Privacy Policy

Last updated May 27, 2026

1. Overview and scope

This Privacy Policy explains what information LineLedger (“we,” “us”) collects when you use our website at lineledger.com and our hosted application at app.lineledger.com (together, the “Service”), how we use and share it, and the choices and rights you have. LineLedger is operated from British Columbia, Canada.

This Policy applies only to the hosted Service we operate. It does not apply to self-hosted installations of the LineLedger open-source software — if you self-host, you are the controller of the data you process and are responsible for your own privacy disclosures.

2. Information we collect

We collect the following categories of information:

  • Account information — your name, email address, and a hashed password when you register, plus profile details you choose to add.
  • Accounting data — the financial records, contacts, documents, and other content you enter into the Service. We treat this as your confidential content.
  • Payment information — when you or your customers initiate a payment through the customer portal, our payments processor (Stripe) handles card details directly. We do not store full card numbers; we receive only limited transaction metadata.
  • Communications — messages you send us via email, support, or the public request board.
  • Usage and device data — IP address, browser and device type, operating system, pages visited, actions taken, timestamps, and referrer. Collected to operate and secure the Service.
  • Cookies and similar technologies — strictly-necessary cookies for login sessions and basic site function, plus limited analytics cookies (see Cookies and analytics below).

3. How we use information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Create and authenticate your account and keep it secure.
  • Respond to your requests and support questions.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Analyze usage in aggregate to understand how the Service is used and prioritize improvements.
  • Comply with legal obligations and enforce our Terms.

Where Canadian privacy law applies, we rely on a combination of your consent (express or implied), performance of our contract with you, and our legitimate interests in operating the Service securely and lawfully.

4. Your accounting data

Your accounting data belongs to you. We access it only as needed to operate the Service, on your request for support, or where required to comply with the law. You can export your data from within the Service at any time, and you can request deletion of your account.

5. Cookies and analytics

We use strictly-necessary cookies to keep you logged in and to make the Service function. We also use a privacy-respecting analytics provider to understand aggregate usage of the Service — for example, which pages are most visited. We do not run advertising cookies, and we do not allow third-party cross-site tracking.

You can block or delete cookies through your browser settings, though some parts of the Service may not work without them. We treat Global Privacy Control (“GPC”) signals as a valid opt-out request where required by applicable law.

6. How we share information

We share information only as described below:

  • Service providers. We use third parties to help us operate the Service: a payments processor, a cloud hosting provider, an analytics provider, and a transactional email provider. Each is bound by confidentiality and data-protection obligations and may only use the information to provide services to us.
  • Legal compliance and safety. We may disclose information if we believe in good faith that disclosure is required by law (for example, in response to a valid subpoena or court order) or is necessary to protect the rights, property, or safety of LineLedger, our users, or the public.
  • Business transfers. If LineLedger is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is handled.
  • With your consent. We will share information for any other purpose only with your consent.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

7. International data transfers

Some of our service providers are located in the United States or other countries outside Canada. Your information may be processed in, and transferred to, jurisdictions other than your own, where laws governing data protection may differ from those in your home jurisdiction. We use contractual and technical safeguards designed to provide a comparable level of protection consistent with applicable privacy law, including Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).

8. Data retention

We retain your information for as long as your account is active and as needed to provide the Service. When you close your account, we delete or anonymize your information within a reasonable period (typically within 90 days), except where we are required to retain it for legal, tax, audit, or fraud-prevention purposes, or where it persists in routine encrypted backups that rotate out on a normal schedule.

9. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (TLS), encryption at rest for backups, access controls, the principle of least privilege, and regular security updates. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach that affects your personal information, we will notify you and the relevant regulators as required by law.

10. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Your privacy rights — Canada

If you are in Canada, you have rights under PIPEDA and, depending on your province, the BC Personal Information Protection Act (“BC PIPA”), Alberta PIPA, or Quebec’s Act respecting the protection of personal information in the private sector (commonly called Law 25). These rights include:

  • Access. You can ask what personal information we hold about you.
  • Correction. You can ask us to correct inaccurate or incomplete information.
  • Withdrawal of consent. You can withdraw consent to our processing, subject to legal or contractual restrictions. Withdrawing consent may mean we can no longer provide the Service to you.
  • Complaint. You can complain to the Office of the Privacy Commissioner of Canada or to your provincial regulator (for example, the Office of the Information and Privacy Commissioner for BC).

Quebec residents have additional rights, including the right to data portability and the right to be informed of any decision based exclusively on automated processing that produces legal effects. We do not currently use automated decision-making with legal effects on individuals.

12. Your privacy rights — United States

If you are a resident of California, the California Consumer Privacy Act, as amended by the CPRA (“CCPA”), gives you the following rights:

  • Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. As stated above, we do not sell or share personal information for behavioral advertising.
  • Right to limit the use of sensitive personal information.
  • Right to non-discrimination for exercising any of these rights.

Categories of personal information we have collected in the past 12 months, by CCPA category, include: identifiers (name, email, IP address), commercial information (account/usage records), internet or network activity (logs, pages visited), geolocation data inferred from IP, and your customer content (the accounting data you enter). We collect this information from you directly and from your interactions with the Service.

You may use an authorized agent to submit a request on your behalf. We will verify requests using information we already have, such as control of the account email.

If you are a resident of another US state with a comprehensive privacy law — for example Virginia, Colorado, Connecticut, Utah, or Texas — you have similar rights to access, correct, delete, and (where applicable) opt out, and you can exercise them through the same contact below.

We do not respond to browser “Do Not Track” signals because no consistent industry standard exists, but we honor Global Privacy Control signals where required by applicable law.

13. How to exercise your rights

To exercise any of the rights above, email hello@lineledger.com with the subject line “Privacy request” and tell us what you would like us to do. We will respond within the timelines required by applicable law (generally 30 days for PIPEDA requests and 45 days for CCPA requests, extendable as permitted by law). We may need to verify your identity before acting on your request.

14. Changes to this policy

We may update this Policy from time to time. When we do, we will post the revised Policy here and update the “Last updated” date above. For material changes, we will give you reasonable advance notice by email or through the Service where feasible.

15. Self-hosting

If you self-host the LineLedger open-source software rather than using the hosted Service we operate, this Policy does not apply to your installation. You are the controller of the data processed by your instance and are responsible for your own privacy practices and disclosures.

16. Contact

Questions, concerns, or privacy requests? Email hello@lineledger.com.