Skip to main content
Back to dashboardLedgeKar

Privacy Policy

Last updated: 27 May 2026

This Privacy Policy explains what information LedgeKar (“we”, “us”) collects when you use our service, why we collect it, who we share it with, and the rights you have over it. We have written it in plain English. If something is unclear, email [email protected].

Operating entity. LedgeKar is operated by WVINAI LABS (OPC) PRIVATE LIMITED (CIN U72100TN2026OPC193194, GSTIN 33AAECW4712E1ZO), a One Person Company incorporated under the Companies Act, 2013. All references in this policy to “LedgeKar”, “we”, “us”, or “our” refer to WVINAI LABS (OPC) PRIVATE LIMITED. Full contact information is on the Contact page.

This policy applies to LedgeKar’s web service at ledgekar.com and our Android mobile application available on Google Play. Both surfaces share the same backend, the same account, and the same data handling described below.

LedgeKar is operated from India and is designed primarily for residents of India. We also serve NRIs and international users. This policy is written to align with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

0. Roles under the DPDP Act

The DPDP Act 2023 defines specific roles. So that there is no ambiguity:

  • Data Principal (you): the natural person whose personal data is being processed. Under Indian law you have rights of access, correction, erasure, grievance, and nomination over your data (see section 6).
  • Data Fiduciary (LedgeKar): the entity that determines the purpose and means of processing your personal data. LedgeKar is the Data Fiduciary for all personal data you submit to or generate within the Service. We are responsible for: lawful purpose, valid consent, data minimisation, security safeguards, breach notification, and responding to your DPDP rights requests.
  • Data Processors (our sub-processors): third parties that process personal data only on our written instruction and only for the purpose we direct. Each is bound by a written agreement requiring confidentiality, security controls, breach notification, and limited use. The current list is in section 3 below.
  • Grievance Officer (LedgeKar): the designated point of contact under the DPDP Act for any complaint or rights request. Email [email protected] with the subject “DPDP Grievance”. We acknowledge within 72 hours and resolve within the period required by law. If you remain dissatisfied you may escalate to the Data Protection Board of India.
  • Consent Manager: once the Data Protection Board of India operationalises Consent Managers, you will be able to manage your LedgeKar consent through any registered Consent Manager. We will update this policy when that integration is live.

LedgeKar is not currently classified as a Significant Data Fiduciary. We will publish a notice and adopt the additional obligations (Data Protection Officer, periodic data-protection impact assessments, independent audits) if the Government notifies us of that classification.

1. What we collect

We collect only what we need to run the service:

  • Account data: your email address, and optionally a phone number and display name.
  • Financial entries you create: expense descriptions, amounts, currencies, categories, dates, group memberships, splits, settlements, budgets, savings goals, and any notes you add. These are entered by you; we do not connect to your bank.
  • Technical and security data: IP address, browser user-agent, timestamps of sign-in events, and a record of money-related changes (creation, edit, delete of expenses and settlements) in ouraudit_log table. This helps us investigate disputes and detect abuse.
  • Support correspondence: emails you send us, and the replies.

We do not collect bank account numbers, card numbers, UPI PINs, or any payment credentials. When subscriptions go live, those credentials are handled directly by our payment processor and never touch our servers.

2. How we use your data

  • To create and operate your account and groups.
  • To compute balances, generate reports, and power features such as forecasts and goal tracking.
  • To provide AI-assisted insights when you use the advisor feature.
  • To send service emails (login links, security alerts, billing receipts, important policy changes).
  • To investigate suspected fraud, abuse, or breach of our Terms.
  • To meet legal, regulatory, and tax obligations.

We do not sell your data. We do not run third-party advertising on the service and do not share your data with advertisers.

3. Third parties we share data with

We rely on a small number of vetted processors. Each receives only the data they need to perform their function:

  • Cloud infrastructure provider (contracted hosting in Finland, EU/EEA), provides the virtual private server compute and storage that runs our application, database, and encrypted backups. We do not publish the vendor’s trade name in this policy; the region above is what matters for residency. Role: Data Processor. Scope: infrastructure only. Bound by a data-processing agreement with appropriate security commitments.
  • Cloudflare, Inc.(United States), sits in front of our service as a CDN, TLS terminator, and DDoS / WAF layer. Cloudflare observes request metadata (IP address, user-agent, URL path, response status) in transit to protect the service from abuse and to accelerate static asset delivery. Role: Data Processor. Scope: network metadata only; no application database access. Bound by Cloudflare’s Data Processing Addendum.
  • Functional Software, Inc. (Sentry). (United States) , receives application error events from our web and Android clients and servers so we can diagnose and fix bugs. Events include stack traces, request URL, browser or device model, OS version, and a hashed user identifier. We configure Sentry to scrub email, tokens, and other sensitive fields before transmission. Role: Data Processor. Scope: diagnostic error data only.
  • Razorpay Software Pvt. Ltd. (India, when subscription billing is live), processes INR payments and recurring mandates. Role: Data Processor. Receives only your name, email, and transaction details. We never see or store your full card / UPI credentials. Bound by RBI-mandated payment-aggregator data norms.
  • Budget Coach chat history.When you use Budget Coach we store the last 10 conversations (up to 20 messages each) on our servers so the assistant can keep context across your devices. Before storing we redact emails, phone numbers, and similar personally identifying tokens from the text you send and receive. Outputs of any ledger queries the coach runs are NOT stored, only the names of the tools the coach used. You can turn this off any time in Settings → AI; turning it off permanently deletes your saved chats. Role: Data Controller. Retention: rolling cap at 10 conversations per user.
  • AI Advisor and assistant features: contracted AI inference sub-processors. Our AI Advisor (Gold-tier, opt-in), Budget Coach, Budget Suggest, and Support assistant features rely on one or more contracted AI inference sub-processors. We may use a single provider or route between several depending on the feature, model quality, cost, and availability. When you use any of these features, your typed question and a short, redacted summary of the relevant ledger context are transmitted to the active sub-processor for that single request. Before any data leaves our servers we redact emails, phone numbers, government identifiers (PAN, Aadhaar, SSN, NI number, and equivalents), bank account numbers, card numbers, and other long digit sequences. We only contract with sub-processors who (a) do not use API request data to train their models, (b) bind themselves by a written data-processing agreement, and (c) commit to delete request data within a short retention window. Role: Data Processor. We will update this section if we change sub-processors materially. You may decline this processing entirely without losing access to the rest of the service. For the current list of AI sub-processors and the jurisdictions in which they operate, contact us at the address in section 11.
  • Email delivery provider (Gmail / SendGrid / equivalent SMTP), delivers transactional email such as magic links and receipts. Role: Data Processor. Scope: recipient address and message body of transactional mail only.

We may also disclose data when required by law, by a valid court order, or to protect the rights, safety, or property of users or the public.

4. Where your data lives

Your primary data — your account, financial entries, group memberships, and audit log — is stored in a database we operate on contracted cloud infrastructure in the European Union (EU/EEA). Encrypted backups are kept in the same region. We use industry-standard hosting vendors; we do not ask you to manage servers or pick a cloud region yourself.

When you use any AI-assisted feature (Advisor, Coach, Budget Suggest, Support assistant), redacted prompt data is transmitted briefly to our AI inference sub-processor for the duration of that single request. Depending on the sub-processor and the model in use, that request may be handled in any of the provider’s data centres — typically the region closest to you, which may be in the EU, United Kingdom, United States, India, or other jurisdictions our provider operates in. We do not retain the inference response beyond the immediate use described in section 3 (and, for the Budget Coach, the chat-history cap described there). See section 3 for the current sub-processor list and data-handling commitments.

We chose the EU region for data-protection rigour, latency for our European and Middle-Eastern users, and operational reliability. If a future regulatory development under the DPDP Act, or comparable laws in other jurisdictions where we serve users, requires local residency for our class of data, we will migrate to a compliant region and notify users in advance. By using the service today you consent to the cross-border transfer of your data to the EU/EEA, and, for AI-assisted features, to the sub-processor jurisdictions noted above, as permitted under the DPDP Act, GDPR, and the other frameworks listed in section 6b.

5. Cookies

We use a single first-party authentication cookie (set by our auth system) to keep you signed in. We do not use third-party advertising cookies, behavioural tracking pixels, or analytics that fingerprint you. You can clear this cookie from your browser at any time, which will sign you out.

6. Your rights under the DPDP Act

As a Data Principal under the DPDP Act, 2023 you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Erase your data, subject to legal retention obligations.
  • Withdraw any consent you have given (note: this may end your ability to use the service).
  • Nominate another individual to exercise these rights in case of your death or incapacity.
  • File a grievance with our Grievance Officer (see Contact section), and escalate to the Data Protection Board of India if unresolved.

To exercise any of these rights, email [email protected] from the address on file. We will respond within the period required by law.

6b. Additional rights if you live outside India

We serve users globally. The DPDP Act 2023 governs how we handle your data as our primary framework, but if you live in one of the jurisdictions below, additional rights apply and we honour them at the same standard. Where two frameworks both give you a right, we apply the stronger one.

European Union, European Economic Area, and the United Kingdom

If you are in the EU/EEA we process your personal data under the General Data Protection Regulation (GDPR). If you are in the UK, the UK GDPR and Data Protection Act 2018 apply on the same basis. Our lawful bases are:

  • Contract— processing necessary to deliver the service you signed up for (the account itself, expense and group features, billing).
  • Consent— for the AI Advisor (opt-in only), marketing email (only if you tick the box), and any non-essential processing.
  • Legal obligation— for tax records, audit logs, and statutory retention.
  • Legitimate interest— for security, fraud prevention, and limited service analytics. We balance this against your rights and document the assessment.

In addition to the rights listed in section 6 you also have, under GDPR / UK GDPR: the right to data portability(a machine-readable export, available today at Settings → Data & Privacy → Export my data); the right to object to processing based on legitimate interest; the right to restrictprocessing while a dispute is open; the right not to be subject to a decision based solely on automated processing that produces legal effects (none of our AI features make such decisions); and the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office).

Transfers of your personal data out of the EU/EEA or UK are covered by Standard Contractual Clauses (SCCs) with our sub-processors, plus the supplementary measures described in section 8. We do not transfer your data to any jurisdiction not covered by an adequacy decision, a binding corporate rule, or SCCs.

California, USA (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the right to: know what personal information we collect and how we use it (see sections 1 and 2); access a copy; correct inaccurate information; delete your information (see section 7); opt out of the “sale” or “sharing” of personal information; limit the use of sensitive personal information; and not be discriminated against for exercising any of these rights.

We do not sell or share your personal information.We do not exchange it for money or other valuable consideration with any third party, and we do not share it for cross-context behavioural advertising. Accordingly, no “Do Not Sell or Share My Personal Information” link is required, but we honour the same intent by default. To exercise any CCPA right, email [email protected] and identify yourself as a California resident; we will respond within 45 days.

Other US states

If you live in another US state with a comprehensive privacy law (including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, or others as they take effect), we extend the same rights described above for California residents and respond within the period your state law requires. We do not sell personal data in any state.

United Arab Emirates and Kingdom of Saudi Arabia

If you are resident in the UAE we comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the UAE PDPL) and its Executive Regulations. If you are resident in Saudi Arabia we comply with the Personal Data Protection Law (PDPL) issued by Royal Decree M/19 of 2021, as amended in 2023, together with its implementing regulations. Under either framework you have the rights of access, correction, restriction, withdrawal of consent, and deletion described in sections 6 and 7, and we honour cross-border transfer requirements via written agreements with our sub-processors. If you wish to file a complaint with the UAE Data Office or the Saudi Data and Artificial Intelligence Authority (SDAIA), please contact us first under section 11 so we can attempt to resolve your concern directly.

Everyone else

If your jurisdiction is not listed above, your rights under DPDP (section 6) still apply by contract, and we will honour any additional rights mandated by the law of the country where you reside to the extent they apply to a service operated from India.

To exercise any right described in this section, email [email protected] from the email address on your account, and tell us which framework you are invoking so we can respond appropriately.

7. Retention and account deletion

We keep your data for as long as your account is active. You may request deletion at any time from our public Delete your account page (no sign-in required to read; sign-in required to confirm), or by emailing [email protected] from the address on file. If you delete your account, we delete personal data within 30 days, except for:

  • Audit-log entries we are required to keep for fraud and compliance reasons (up to 3 years).
  • Billing records we are required to keep under Indian tax law (up to 8 financial years).
  • Data that another user in a shared group needs to compute balances accurately. In this case we anonymise your records (replacing your name with “Former member”) rather than deleting the underlying transactions.

8. How we secure your data

  • All data is encrypted in transit (TLS) and at rest at the storage layer.
  • Database access is controlled by Postgres Row-Level Security (RLS) policies, so you only see your own rows and the rows of groups you belong to.
  • Authentication and money-related changes are written to an append-only audit log.
  • Sign-in is passwordless: we email you a one-time code, or you use a passkey. There is no password for us to store or for anyone to steal.
  • Access to production systems by the team is restricted, logged, and protected by multi-factor authentication.

This protects your data from outsiders and misuse, but it is not end-to-end encryption. We must be able to run the service (sync groups, settle balances, support you, prevent fraud), so authorised systems and staff may access data under strict policies, similar to mainstream expense-sharing apps. We do not sell your data or use it for third-party advertising.

No system is perfectly secure. In the event of a personal-data breach affecting your information, we commit to:

  • Notify the Data Protection Board of India within 72 hours of confirming the breach, with the information required under the DPDP Act 2023.
  • Notify affected users as soon as reasonably possible after confirmation, by email and (where appropriate) in-app banner, describing the nature of the breach, the data categories affected, mitigation steps we have taken, and steps you can take to protect yourself.
  • Preserve forensic evidence and cooperate with any lawful investigation.
  • Publish a post-incident summary once the investigation is complete.

9. Children

The Service is intended for adults. Under the DPDP Act 2023 §9 we do not knowingly process the personal data of any person under eighteen (18) years of age without verifiable parental consent.

A user under 18 may use the Service only if their parent or legal guardian: (i) creates the account on their behalf using the parent’s own contact details, (ii) accepts these Terms and this Privacy Policy on the child’s behalf, and (iii) agrees to supervise the child’s use of the Service. We may, at our discretion, require additional verification of the parent-child relationship and parental identity (for example, a payment from a verified bank account in the parent’s name, or government-issued ID).

We do not engage in advertising, behavioural tracking, or profiling of any user we have reason to believe is under 18. If you believe a child has created an account without verifiable parental consent, contact us and we will remove it within 7 days.

10. Changes to this policy

We may update this Privacy Policy as the service evolves. The “Last updated” date at the top of the page reflects the latest version. If a change materially expands how we use your data, we will notify you by email or in-app notice before it takes effect.

11. Contact and grievance officer

For privacy questions, requests under the DPDP Act, or grievances, write to our Grievance Officer at [email protected]. We aim to acknowledge requests within 72 hours and resolve them within the period required by law.