Privacy Policy

1 Who we are

Ledge is a mobile application designed for New Zealand sole traders. It is built and operated by a Kiwi-owned business based in New Zealand. When we say "Ledge", "we", "us", or "our" in this policy, we mean the operator of the Ledge app.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use our app or visit our website. It is written to comply with the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs), including the IPP 3A amendment coming into force on 1 May 2026.

If you have questions about this policy or how we handle your information, contact us at support@ledg3.com.

2 What data we collect

We collect only what is necessary to provide the Ledge service. This includes:

• Business profile information you enter directly: your trading name, GST number, bank account display details, and contact information
• Receipt data from photos or gallery uploads you provide: vendor name, amount, date, GST component, category, and the receipt image itself
• Invoice data you create: line items, amounts, client details, payment status, and invoice history
• Client and vendor records you add: names, contact details, and any notes you attach
• Authentication data: passkey credential identifiers and session tokens tied to your device. We do not store passwords.
• Device and technical information: device type, operating system version, and app version — collected automatically when you use the app or submit feedback
• Anonymous usage analytics: screen visits and feature interactions, collected in aggregate with no personal identifiers, via Cloudflare Web Analytics
• Support and feedback messages: information you send us directly via in-app feedback or our contact form

We do not collect health information, ethnicity, religious beliefs, biometric data for identification purposes, or any sensitive personal information beyond what is listed above. We do not collect personal information about your clients beyond what you enter yourself.

3 How we collect it

We collect your information in the following ways:

• Directly from you when you enter information into the app, upload a receipt image, or contact us
• Automatically when you use the app — device information and session tokens are collected as part of normal app operation
• Through AI processing — receipt images you provide are sent to OpenAI's API to extract structured data. This is described further in section 5.
• Through analytics — anonymous usage data is collected on our marketing website via Cloudflare Web Analytics. No personal identifiers are collected at the website level.

From 1 May 2026, we are required under IPP 3A of the Privacy Amendment Act 2025 to notify you when we collect your personal information from a source other than you directly. Where this applies to how we operate Ledge, we will update this policy and notify affected users accordingly.

4 Why we collect it

We have a lawful purpose for each category of data we collect, in line with IPP 1 of the Privacy Act 2020:

• To provide and operate the service — storing your receipts, invoices, and client records so you can access and manage them
• To process receipts — sending images to our AI provider to extract expense data automatically
• To calculate GST — using your receipt and invoice data to show claimable GST amounts and filing summaries
• To secure your account — using passkey credentials to verify your identity without storing a password
• To improve the app — using anonymous, aggregate usage analytics to understand how the app is used and where to improve it
• To respond to you — using your contact details when you request support, report a bug, or send feedback
• To meet legal obligations — retaining records as required under the Tax Administration Act 1994 and the Goods and Services Tax Act 1985

We do not use your data for advertising. We do not build profiles of you for marketing purposes. We do not sell your data to anyone.

5 AI processing of receipts

When you photograph or upload a receipt, that image is sent securely to OpenAI's API so that the vendor name, amount, date, GST component, and category can be extracted automatically.

Key facts about this processing:

• Images are transmitted over an encrypted (TLS) connection
• OpenAI does not retain your images after processing the request — they are not stored on OpenAI's systems beyond the immediate extraction
• Under our agreement with OpenAI, your data is not used to train AI models
• AI extraction is not always accurate. You are responsible for reviewing and correcting any extracted data before relying on it for tax or financial purposes

By uploading a receipt, you consent to it being sent to OpenAI for this purpose. If you do not wish a particular receipt to be AI-processed, you can enter its details manually.

6 Who we share data with

We do not sell your personal information. We do not share it with advertisers or marketing platforms.

We share your data only in the following limited circumstances:

• Service providers (subprocessors) who help us operate Ledge — these are listed below. They act on our instructions and are bound by data processing agreements.
• When required by law — if we receive a valid court order, legal obligation, or lawful request from a New Zealand authority, we may be required to disclose specific information
• To protect safety — if we reasonably believe disclosure is necessary to prevent serious harm to a person or to protect the integrity of our service
• In a business transaction — if Ledge is acquired by or merged with another business, your data may transfer to the new operator. We will notify you before this happens, and your data will remain subject to this policy or an equivalent one.

Our current subprocessors are:

• OpenAI (USA) — AI receipt extraction
• Railway (USA) — backend application hosting
• Neon (USA) — PostgreSQL database hosting
• Cloudflare R2 (USA) — receipt image storage
• Cloudflare Web Analytics (USA) — anonymous website analytics

We will update this list when we add or change subprocessors. We will notify users of any changes that materially affect how their data is handled.

7 Overseas transfers

Our subprocessors are based in the United States. Transferring data to them is necessary to operate the Ledge service. In accordance with IPP 12 of the Privacy Act 2020, we take the following steps to ensure your data is protected when transferred overseas:

• We enter into data processing agreements with each subprocessor requiring them to protect personal information to a standard comparable to the New Zealand Privacy Act 2020
• We select subprocessors that hold recognised security certifications (such as SOC 2 Type II) where available
• We limit the data each subprocessor receives to only what is necessary for their specific function

New Zealand has an adequacy agreement with the European Union, meaning New Zealand privacy protections are recognised internationally. We align our data practices with those standards.

8 How long we keep it

We retain your personal data for as long as your account is active. When you delete your account in the app, your personal data — including all receipts, invoices, client records, and business profile information — is permanently and immediately deleted from our systems and from all subprocessors we control.

We retain one limited exception: a minimal, anonymised audit record of account deletions for legal compliance purposes. This record contains only a hashed (non-reversible) identifier and the date of deletion. It cannot be used to identify you.

Please note: under the Tax Administration Act 1994, you as the business owner are personally responsible for retaining your business records for at least seven years. We recommend exporting your data from Ledge before deleting your account if you need to retain records for IRD compliance purposes.

9 Your rights

Under the New Zealand Privacy Act 2020, you have the following rights regarding your personal information:

• Access — you may request a copy of the personal information we hold about you. We will respond within 20 working days.
• Correction — you may request that we correct inaccurate or incomplete information. Most of your data can be edited directly within the app.
• Deletion — you may delete your account at any time from within the app. Deletion is immediate and permanent.
• Object — you may object to a particular use of your information. Contact us and we will assess your request and respond.
• Portability — Pro subscribers can export all their data at any time via a secure download link from within the app.
• Complain — if you are not satisfied with how we have handled your personal information, you may lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz, by phone on 0800 803 909, or by post to PO Box 10094, Wellington 6143.

To exercise any of the above rights, contact us at support@ledg3.com. We will not charge you for making a request.

10 Security

We take reasonable and appropriate steps to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. Our security measures include:

• Encrypted data transmission (TLS/HTTPS) between the app and all our servers and subprocessors
• Passkey authentication using your device's secure enclave — no passwords are ever stored by us
• Access controls that limit which systems and personnel can access your data
• Regular review of our infrastructure and third-party dependencies for known vulnerabilities
• Subprocessors selected for their security certifications and contractual obligations

No system connected to the internet can guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@ledg3.com.

11 Privacy breach notification

If we become aware of a privacy breach that is likely to cause serious harm to you, we will notify you and report it to the Office of the Privacy Commissioner as soon as practicable, as required under section 113 of the Privacy Act 2020. Our notification to you will explain what happened, what data was affected, and what steps we are taking to address it.

We maintain an internal breach response procedure to ensure that any suspected breach is identified, contained, and assessed as quickly as possible.

12 Children

Ledge is intended for use by business owners and sole traders aged 18 or over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at support@ledg3.com and we will delete it promptly.

13 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in how we operate, changes in the law, or the introduction of new features. The date at the top of this page shows when the policy was last updated.

If we make changes that materially affect your privacy rights or how we use your data, we will notify you via the app or by email (if we hold your email address) before the changes take effect, giving you reasonable time to review them. Continued use of Ledge after changes take effect constitutes acceptance of the updated policy.

14 Contact us

For any privacy-related questions, access requests, or complaints, please contact us:

Email: support@ledg3.com
Website: ledg3.com

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of New Zealand:

Website: www.privacy.org.nz
Phone: 0800 803 909
Post: PO Box 10094, Wellington 6143

This Privacy Policy is written to comply with the New Zealand Privacy Act 2020, the Privacy Amendment Act 2025, and the Information Privacy Principles. It does not constitute legal advice. If you are an organisation with complex privacy obligations, we recommend seeking independent legal advice.