Document Version 2.0.5
Published on 18 May 2026
1. Introduction
This Privacy Notice explains how LedgerLet Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use our website (www.ledgerlet.co.uk), the LedgerLet software platform, and the AI-assisted features within it.
LedgerLet Ltd is the Data Controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in respect of personal data we collect about you as a user of the Service. Our controller-processor roles for the different categories of personal data are summarised below:
- Personal data about you as a user (account details, support messages, usage data): we are the controller.
- Personal data about third parties you enter into the Service (tenants, property owners, guarantors, contractors): you are the controller and we act as your processor on the terms set out in our Terms of Use (Data processing terms section). See section 2.4.
Children's data
The Service is designed for use by adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without verified parental consent, we will delete that data promptly. If you believe a child has provided us with personal data, please contact info@ledgerlet.co.uk.
Our details
- LedgerLet Ltd
- Company number: 16501093
- ICO registration reference: ZC042569
- Registered office: Crown House, 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom
- Email: info@ledgerlet.co.uk
If your personal information changes, please notify us via email.
2. Types of data we collect
We may collect and process the following categories of personal data.
2.1 Information you provide
- Name, email address, and contact information.
- Property details (addresses, ownership splits, tenancy data).
- Financial information you enter manually (transactions, expenses, journals).
- National Insurance Numbers (NINOs) and HMRC business identifiers, where you choose to use the MTD ITSA submission features. NINOs are encrypted at rest (see section 6).
- AI assistant interactions: the content of your queries, messages, and any data you provide during interactions with our AI assistant. Please do not paste sensitive credentials (passwords, bank security codes, or full bank account numbers) into the chat.
- Messages and support requests you send to us (for example by email).
2.2 Bank import data
- Transaction descriptions, dates, and amounts imported via bank-statement CSV or, where available, bank feeds.
- We do not receive or store your online banking login credentials.
2.3 Automatically collected technical data
When you use the Service, our infrastructure providers (Vercel, Railway, Clerk) automatically collect limited technical data needed to operate, secure, and deliver the Service:
- IP address (for security, fraud prevention, and — where you explicitly submit an MTD return — inclusion in the HMRC-required fraud-prevention header
Gov-Client-Public-IP). - Browser and device identifiers (for session and authentication management).
- Server logs of requests made to the Service (for security, debugging, and abuse prevention).
We do not currently use analytics, advertising, or behavioural-tracking technologies (see section 12).
2.4 Third-party data you enter
In the course of using the Service, you may enter personal data about third parties (for example tenants, property owners, guarantors, or your own employees and contractors). For that data we act as your processor and you act as the controller; the Article 28 terms governing that relationship are set out in our Terms of Use (Data processing terms section).
2.5 Data we do not collect
The Service is not designed to process special category personal data (as defined in UK GDPR Article 9 — for example data revealing race, ethnicity, political opinions, religious beliefs, trade union membership, health, sex life, sexual orientation, or genetic or biometric data) or data relating to criminal convictions or offences. Users must not enter such data into the Service. See our Terms of Use, section 11.5.
3. Legal basis for processing
We process your personal data on the following legal bases:
- Contract: to provide the software services and features you have signed up for.
- Consent: for marketing communications and any optional features that we identify as consent-based at the point of activation.
- Legitimate interest: to improve our website, refine our AI-assisted features through aggregate analysis, maintain platform security, and analyse usage. We have weighed our legitimate interests against your rights and interests.
- Legal obligation: to comply with tax, accounting, anti-fraud, and other regulatory requirements (including HMRC record-keeping for MTD ITSA submissions).
4. How we use your data
We use your data to:
- provide and maintain the Service;
- generate automated bookkeeping reports and working papers;
- prepare and submit MTD ITSA quarterly and final submissions on your explicit instruction;
- provide AI-assisted transaction categorisation and AI-assistant guidance;
- refine our AI-assisted features by analysing aggregate, anonymised usage patterns and feedback signals (we do not use customer inputs to train third-party AI models, and we do not train our own AI models on customer inputs — see section 5.1);
- communicate with you about your account;
- improve website performance and user experience;
- prevent fraud and ensure platform security; and
- comply with our legal obligations.
5. Data sharing and sub-processors
We do not sell your data. We share it only with trusted third-party sub-processors that help us deliver the Service.
The current sub-processor list is published at https://ledgerlet.co.uk/sub-processors, and is also reflected in our Terms of Use. Current sub-processors are:
- Authentication and identity provider — Clerk.
- Application hosting — Railway, Inc. (a US company; customer data is stored in the EU-West region, with international transfers governed by the UK Addendum to the EU Standard Contractual Clauses).
- Frontend hosting and content delivery — Vercel.
- Webhook delivery — Svix. Our authentication provider Clerk uses Svix to deliver authentication event notifications (such as user ID, email, name, and membership changes) to our backend; we process those notifications on receipt.
- AI service provider — OpenAI, LLC, for AI-assisted transaction categorisation and AI-assistant features. We have configured our integration using OpenAI's API tier, under which (a) customer inputs and outputs are not used to train OpenAI's models by default, and (b) OpenAI may retain API data for up to 30 days for abuse-monitoring purposes before deletion. The 30-day retention is a matter of OpenAI's own policy and is not a period we control. We will keep our integration aligned with this position; if OpenAI's terms change in a way that materially affects it, we will give reasonable notice.
- HMRC — only where you have explicitly authorised us to make submissions on your behalf.
We will give at least 30 days' notice of changes to the sub-processor list where feasible. Where you are a controller using the Service in the course of a business, you may object on reasonable data-protection grounds within that notice period, as set out in the Data processing terms section of our Terms of Use.
5.1 AI data minimisation
For AI-assisted transaction categorisation, we send only the transaction description and amount to the AI provider. We do not send names, addresses, National Insurance Numbers, or bank account numbers in this flow.
For the AI assistant (chat), the content of your queries is sent to the AI provider in order to generate a response. We ask you not to paste sensitive credentials into the chat. Your chat content is processed under the contractual restrictions described above.
5.2 Non-processor service integrations
We query api.ipify.org from our backend to determine our own public IP address, which is used to populate the HMRC-required Gov-Vendor-Public-IP fraud-prevention header (separate from the Gov-Client-Public-IP header which carries your IP). We send no customer data to ipify. It is listed here for completeness, not as a sub-processor (because no personal data leaves our control).
6. Security measures
We apply appropriate technical and organisational measures to protect your data, including:
- National Insurance Numbers encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256) under application-managed keys, with rotation supported via MultiFernet.
- HMRC OAuth access and refresh tokens encrypted at rest under the same scheme.
- All data in transit protected by TLS 1.2 or higher.
- Role-based access controls and segregation of customer data by Clerk Organisation, so cross-tenant access is impossible by design.
- Immutable submission log: every MTD submission lifecycle event (draft creation, submission start, HMRC acceptance or failure, amendment, discard) is recorded in an append-only audit log capturing event type, submitting user, IP address, user agent, submission payload hash, and timestamp. Append-only behaviour is enforced at the database level by PostgreSQL triggers that reject UPDATE and DELETE against the table; application code only inserts. Where personal data in the audit log must be removed to comply with a lawful instruction (for example a valid UK GDPR Article 17 erasure request), this is handled through a documented data-protection process led by our data-protection contact, performed outside the running application by an operator with database-owner privilege, and independently logged at the PostgreSQL server level.
- Multi-factor authentication required for HMRC-related actions.
- Backups taken by our hosting provider (Railway) on a tiered schedule: daily backups retained for 6 days, weekly backups retained for 1 month, and monthly backups retained for 3 months.
7. Corporate separation notice
LedgerLet Ltd and Liberate Accounting are separate legal entities. If you choose to engage Liberate Accounting for professional services, a separate privacy relationship will be established under their own terms. We do not share your LedgerLet data with Liberate Accounting without your explicit request or consent.
8. International transfers
Some of our sub-processors process data outside the United Kingdom. In particular:
- OpenAI, LLC processes data in the United States.
- Railway, Inc. is a US company; customer data is stored in its EU-West region, and the contractual relationship is with the US parent entity.
- Vercel (US company) and Svix (US company) may process data in the United States or, where they operate regional infrastructure, in the European Economic Area.
Where data is transferred outside the UK, we rely on legally recognised safeguards, including UK adequacy regulations where they apply, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, supported by additional technical and organisational protections.
9. Data retention
We retain your personal data only for as long as necessary for the purposes set out in this Notice. The retention periods below apply while your account is active; unless stated otherwise, the same periods continue to apply after account closure, with deletion occurring within 90 days of the end of the applicable period.
9.1 Tax-records retention rule ("the 7-year rule")
Financial records (transactions, journals, property and tenancy data, MTD submission audit trail, and ledger balances) relate to a specific UK tax year. We retain these records for the tax year to which they relate plus 6 complete years after the 31 January self-assessment filing deadline for that tax year — approximately 7 years from the start of the relevant tax year.
This period exceeds HMRC's minimum record-keeping requirement (5 years after the filing deadline, per gov.uk/self-employed-records) and covers HMRC's 6-year discovery-assessment window for careless error under section 34 of the Taxes Management Act 1970.
9.2 Retention periods by category
| Category | Retention period | Basis |
|---|---|---|
| Account profile & settings | While your account is active; deleted within 30 days of closure. | Contract (UK GDPR Art. 6(1)(b)). |
| Financial records (transactions, journals, properties, tenancies, ledger) | Per the 7-year rule above. During the retention period the data is held in read-only or reactivatable form, and you may export it on request. | Legal obligation (UK GDPR Art. 6(1)(c)); HMRC record-keeping. |
| MTD submission audit trail | Per the 7-year rule above. At the end of the retention window, personal data within the audit log (such as user email, IP address, user agent) is anonymised through a documented data-protection process; the structural audit record (event type, timestamp, payload hash) is retained to preserve long-term integrity evidence. | Legal obligation; evidence of submissions made on your behalf. |
| AI audit logs (raw model responses) | Up to 24 months; metadata retained longer for audit purposes. | Legitimate interest (model-safety and quality audit). |
| Support messages | Up to 24 months after last contact. | Legitimate interest (service quality and dispute resolution). |
| Legal-acceptance records (consent audit trail) | Indefinite, while we operate the Service. | Legal obligation to evidence consent (UK GDPR Art. 7(1)). |
| Marketing data | Until you withdraw consent or 3 years of inactivity. | Consent (UK GDPR Art. 6(1)(a)). |
| Backup copies | Daily backups: up to 6 days. Weekly backups: up to 1 month. Monthly backups: up to 3 months. (Railway tiered backup policy.) | Technical and organisational measures (UK GDPR Art. 32). |
These retention periods reflect our legal obligations and operational needs. Where personal data is no longer required for those purposes, it is deleted from active systems.
10. Your rights under UK GDPR
You have the right to:
- access your data (subject access request);
- correct inaccuracies;
- request erasure ("right to be forgotten"), subject to our legal obligation to retain certain records;
- restrict processing;
- object to processing, including direct marketing;
- request portability of data you have provided;
- withdraw consent at any time, where processing is based on consent; and
- lodge a complaint with the UK Information Commissioner's Office (see section 14).
To exercise any of these rights, email info@ledgerlet.co.uk. We may request reasonable information to verify your identity before acting on a rights request, to protect your personal data from disclosure to unauthorised parties. We will respond without undue delay and at the latest within one month of receipt of your request. That period may be extended by a further two months where necessary, taking into account the complexity and number of requests, in line with UK GDPR. We may charge a reasonable fee or refuse to comply with manifestly unfounded or excessive requests, in accordance with UK GDPR.
11. Automated decision-making
Our Service uses AI to assist in categorising transactions and generating reports, and an AI assistant to help you use the product. We do not perform "solely automated decision-making" that produces legal or similarly significant effects. You remain solely responsible for reviewing, verifying, and approving all data before it is submitted to HMRC or any other regulatory body.
13. Contact us
- General contact email: info@ledgerlet.co.uk
- Data-protection contact: info@ledgerlet.co.uk (please use subject line: "Privacy" or "DSAR")
- Address: LedgerLet Ltd, Crown House, 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom
14. Complaints
If you are not satisfied with our response to a privacy concern, you may contact the UK Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
15. Updates
We may update this Privacy Notice from time to time. The "Effective date" at the top of this document reflects the latest version. We will give reasonable notice of material changes.