Privacy Policy
Effective date
April 7, 2026
This policy explains how InEx Ledger collects, uses, stores, discloses, and deletes personal information when you use the bookkeeping application, website, support channels, and related export tools.
Who controls your information
InEx Ledger is the organization responsible for personal information handled through the service. Privacy questions, access requests, correction requests, deletion requests, and complaints may be sent to the Privacy Officer at privacy@inexledger.com.
Privacy Officer: InEx Ledger Privacy Team.
Contact: privacy@inexledger.com
For Quebec users, the InEx Ledger Privacy Officer is the person responsible for the protection of personal information (responsable de la protection des renseignements personnels) for the service, as required by Quebec Law 25.
Information we collect
- Account data such as email address, password hash, email-verification status, and account timestamps
- Business profile data such as business name, region, province, and language preferences
- Bookkeeping records such as accounts, categories, transactions, mileage, receipts, and notes you enter
- Export history and redacted export metadata needed to provide export features and auditability
- Security and session data such as authentication tokens, rate-limit events, and fraud or abuse signals
- Support communications and troubleshooting details you send to us
How we use information
- Provide and secure the service
- Authenticate users and protect accounts
- Store and organize bookkeeping records at your direction
- Generate exports, reports, and download files you request
- Maintain logs, backups, and incident-response records
- Respond to support, legal, and compliance obligations
- Improve reliability and product performance using limited operational analytics
How we disclose information
We do not sell personal information and we do not use your bookkeeping data for targeted advertising. We may disclose information only to service providers and infrastructure vendors that help us operate the product, to professional advisers, during a business transfer, or when required by law.
If we use service providers outside your province or country, we require them to protect the data and only use it for the contracted service.
Cross-border processing
Information may be processed or stored in the United States and other jurisdictions where our service providers operate. Those jurisdictions may permit access by courts, regulators, or law-enforcement authorities under their own laws.
Notice regarding U.S. laws: InEx Ledger’s infrastructure is hosted in the United States by Railway.app. Your data may be processed in the United States and is therefore subject to U.S. laws, including the U.S.A. Patriot Act, which may permit U.S. authorities to access your data without notifying you. By using InEx Ledger, you acknowledge this cross-border transfer and the applicable legal framework.
For Quebec residents, a Privacy Impact Assessment (PIA) covering this cross-border transfer is available at SECURITY_PLAN.md. Safeguards include AES-256-GCM at-rest encryption, TLS 1.3 in-transit encryption, and mandatory MFA for all professional (CPA) access.
Cookies and similar technologies
The app uses essential local storage, cookies, and similar technologies for authentication, preferences, session continuity, and security. If we introduce non-essential analytics, advertising, or cross-site tracking technologies, we will update this policy and any required consent flow before enabling them.
Your privacy rights
Depending on where you live and the laws that apply, you may have rights to access, correct, delete, or export your information, withdraw consent where consent is the legal basis, and complain to a privacy regulator. Certain U.S. state privacy laws may also provide rights to opt out of sale, sharing, or profiling, although InEx Ledger does not currently sell personal information or use profiling for decisions with legal or similarly significant effects.
Canadian and Quebec users may also request access to personal information we hold about them and ask us to correct inaccurate information.
How to exercise rights
Signed-in users can use Settings to download data, update privacy preferences, delete business records, or delete the entire account. You may also email the Privacy Officer at privacy@inexledger.com. We may need to verify identity before processing a request.
Regulatory complaints
If you are unsatisfied with how we have handled a privacy matter, you may escalate your complaint to the relevant privacy regulator for your jurisdiction after first contacting our Privacy Officer.
Canada (PIPEDA): Canadian residents may file a formal complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/ .
Quebec (Law 25): Quebec residents may also file a complaint with the Commission d’accès à l’information (CAI) at www.cai.gouv.qc.ca .
Retention
We keep information only as long as needed for the purposes described in this policy, to comply with law, resolve disputes, enforce agreements, and maintain security records. When you delete business data or your account, live production records are removed or de-identified, and limited backup copies may remain for a short retention period before they are overwritten.
Security and confidentiality incidents
We use administrative, technical, and physical safeguards designed for the sensitivity of the information, including password hashing, least-privilege access, transport encryption, and logging controls. No system is perfectly secure. If a confidentiality or security incident occurs, we will investigate it, document it, and provide notices required by applicable law.
Children
InEx Ledger is intended for business and bookkeeping use and is not directed to children under 13. If we learn that we collected personal information from a child in violation of applicable law, we will delete it.
Policy changes
We may update this policy from time to time. We will post the new version here and update the effective date above. If a change materially affects how we handle personal information, we will provide additional notice where required.