Privacy Policy

1. Information we collect

We keep data collection deliberately minimal. We collect:

• Owner email address. Provided when you create a ledger. Used to identify your account, enforce plan limits, send verification and (if you opt in) notification emails, and link your subscription.
• Ledger content. The ledger names, categories, expenses, amounts, notes, and currency you enter. This is your data — we store it to provide the Service and do not use it for any other purpose.
• Authentication data. A ledger password, which we store only as a salted bcrypt hash — never in plain text.
• Payment data. If you subscribe to a paid plan, payment is handled entirely by Stripe. We do not see or store your full card number. We retain only subscription status and identifiers needed to manage your plan.
• Technical data. Standard server logs (such as IP address and request metadata) generated by our hosting provider for security and reliability.

We do not sell your data, run advertising, or use third-party tracking/analytics cookies.

2. How we use information

• Provide, operate, and maintain the Service.
• Authenticate access to your ledgers and keep them secure.
• Enforce free-plan limits and manage paid subscriptions.
• Send transactional emails (email verification, billing).
• Send optional notification emails you have explicitly opted into.
• Detect, prevent, and address abuse, fraud, or technical issues.
• Comply with legal obligations.

3. Sharing and disclosure

We share data only with the service providers ("sub-processors") required to run the Service:

• Stripe — payment processing and subscription billing.
• Resend — sending transactional and notification emails.
• Railway — application hosting and managed PostgreSQL database.

Each processes data on our behalf under its own terms and privacy commitments. We do not otherwise sell, rent, or trade your personal information. We may disclose information if required by law or to protect the rights, safety, and security of our users or the Service.

4. Public and shared ledgers

You control the visibility of each ledger. A ledger marked public, or one you share via a view-only share link, can be viewed by anyone who has the URL — they cannot edit it. Do not place sensitive personal information in a ledger you intend to make public or share. Owner email addresses are never shown to public or share-link visitors.

5. Data retention

We retain your ledger data for as long as your ledger exists. When you delete a ledger, its expenses and categories are permanently removed. We may retain limited billing records for as long as required by law or accounting obligations. You can request deletion of your account data by contacting us.

6. Security

We protect data with industry-standard measures: encrypted transport (HTTPS), bcrypt-hashed passwords, encrypted session cookies, and access controls so each ledger's password grants access only to that ledger. No method of transmission or storage is perfectly secure, but we work to protect your information.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at [email protected]. We will respond within a reasonable timeframe.

8. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data.

9. International users

The Service is operated from Malaysia and uses providers that may process data in other countries. By using the Service you consent to your data being transferred and processed in those locations.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by additional notice.

12. Contact

Questions about privacy? Email [email protected].