Privacy Policy

1 Who We Are

Ledgersys is a Bitcoin finance intelligence platform operated from South Africa. We provide Bitcoin tax calculation, financial reporting, and intelligence services to individuals, accountants, and enterprises in over 190 countries.

When this policy refers to "Ledgersys", "we", "us" or "our", it refers to the Ledgersys platform and its operators. When it refers to "you" or "your", it refers to any person accessing or using the Ledgersys platform.

You can contact us at any time at support@ledgersys.live or via WhatsApp at 081 576 5075.

2 What Data We Collect

We collect the minimum data necessary to provide our service. Nothing more.

Account Data

When you create an account, we collect your full name, email address, country, and a hashed version of your password. We never store your password in plain text.

Transaction Data

When you upload a CSV file or connect an exchange via API, we process and store your Bitcoin transaction history. This includes transaction dates, amounts, types (buy, sell, transfer), and the exchanges or wallets involved. This data is used exclusively to calculate your tax position and generate your financial reports.

Usage Data

We collect standard web server logs including IP addresses, browser type, pages visited, and timestamps. This data is used only to maintain security, diagnose technical issues, and understand how the platform is used in aggregate. We do not use it to profile individuals.

Payment Data

If you pay by card, payment processing is handled entirely by our payment processor. We do not store card numbers, CVV codes, or any other payment card data on our servers. If you pay by Bitcoin via BTCPay Server, we record the transaction amount and confirmation status only.

Communications

If you contact us by email, WhatsApp, or via our contact form, we retain those communications in order to respond and resolve your query.

3 How We Use Your Data

We use your data for one purpose: to provide you with the Ledgersys service. Specifically:

• To calculate your Bitcoin tax position under the rules of your selected jurisdiction
• To generate your tax reports and financial statements
• To display your transaction history and portfolio overview in your dashboard
• To authenticate you and maintain your account session securely
• To process your subscription payments and manage billing
• To respond to your support requests and enquiries
• To send you service-related notifications such as report availability and system status updates
• To improve the platform — using aggregate, anonymised usage patterns only

We do not use your data for advertising. We do not build user profiles for any purpose other than providing your Ledgersys service.

4 What We Never Do

5 Data Storage and Security

All Ledgersys data is stored on secured servers. We apply the following technical measures to protect your data:

• Passwords are hashed using industry-standard methods and never stored in plain text
• Exchange API keys are encrypted at rest using AES-256 encryption
• All connections to the Ledgersys platform are encrypted via HTTPS/TLS
• Access to production systems is restricted to authorised personnel only
• We conduct regular security reviews of our infrastructure

No security system is perfect. In the event of a data breach affecting your personal data, we will notify you by email within 72 hours of becoming aware of the incident, consistent with applicable data protection law.

6 API Keys and Exchange Connections

When you connect an exchange via API, you generate a read-only API key from your exchange and provide it to Ledgersys. We use this key only to retrieve your transaction history. We recommend — and in some cases require — that you generate keys with read-only permissions only.

All stored API keys are encrypted at rest using AES-256 encryption. Keys are never displayed in full after initial entry. Keys are never transmitted to third parties. You can revoke any connected API key at any time, from within your Ledgersys dashboard or directly on your exchange.

If you believe an API key has been compromised, revoke it immediately on your exchange. Your Ledgersys account will prompt you to reconnect with a new key.

7 Cookies

Ledgersys uses cookies strictly for the operation of the platform. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The cookies we use are:

• Session cookie: Keeps you logged in during your browser session. Deleted when you close your browser or log out.
• Security cookie: Protects against cross-site request forgery attacks. Essential for platform security.

You can read more in our Cookie Policy. You can control cookies through your browser settings, but disabling session cookies will prevent you from logging into Ledgersys.

8 Third-Party Services

Ledgersys uses a small number of third-party services to operate the platform. Each is subject to its own privacy policy:

• BTCPay Server: Self-hosted Bitcoin payment processing. Transaction amount and confirmation data only. No personal financial data shared.
• Google Fonts: Font delivery via Google's CDN. Subject to Google's privacy policy.
• Cloudflare CDN: Icon library delivery. Subject to Cloudflare's privacy policy.
• PythonAnywhere: Hosting infrastructure. Subject to PythonAnywhere's privacy policy.

We do not integrate with advertising networks, social media tracking, or any data broker services.

9 Your Rights

Regardless of your location, Ledgersys respects the following rights in relation to your personal data:

• Right to access: You can request a full export of all personal data we hold about you at any time.
• Right to correction: You can update your account information at any time via Account Settings.
• Right to deletion: You can request deletion of your account and all associated data. We will complete deletion within 30 days of your request.
• Right to portability: You can export your full transaction history and all generated reports in standard formats at any time.
• Right to object: You can object to any specific use of your data by contacting us at support@ledgersys.live.
• Right to withdraw consent: Where processing is based on your consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@ledgersys.live. We will respond within 30 days.

10 Data Retention

We retain your data for as long as your account is active and for a reasonable period after account closure to allow you to export your data. Specifically:

• Account data is retained for the duration of your account plus 30 days after closure
• Transaction data is retained for the duration of your account plus 30 days after closure
• Support communications are retained for 2 years
• Payment records are retained for 7 years for accounting and legal compliance purposes
• Server logs are retained for 90 days and then permanently deleted

After the applicable retention period, data is permanently deleted from our systems. You can request earlier deletion at any time.

11 Children's Privacy

Ledgersys is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has created a Ledgersys account, please contact us at support@ledgersys.live and we will delete the account and all associated data immediately.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The updated policy will always be available at ledgersys.live/privacy with the date of last update clearly shown.

Your continued use of Ledgersys after the effective date of any update constitutes your acceptance of the revised policy. If you do not agree with the changes, you may close your account and request deletion of your data before the effective date.

13 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact us:

We will respond to all privacy-related enquiries within 30 days. For urgent matters, WhatsApp is the fastest way to reach us.