Ledger Pro ← Back to App
📋 Legal Document

Privacy Policy

This Privacy Policy describes how Ledger Pro ("we", "us", or "our") collects, uses, and protects your personal information when you use our application and services.

📅 Effective Date: March 21, 2025  |  Last Updated: March 21, 2025
1Introduction & Scope

Ledger Pro is a cloud-based business ledger and account management application ("Service") developed and operated for small and medium enterprises in India. This Privacy Policy applies to all users who access or use our Service via the website hissabcopy.in and any associated mobile applications.

This Policy is formulated in compliance with:

  • The Information Technology Act, 2000 ("IT Act") and its amendments
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")
  • The Digital Personal Data Protection Act, 2023 ("DPDP Act")
2Data Controller / Fiduciary

Under the DPDP Act, 2023, Ledger Pro acts as a Data Fiduciary. If you are a registered user who adds customer data to the platform, you may independently act as a Data Fiduciary for that data. We act as a Data Processor for the customer records you store.

By using Ledger Pro, you acknowledge that you have read, understood, and consent to this Privacy Policy as required under Section 6 of the DPDP Act, 2023.

3Information We Collect

We collect the following categories of personal data:

  • Account Identity Data: Name, email address, and profile picture — obtained via Google Sign-In (OAuth 2.0) when you authenticate.
  • Business Profile Data: Business name, contact number, bank details (bank name, account number, IFSC code, UPI ID) — entered voluntarily by you in the app.
  • Transactional Data: Customer names, phone numbers, transaction amounts, dates, and descriptions that you record in your ledger.
  • Usage Data: Log data such as IP addresses, browser type, device information, and pages visited, collected automatically for security and analytics.
  • Cookies & Local Storage: Firebase Authentication tokens stored locally to maintain your session.

We do not collect sensitive financial data such as passwords, full credit/debit card numbers, or CVVs.

4How We Collect Data (Google Authentication)

When you sign in with Google, we use Google's OAuth 2.0 protocol via Firebase Authentication. This process:

  • Redirects you to Google's secure sign-in page — we never see your Google password.
  • Receives a verified identity token containing your name, email, and profile photo from Google.
  • Creates or updates your Ledger Pro account using this token.

Google's own Privacy Policy governs data shared during authentication. We recommend reviewing it at policies.google.com/privacy.

5Purposes of Data Processing

We process your data for the following legitimate purposes (as per Section 4 of the DPDP Act, 2023):

  • To create and manage your Ledger Pro account and authenticate your identity.
  • To provide core ledger and business management features of the Service.
  • To sync your data securely across devices via Firebase Firestore.
  • To generate PDF statements and WhatsApp messages as requested by you.
  • To send service-related communications (e.g., password reset emails).
  • To improve, diagnose, and ensure the security of our application.
  • To comply with applicable laws and legal obligations in India.

We do not use your data for advertising, profiling, or sell it to third parties.

6Data Storage & Security (Firebase)

All data entered into Ledger Pro is stored in Google Firebase Firestore, a cloud-hosted NoSQL database operated by Google LLC. Firebase provides:

  • Encryption at rest: All data stored in Firestore is encrypted using AES-256.
  • Encryption in transit: All communication between the app and Firebase servers is secured via HTTPS/TLS 1.2+.
  • Access Control: Firestore Security Rules ensure that only authenticated users can access their own data.
  • Data Centre: Firebase data is stored on Google Cloud infrastructure, which may be hosted in data centres outside India. By using our Service, you consent to this cross-border transfer as permitted under Section 16 of the DPDP Act, 2023.

We implement reasonable security practices as mandated under Rule 8 of the IT (SPDI) Rules, 2011, including using industry-standard authentication, access controls, and encryption.

7Data Sharing & Disclosure

We do not sell or rent your personal data. We share your data only in these limited circumstances:

  • Google / Firebase (Service Provider): For authentication and data storage as described above.
  • WhatsApp / OEM Apps: When you use the "Send WhatsApp" feature, the message content is passed to the WhatsApp application on your device. We do not transmit this data to WhatsApp's servers on your behalf.
  • Legal Requirements: We may disclose your data if required by law, court order, or any competent government authority under applicable Indian law.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, subject to the same privacy obligations.
8Your Rights (DPDP Act, 2023)

As a Data Principal under the DPDP Act, 2023, you have the following rights:

  • Right to Access (Section 11): Request a summary of the personal data we hold about you and the purposes of processing.
  • Right to Correction (Section 12): Request correction of inaccurate, incomplete, or outdated personal data.
  • Right to Erasure (Section 12): Request deletion of your personal data, subject to our legal retention obligations.
  • Right to Grievance Redressal (Section 13): Lodge a complaint with our Grievance Officer (details below).
  • Right to Withdraw Consent (Section 6): Withdraw consent at any time, which will result in discontinuation of the Service for your account.
  • Right to Nominate (Section 14): Nominate an individual to exercise rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact our Grievance Officer using the details in Section 11 of this Policy.

9Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service and comply with our legal obligations. Specifically:

  • Account and business profile data is retained until you delete your account.
  • Transaction and ledger data is retained until you delete it from the app or delete your account.
  • Upon account deletion, we will delete your data from our active databases within 30 days and from backup systems within 90 days.
10Children's Privacy

Ledger Pro is intended for use by adults (18 years and above) for business purposes. We do not knowingly collect personal data from minors under 18 years of age. If we become aware that we have collected data from a minor, we will take steps to delete it promptly, as required under Section 9 of the DPDP Act, 2023.

11Grievance Officer & Contact

In accordance with the IT Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer. You may contact us for any privacy-related queries or complaints:

Grievance Officer
Ledger Pro Team
Platform
hissabcopy.in
Resolution Time
Within 30 days of receipt of grievance
Governing Law
India – DPDP Act, 2023 & IT Act, 2000

We will address your complaint within 30 days of receipt, as required under Rule 5(9) of the SPDI Rules, 2011.

12Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the "Last Updated" date at the top of this Policy. Your continued use of the Service after any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

© 2025 Ledger Pro. All rights reserved.

← Back to App  ·  Terms & Conditions