to exercise any of the rights described below, contact us at info@ledgertome.com .
1. Who we are
Ledger Tome is a web service that converts PDF bank and credit card statements into structured files (CSV, Excel, QIF, QBO, JSON). We are based in Finland and offer the Service globally.
For the purposes of the EU General Data Protection Regulation (GDPR), Ledger Tome is the data controller for personal data processed through the Service. You can reach us at info@ledgertome.com for any privacy-related request, including data access, correction, deletion, or objection requests.
2. Information we collect
2.1 Information you provide
- Account information. Email address and (for password-based accounts) a password. Passwords are stored as one-way hashes by our authentication provider; we never see them in plaintext. If you sign in with Google, we receive a Google account identifier and your email address.
- Billing information. When you subscribe or buy a token pack, our payment provider (Stripe) collects your name, billing address (country, state/region, postal code), and payment instrument. Stripe is the controller of your card data; we receive only the billing address, optional business tax ID (e.g., GST/HST, EU VAT), and a customer reference.
- Files you upload. PDF bank or credit card statements you submit for conversion, the structured output we produce from them, and any associated metadata (file name, document type tag, page count).
- Email forwarding routes. If you create an email-conversion route, the alias address and forwarding preferences associated with it.
- Feedback and support correspondence. Anything you send us through in-app feedback, support email, or related channels.
2.2 Information collected automatically
- Service usage data. Per-day counters of conversions, exports by format (CSV, Excel, QIF, QBO, JSON), bank/credit-card split, and a normalized list of bank names extracted from statements you converted. This data is associated with your account.
-
Marketing attribution. When you arrive on our site, we record traffic-source parameters (UTM tags, referrer, landing page) and tie them to your account at signup so we can understand how people find us. We retain a multi-touch attribution history for each account. Ad-network click identifiers such as
fbclidand the corresponding_fbc/_fbpcookies are only captured if you accept analytics and advertising cookies (see Section 7). - Technical and security data. IP address, user-agent, and request metadata necessary to operate the Service, prevent abuse, and meet legal obligations. We use this information, together with signup and account metadata, to detect and prevent abuse of the free tier and protect the Service.
- Cookies and similar technologies. See Section 7.
3. How we use your information
We process your information to:
- Provide the Service: receive your PDFs, run them through our conversion pipeline, deliver the output files, and let you re-download them within their retention window.
- Manage your account, authentication, and subscription, including billing and tax compliance.
- Send service-related emails (e.g., account verification, payment receipts, password resets, important Service notices).
- Send marketing emails about the Service if you have signed up — you can unsubscribe at any time using the link in those emails.
- Operate, debug, and improve the Service, including aggregate analytics on conversion volumes, format mix, and bank coverage.
- Detect, prevent, and respond to fraud, abuse of free-tier signups, and security incidents.
- Measure marketing performance, including ad-platform conversion attribution (see Section 7).
- Comply with legal, accounting, and tax obligations.
Legal bases (GDPR)
- Contract (Art. 6(1)(b)): operating your account, processing your conversions, billing.
- Legitimate interests (Art. 6(1)(f)): security, abuse prevention, product analytics in aggregate, measuring the effectiveness of our marketing.
- Consent (Art. 6(1)(a)): analytics and advertising cookies (the Meta Pixel and Conversions API) and marketing emails. We ask every visitor up front and you can withdraw consent at any time from Settings → Privacy & cookies .
- Legal obligation (Art. 6(1)(c)): retaining invoices and other records required by Finnish accounting law.
4. AI processing of your statements
To extract transactions from your PDFs, we send the document to a proprietary AI processing pipeline running on Amazon Web Services (AWS Bedrock) in the EU (Ireland) region. The AI engine, prompts, and post-processing logic are confidential to Ledger Tome.
What you should know about this step:
- Your PDF is sent only for the purpose of extracting its contents into a structured file for you.
- Your documents are not used to train any AI model. We have configured our AI processing such that inputs and outputs are not retained by the model provider for training, fine-tuning, or any other purpose beyond returning the result to us.
- Processing happens within AWS infrastructure in the EU; see Section 9 on international transfers.
5. Sub-processors
We share data with the following service providers strictly to operate the Service. Each is bound by their own data processing terms.
| Sub-processor | Purpose | Region |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, file storage, databases, authentication, AI inference, and transactional email | EU (Ireland), with edge delivery via CloudFront |
| Stripe | Payment processing, subscription management, billing-address and tax-ID collection | Ireland / United States |
| Brevo (Sendinblue) | Marketing email and contact list management | EU |
| Meta Platforms (Facebook/Instagram) | Advertising measurement and audience matching via the Meta Pixel and Conversions API (only when you accept analytics & advertising cookies) | EU / United States |
| Google Sign-In (optional), web fonts | EU / United States |
We will update this list when we add or change sub-processors. If you are a customer and want to be notified of changes, email us.
6. Retention
We keep your information only as long as we need it.
| Data | Retention |
|---|---|
| Uploaded PDF files | Up to 7 days from upload, then automatically deleted |
| Generated output files (CSV/Excel/QIF/QBO/JSON) | Up to 7 days from generation, then automatically deleted |
| Account record (email, tier, settings) | Until you delete your account |
| Billing and invoice records (Stripe + our cache) | Retained for 6 years after the relevant transaction, as required by Finnish accounting law |
| Conversion analytics (per-account daily counters) | Until you delete your account; see Section 8 for what happens on deletion |
| Marketing attribution touches | Until you delete your account |
| Anti-abuse and security records | Retained for as long as needed to operate our abuse-prevention controls. Records associated with confirmed abuse may be retained indefinitely. |
| Marketing email subscriber profile (Brevo) | Until you unsubscribe or delete your account |
| Support and feedback messages | Up to 24 months unless required longer to resolve a dispute |
7. Cookies and tracking technologies
We use the following categories of cookies and similar technologies:
- Strictly necessary. Authentication tokens, CSRF and session protection, load balancing. The Service cannot function without these, so they are always on.
- Functional. Local-storage entries that remember your marketing-attribution touches between visits so we can attribute your eventual signup, plus your cookie-preference choice itself.
-
Analytics and advertising (only with your consent). The Meta Pixel and Meta's Conversions API (CAPI) help us measure how our ads perform. This involves:
- Cookies set by Facebook (
_fbp,_fbc) when you visit pages that include the Pixel. - Sending hashed identifiers (e.g., your hashed email and IP) and event data (such as page views, signups, and purchases) to Meta, both client-side via the Pixel and server-side via CAPI.
- Standard URL click identifiers such as
fbclidfrom Meta andgclidfrom Google when present.
- Cookies set by Facebook (
Your choice. The first time you visit, we show a cookie banner asking whether you accept analytics and advertising cookies. If you reject them, we do not load the Meta Pixel, do not capture fbclid/_fbc/_fbp, and do not send Pixel or CAPI events for your activity. The strictly necessary and functional categories above continue to operate so the Service keeps working. You can change your decision at any time from Settings → Privacy & cookies
while logged in, or by clearing site data in your browser to bring the banner back. You can also use browser settings or ad-blocking tools to limit tracking further; doing so will not affect your ability to use the core conversion features.
8. What happens when you delete your account
You can delete your account at any time from your dashboard or by contacting us at info@ledgertome.com .
When you delete your account, within 30 days we will:
- Delete your account record, email, authentication credentials, marketing-attribution history, email-conversion routes, and any retained PDFs or output files.
- Remove your contact from our marketing email list.
- Cancel any active subscription.
Conversion analytics are handled differently. The per-account daily counters described in Section 2.2 (conversion counts, export formats, normalized bank names) are retained for up to 30 days after account deletion so we can review patterns of free-tier abuse and other security concerns. Within that 30-day window they are then summed into a single anonymous aggregate — totals across all deleted users with no identifiers and no fields that could re-identify you — and your per-account rows are deleted. The aggregate exists for product reporting and cannot be linked back to you.
Billing records (invoices, Stripe customer record with your name and billing address) are kept for 6 years after the transaction to comply with Finnish accounting law. We do not use them for any other purpose during that retention period.
9. International transfers
Our primary infrastructure is located in the EU (Ireland). Some of our sub-processors are based in, or may transfer data to, the United States or other countries. Where this happens, we rely on appropriate safeguards under GDPR, such as the EU–US Data Privacy Framework, Standard Contractual Clauses, and supplementary technical measures (e.g., encryption in transit and at rest).
10. Your rights
Under GDPR (and similar laws in other jurisdictions), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten"), subject to the retention exceptions in Section 6 and 8.
- Restrict or object to certain processing, including direct marketing and processing based on legitimate interests.
- Port your data to another service in a structured, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi ).
To exercise any of these rights, email info@ledgertome.com . We respond within 30 days.
11. Security
We protect your information with industry-standard measures, including:
- TLS encryption for all traffic in transit.
- AES-256 encryption at rest for stored files.
- Public-access blocks and IAM-restricted access on storage buckets.
- Authentication with hashed passwords, optional Google Sign-In, and pre-signup abuse controls.
- CloudWatch monitoring and access logging on production infrastructure.
No system is perfectly secure. If we ever become aware of a personal data breach affecting you, we will notify you and the relevant supervisory authority as required by law.
12. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. If a change materially affects how we process your data, we will notify you by email or through the Service before it takes effect.
14. Contact
Questions, requests, or complaints? Email info@ledgertome.com .