Document Version 1.0.4
Published on 18 May 2026
1. Overview
LedgerLet engages the sub-processors listed below to deliver its service. Each entry names the processor, the service they provide, the categories of personal data they handle, the jurisdiction where the processing takes place, the applicable international-transfer safeguard, and the status of our Article 28 data processing agreement with them.
This page is auto-generated from our compliance configuration in app/compliance/processing_config.py and re-issued whenever a sub-processor is added or removed. The canonical version, effective date, and tamper-evidence checksum are shown in the footer of this page.
2. Register
| # | Processor | Service | Data processed | Jurisdiction | Transfer safeguard | DPA status |
|---|---|---|---|---|---|---|
| 1 | Railway | Backend hosting, PostgreSQL database | All application data (financial records, user data, tenant details) | USA (company); EU-West (data residency region) | UK Addendum to EU Standard Contractual Clauses | Covered by Railway's Data Processing Agreement published at railway.com/legal/dpa, which applies to all Railway customers by acceptance of Railway's Terms of Service on account creation. UK SCC Addendum incorporated by reference for international transfers. |
| 2 | Vercel | Frontend hosting, edge functions, SSR | Cookies, IP addresses, SSR request data | USA | UK Addendum to EU Standard Contractual Clauses | Covered by Vercel's Data Processing Addendum (vercel.com/legal/dpa), incorporated by reference into Vercel's Terms of Service and applicable to all Hobby and Pro tier customers without separate signature. |
| 3 | OpenAI | AI processing (transaction classification, income matching, assertion engine, knowledge-base assistance) | Transaction descriptions, amounts, tenant first names, property names and street addresses (postcodes excluded). PII exclusion is enforced at prompt-construction time in app/services/income_matcher.py; no bank credentials (account numbers, sort codes) are sent to OpenAI. | USA | UK Addendum to EU Standard Contractual Clauses; DPA via API terms | Covered by OpenAI's API Services Agreement and Data Processing Addendum (openai.com/policies/data-processing-addendum). Under OpenAI's published API data-usage policy, API inputs and outputs are not used to train OpenAI models by default. |
| 4 | Clerk | Authentication, user identity management, organisation management | User identity data (name, email, auth events) | USA | UK Extension to EU-US Data Privacy Framework | Covered by Clerk's Data Processing Addendum (clerk.com/legal/dpa), incorporated by reference into Clerk's Terms of Service; transfers under the UK Extension to the EU-US Data Privacy Framework. |
| 5 | Svix | Webhook delivery used by Clerk to forward user/org/membership events to LedgerLet | Clerk webhook payloads: clerk_user_id, primary_email_address, first_name, last_name, and organization_membership events. HMAC signature verified in app/routers/webhooks.py before any payload is processed. | USA | UK Addendum to EU Standard Contractual Clauses | Accepted via Svix terms of service; signature verification enforced in app/routers/webhooks.py |
3. Independent controllers
The following third parties are not Article 28 sub-processors but receive personal data from LedgerLet as independent controllers:
- HM Revenue & Customs (HMRC). When a user explicitly submits their Making Tax Digital (MTD) return through LedgerLet, we transmit their National Insurance Number, business identifier, and the figures for the relevant period to HMRC's Income Tax Self Assessment API. HMRC is the controller of that data once received. No MTD submission is made without a direct, multi-factor-authenticated user action.
4. Notification of changes
Under Article 28(2) UK GDPR we will update this page before any new sub-processor begins processing personal data on our behalf, and we will retain earlier versions on request. To receive notifications of changes, email info@ledgerlet.co.uk.