Privacy Policy

Last updated: 7 June 2026. Effective from this date for all new and existing users.

The short version: Ledgester is a zero-knowledge app. Your invoices, customers, quotations, drafts, GSTINs and line items are encrypted in your browser with a key derived from your vault password. We cannot read this data: not on our servers, not in our logs, not under court order. Our database holds only your account identity (your Google email and name if you sign in with Google, or the phone number you sign in with) and your billing plan. None of your business data ever reaches our servers. If you connect Google Drive, the encrypted blob is stored in your own Google account, which we also cannot read.

This Privacy Policy describes how Ledgester ("we", "us", "our") collects, uses, and protects information when you use our website at ledgester.in and the Ledgester web application (collectively, the "Service").

1. What we collect: full inventory

Per signed-in user we hold exactly the following fields on our servers (Firebase Firestore, gst-pro-toolkit project, multi-region):

FieldWhy we hold itRequired?
Google email & display name (if you sign in with Google)Account identifier and loginOne login method required
Phone number (E.164) (if you sign in with a pre-registered phone)Account identifier and loginOne login method required
Firebase Auth UIDInternal account keyYes
Subscription tier, status, trial-end / paid-until datesTo know which features to enable for your account and when to bill youYes
Account created-at timestampAccount aging, support contextYes
Last-active-at timestampTo clean up dormant accounts after long inactivityYes

Everything else stays on your device, encrypted. Specifically:

2. How the encryption works

When you set up your vault, your browser:

  1. Generates a random 256-bit data key.
  2. Derives an encryption key from the password you choose, using Argon2id (a memory-hard key derivation function designed to be slow against brute-force attacks).
  3. Encrypts the data key with your password-derived key and stores it on your device (in your browser's local storage).
  4. Also encrypts the data key with a key derived from a 12-word recovery phrase, shown to you once. We do not see this phrase.
  5. Encrypts every document you create with AES-256-GCM using the data key. The encrypted blobs live in your browser's IndexedDB.

If you choose to back up to Google Drive, the same encrypted blobs are uploaded to a hidden folder in your own Google account using the drive.appdata scope. This folder is invisible in your normal Drive UI and is only accessible by Ledgester. We never receive a copy.

Ledgester's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request only the drive.appdata scope, use it solely to store and retrieve your own encrypted backup in your Google account's hidden App Data folder, never transfer this data to third parties, and never use it for advertising or any purpose other than the backup and restore feature you explicitly enable.

The plaintext data key only exists in your browser's RAM, only while you are signed in and unlocked. When you close the tab, lock the vault, or sign out, the key is wiped. The next session requires you to re-enter your password (or recovery phrase) to derive it again.

3. What this means in practice

4. Analytics, cookies, and tracking

We use Google Analytics 4 on the public landing pages (ledgester.in and the tool reference pages) to understand which articles get traffic. GA records anonymous page views and aggregate sessions. We do not run analytics inside the encrypted app at /app/; anything you do after sign-in is invisible to us by design.

The only cookies / browser storage we use:

No advertising cookies. No third-party trackers inside the app.

5. Sub-processors

ProviderWhat they handleWhat they can see
Google FirebaseAuth, Firestore, HostingAccount identity (Google email + name, or phone), plan, last-active timestamp
Google Sign-In (OAuth)Verifies your identity when you choose "Continue with Google"Your Google email, name, and profile photo URL
Google Analytics 4Landing-page traffic onlyAnonymous page views on /, /tools/, /privacy.html etc.
Razorpay (when you upgrade to a paid plan)Payment processingYour card / UPI details and the plan you bought. We do not store card data ourselves.
Google Drive (if you opt in)Encrypted backup storage in your Google accountAn opaque encrypted blob in a hidden folder; no plaintext

6. Data we do NOT collect

7. Your rights (DPDP Act, 2023, India)

Under India's Digital Personal Data Protection Act, 2023, you have the right to:

For EU/UK residents: equivalent rights under GDPR / UK GDPR apply.

8. Children

The Service is for businesses and tax professionals. It is not directed at children under 18. We do not knowingly collect data from minors.

9. Data retention

10. Changes to this policy

Material changes will update the "Last updated" date above and be announced in-app. We will not retroactively reduce your privacy protections.

11. Contact

For privacy questions, data requests, or to report a security issue, email [email protected].