Privacy Policy

We process the following categories of data:

• Account data: name, email address, agency name
• Operational data: transaction records, payout records, accounting metadata
• Technical data: IP address, browser type, timestamps, logs
• OAuth data: received from Upwork APIs as authorized by the user

We do not process sensitive personal data such as government identifiers, payment card numbers, or health information.

Data is collected when:

• Users create an account
• Users connect their Upwork agency via OAuth
• Users interact with the platform
• System logs are generated for security and reliability

We process your data based on:

• Contract: to provide the Ledgerino service you signed up for
• Legitimate interest: to maintain platform security and improve our service
• Legal obligation: to comply with applicable laws and regulations

We use data solely to:

• Provide the Ledgerino service
• Sync and display Upwork agency bookkeeping data
• Manage payouts and internal accounting
• Communicate service-related messages
• Ensure platform security and reliability
• Comply with legal obligations

We do not sell or rent personal data.

We use cookies and similar technologies for:

• Essential cookies: required for the platform to function (session management, security)
• Analytics: we use Google Tag Manager to understand how users interact with our platform

You can manage cookie preferences through your browser settings.

We retain data for the following periods:

• Account data: until you delete your account
• Transaction records: 7 years (legal/tax requirements)
• Security logs: 90 days

Users can:

• Delete their data at any time
• Download their data at any time
• Disconnect their Upwork integration at any time

Upon deletion, data is permanently removed from active systems within 30 days, except where retention is required by law.

We share data with third parties only to the extent necessary to provide our services. We ensure appropriate data protection agreements are in place with all processors.

We do not sell, rent, or share your data with third parties for their marketing purposes.

Ledgerino complies with the European General Data Protection Regulation (GDPR) and applicable data protection laws.

Your data may be transferred to and processed in countries outside of your country of residence, including the United States and the European Union. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): we maintain EU-approved contractual protections with our processors
• EU-US Data Privacy Framework: our US-based service providers (including Mailgun) are certified under the EU-US DPF
• Technical safeguards: encryption in transit and at rest, access controls, and data minimization

We conduct transfer impact assessments and maintain oversight of our sub-processors to ensure continued compliance.

We apply industry-standard security measures including:

• Encrypted connections (TLS/HTTPS)
• Access controls and authentication
• Regular updates and monitoring
• Encrypted data at rest

Depending on your jurisdiction, you may have the right to:

You also have the right to lodge a complaint with your local data protection authority (DPA). For EU residents, you can find your DPA at edpb.europa.eu.

To exercise any of these rights, please email privacy@ledgerino.com. We will respond within 30 days.

Ledgerino is not intended for individuals under the age of 18. We do not knowingly collect data from minors.

We may update this policy from time to time. Material changes will be communicated via email or platform notification. The "Last updated" date at the top reflects the most recent revision.