Last updated · April 7, 2026
Privacy Policy
We collect the minimum information needed to run a secure bookkeeping platform — and nothing else. We don't sell your data, we don't run ads, and we don't track you across the web.
01Information We Collect
We collect the following types of information:
- Account information: Name, email address, and password when you create an account
- Profile information: Optional profile image
- Business data: Company names, project details, customer records, financial figures, inventory data, and other bookkeeping information you enter into the Service
- Billing information: Payment details are collected and processed by Stripe; we do not store your credit card numbers
- Authentication data: OAuth provider account IDs (Google, Microsoft) if you choose to sign in with a third-party provider; MFA secrets for two-factor authentication
02How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Authenticate your identity and secure your account
- Process payments and manage subscriptions
- Respond to your support requests and feedback
- Send important service-related communications
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data for advertising purposes.
03Data Storage and Security
Your data is stored securely using industry-standard practices. We implement the following security measures:
- Passwords are hashed using bcrypt with a cost factor of 12
- Sessions are managed via HTTP-only, secure cookies
- Multi-factor authentication (TOTP) is mandatory for all users
- MFA secrets are encrypted at rest using AES-256-GCM
- MFA backup codes are stored as SHA-256 hashes
- OAuth state parameters are used to prevent CSRF attacks
05Third-Party Services
We use the following third-party services:
- Stripe: Payment processing. Stripe collects and processes payment information under its own Privacy Policy.
- Google OAuth: Optional sign-in. We receive only your name and email address from Google.
- Microsoft OAuth: Optional sign-in. We receive only your name and email address from Microsoft.
06Data Retention
We retain your account information and business data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Session data is automatically deleted after expiration (30 days).
07Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data
- Export your data in a portable format
- Object to or restrict certain processing of your data
You can export your data and delete your account at any time from Settings → Account. For other requests, email us at the address below — we'll respond within 30 days.
08Children's Privacy
The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
09Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
10Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at support@side-ledger.com.
Questions? Email support@side-ledger.com.