Privacy Policy

Last updated: September 2, 2025

Ledgerino (“we,” “our,” or “us”), operated by Stefano Amedeo, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and your rights under the General Data Protection Regulation (GDPR).

1. Data We Collect

We collect the following types of data through Ledgerino:

• Account data: email address and display name. Authentication is handled by Google Firebase Authentication via the Google Play Store.
• Uploaded data: financial transactions that you upload to Ledgerino.
• Billing data: payment information is processed entirely by Google Play Store. We do not store or have access to your payment details.
• Usage data: limited analytics data via Firebase Analytics, only with your consent.

2. Purpose and Legal Basis

We process your data for the following purposes:

• To provide the service (account creation via Firebase Authentication, login, storing uploaded financial data) – legal basis: contract.
• To process payments via Google Play Store – legal basis: contract & legal obligation. Payment processing is handled entirely by Google.
• To secure and maintain Ledgerino (logging, security monitoring) – legal basis: legitimate interest.
• To analyze usage and improve Ledgerino via Firebase Analytics – legal basis: consent.

3. Data Retention

• Account data: retained as long as you maintain an account. Deleted within 30 days of account closure. Firebase Authentication data is subject to Google's retention policies.
• Uploaded financial data: retained as long as you maintain an account. Deleted immediately when you delete your account or uploaded data.
• Billing data: retained by Google Play Store according to their policies and as required by tax and accounting laws (typically 6–10 years). We do not directly retain payment information.
• Audit logs: retained up to 12 months, then deleted or anonymized.

4. Subprocessors and Data Transfers

We rely on trusted third-party subprocessors to operate Ledgerino:

• Amazon Web Services (AWS): hosting and infrastructure (EU servers).
• Google LLC (Firebase): authentication, analytics, and cloud services. Data may be transferred to and processed in the United States under Google's Standard Contractual Clauses (SCCs) and Data Processing Agreement.
• Google Play Store: payment processing and subscription management. All payment data is handled exclusively by Google.

We have Data Processing Agreements (DPAs) in place with all subprocessors where applicable.

International Data Transfers: Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure that such transfers comply with GDPR through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

5. Cookies & Tracking

We use cookies to ensure proper functioning of Ledgerino and, with your consent, to collect analytics.

• Necessary cookies: always active, required for the app to function.
• Analytics cookies (Firebase Analytics): only set if you consent. These help us understand how Ledgerino is used and are provided by Google Firebase.

We use Cookiebot to manage consent. You can review or withdraw your consent at any time via the cookie banner or app settings.

For a full list of cookies, see our Cookie Declaration.

6. Your Rights

Under GDPR, you have the following rights:

• Access: request a copy of your personal data.
• Correction: update or correct your information.
• Deletion: request deletion of your data.
• Portability: request your data in a portable format.
• Withdraw consent: withdraw your consent at any time (for analytics cookies).
• Objection/restriction: in certain cases, object to or restrict processing.

To exercise your rights, contact us at privacy@ledgerino.com.

If you are an EU resident and believe we have not handled your data correctly, you also have the right to lodge a complaint with your local Data Protection Authority.

7. Security

We use industry-standard measures to protect your data, including:

• Encryption at rest and in transit.
• Secure password hashing.
• Access controls and audit logs.

8. Links to External Sites

Ledgerino may contain links to external sites not operated by us. If you click a third-party link, you will be directed to that site. We strongly advise you to review the Privacy Policy and terms of any site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites.

9. Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred as part of the business assets. Any acquirer will continue to process your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If significant changes are made, we will notify you via email or in-app notification. Your continued use of Ledgerino after any changes constitutes your acceptance of the updated policy.

11. Contact

If you have questions, concerns, or requests regarding your data, contact us at:

Email: privacy@ledgerino.com