Privacy Policy

Effective date: May 20, 2026

This Privacy Policy explains how InEx Ledger collects, uses, stores, discloses, retains, and protects personal information when you use the website, application, billing flows, support channels, and related services.

Who controls your information

Mejor Tech LLC, operating as InEx Ledger, is responsible for the personal information handled through the service. Privacy questions, access requests, correction requests, deletion requests, and complaints may be sent to the Privacy Officer at privacy@inexledger.com.

Privacy Officer: InEx Ledger Privacy Team.
Contact: privacy@inexledger.com

This contact point handles privacy requests and incident questions. A specific internal individual or delegate may be assigned to that role operationally even when the public contact remains this mailbox.

Information we collect

Account information such as email address, password hash, verification status, MFA state, and account timestamps.
Business profile information such as business name, region, province or state, currency context, and language preferences.
Bookkeeping records such as accounts, categories, transactions, mileage, receipts, notes, exports, onboarding selections, and related metadata you submit.
Billing and subscription information such as plan state, Stripe customer or subscription references, and limited invoice or checkout metadata.
Security and usage information such as session identifiers, IP-derived abuse signals, device verification events, authentication logs, audit events, and rate-limit activity.
Support and communications data such as email correspondence, issue descriptions, screenshots, and troubleshooting material you choose to send us.

How we use information

Provide, operate, maintain, secure, and improve the service.
Create and manage accounts, authenticate users, prevent fraud, and protect against abuse or unauthorized access.
Store, display, organize, process, export, and return the bookkeeping records and documents you instruct us to handle.
Manage subscriptions, billing events, invoices, trials, and customer support.
Respond to legal obligations, enforce our terms, investigate incidents, and preserve system integrity.
Perform limited operational analytics and service diagnostics that help us understand reliability, errors, and feature health.

How we disclose information

We do not sell personal information, and we do not use your bookkeeping data for targeted advertising. We may disclose personal information only in the following categories of circumstances:

To infrastructure, communications, hosting, security, and payment providers that process information on our behalf subject to contractual restrictions.
To your authorized collaborators, business administrators, or advisers when you invite, grant, or maintain access for them.
To professional advisers, auditors, insurers, and financing or acquisition counterparties where reasonably necessary for legitimate business operations.
To comply with law, regulation, subpoena, court order, lawful government request, or to protect rights, safety, and platform security.
As part of a merger, acquisition, financing, reorganization, or asset sale, subject to appropriate confidentiality protections.

Service providers and processors

We use third-party providers to operate the service. Depending on the features you use and the deployment configuration, these providers may process personal information on our behalf.

Railway for application hosting, infrastructure, and storage.
Stripe for subscriptions, billing, and payment-related account metadata.
Resend for transactional email delivery.
Plaid for bank-linking features when enabled.
Anthropic for receipt OCR when that feature is enabled on the server.
Approved geolocation providers for limited sign-in security checks based on IP address.

Cross-border processing

Information may be processed or stored in the United States and other jurisdictions where InEx Ledger or its service providers operate. Those jurisdictions may have privacy laws different from the laws of your province, state, or country and may permit access by courts, regulators, or law-enforcement authorities under their own laws.

Our production infrastructure and support tooling may process data in the United States. By using the service, you acknowledge that cross-border processing may occur subject to the safeguards described in this policy and our vendor controls.

Cross-border processing may occur through hosting, billing, email delivery, bank-linking, receipt OCR, and security-support vendors depending on the features in use.

Cookies, local storage, and similar technologies

We use essential cookies, local storage, and similar technologies for authentication, session continuity, security, preferences, and product functionality. If we introduce non-essential tracking, advertising, or analytics technologies that require notice or consent, we will update this policy and any required consent flow before enabling them.

Retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy, to satisfy legal, accounting, audit, tax, dispute-resolution, backup, and security obligations, and to enforce our agreements.

Live business records generally remain available until you delete them, close the account, or they are otherwise removed through product controls.
Transaction, receipt, invoice, export-history, and related business records may be retained for up to 7 years where needed for bookkeeping, tax, audit, dispute, or compliance purposes.
Session, verification, and reset artifacts are retained only for their operational lifetime or related security needs.
Consent, security, and incident records may be retained longer where needed to document compliance, fraud prevention, chargeback defense, or incident handling.
Backups and disaster-recovery copies may persist for a limited retention period before they are overwritten.

Security

We use administrative, technical, and organizational safeguards designed for the sensitivity of the information we handle, including authentication controls, session management, transport encryption, field encryption for selected sensitive values, logging, rate limiting, and vendor controls. No system is perfectly secure, and no method of transmission or storage can be guaranteed to be completely secure.

If we identify a security or confidentiality incident that requires notice under applicable law, we will investigate, document, and provide notices as required.

Some fields and files may require additional protection or operational controls over time as the system evolves. This policy does not claim that every field or every stored document is encrypted in every context.

Your privacy choices and rights

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, portability of, or restriction on certain personal information, to withdraw consent where consent is the legal basis, and to complain to a privacy regulator.

Signed-in users may use account settings and in-product tools to manage data, exports, privacy preferences, and account deletion flows where available.
We may need to verify your identity before honoring a request.
Some rights are subject to legal exceptions, technical limitations, recordkeeping obligations, and legitimate security needs.

Regulatory complaints

If you are not satisfied with how we handled a privacy matter, please contact our Privacy Officer first. You may also contact the privacy regulator responsible for your jurisdiction where applicable.

Canada: Office of the Privacy Commissioner of Canada, www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/
Quebec: Commission d'accès à l'information du Québec, www.cai.gouv.qc.ca

Children

InEx Ledger is intended for business and bookkeeping use and is not directed to children under 13. If we learn that we collected personal information from a child in violation of applicable law, we will take steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted unless a later effective date is stated. If a change materially affects how we handle personal information, we may provide additional notice where required by law.