Privacy Policy

1. Introduction

LedgerMatters ("we," "us," or "our") provides a cloud-based legal practice management platform designed for solo attorneys and small law firms. We understand that attorneys have heightened obligations to protect client confidentiality under applicable Rules of Professional Conduct and attorney-client privilege. This Privacy Policy explains how we collect, use, store, and protect your information and the information of your clients that you entrust to our platform.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, password (stored only in hashed form), and optionally your law firm name. If you subsequently complete your firm profile in Settings, we additionally collect any details you provide there — for example, your firm address, attorney bar number, phone number, default billing rate, and logo. Billing address for subscription payments is collected by Stripe at checkout and not stored on our servers (see §2.4).

2.2 Client and Matter Data

You may enter client names, contact information, case details, legal notes, documents, billing records, trust account transactions, and communications. This data is entered and controlled entirely by you. We act as a data processor on your behalf.

2.3 Usage and Technical Data

We collect IP addresses, browser type, device identifiers, pages visited, feature usage patterns, and error logs to maintain service quality and security. We do not use this data for advertising purposes.

2.4 Payment Information

Subscription payments are processed by Stripe, a PCI-compliant third-party payment processor. We do not store credit card numbers, CVVs, or full bank account details on our servers. What we receive from Stripe and store on our side: a Stripe customer ID, a subscription ID, the current plan, current subscription status (e.g. trialing / active / canceled), the period end date, and — for display in your billing settings — the last four digits and brand of the active payment method.

For separate per-firm payment processing (where an attorney accepts payments from their own clients via LedgerMatters), an attorney may store their own Stripe API key encrypted at rest in our database. That key is used only to charge that attorney's clients on the attorney's behalf and is never shared with anyone else.

2.5 AI Feature Data

When you use AI-powered features (document drafting, legal research, analytics), relevant text is processed by our built-in legal AI engine. We do not use your data to train AI models. See Section 8 for details.

3. How We Use Your Information

• To provide, maintain, and improve the LedgerMatters platform
• To authenticate your identity and manage your account
• To process payments and manage your subscription
• To send transactional communications (invoices, security alerts, service updates)
• To respond to your support requests
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell, rent, or share your personal information or client data with advertisers or data brokers.

4. Attorney-Client Privilege and Confidentiality

We recognize that data you store on LedgerMatters may be protected by attorney-client privilege, work product doctrine, or other legal protections. We treat all client and matter data as confidential. Our employees access your data only when strictly necessary for technical support, and only with your authorization or as required by law.

5. Data Security

• Encryption in transit (TLS 1.2+) for all data transmissions
• Encryption at rest (AES-256) for stored data
• Password hashing with bcrypt (cost factor 12)
• Role-based access controls within the platform
• Audit logging of security-sensitive operations
• Rate limiting and brute-force protection on authentication endpoints
• Regular security assessments and dependency audits

No system is 100% secure. If we discover a breach affecting your data, we will notify you within 72 hours as required by applicable law.

6. Data Retention and Deletion

We retain your account and matter data for as long as your account is active. You may export all of your data at any time using the built-in export feature. Upon account deletion, we will permanently remove your data within 30 days, except where retention is required by law.

7. Third-Party Services

We use the following third-party services to operate LedgerMatters:

• Stripe — Payment processing.
• Vercel — Application hosting and deployment.
• Neon — PostgreSQL database hosting.
• Resend — Transactional email delivery.

8. AI Features and Data Processing

LedgerMatters includes a built-in legal AI engine for document drafting, legal research, contract analysis, and case assessment. Key protections include:

• Your data is not used to train AI models
• AI processing is stateless
• You control which content is submitted to AI features
• AI outputs are clearly labeled as AI-generated
• AI features do not constitute legal advice (see our Terms of Service)

9. Cookies and Analytics

We use essential cookies for authentication and session management. We use Google Analytics to understand aggregate usage patterns. You may opt out of analytics cookies via our cookie consent banner. We do not use advertising cookies.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data
• Export your data in a portable format
• Opt out of analytics data collection
• Withdraw consent where processing is based on consent

California residents have additional rights under the CCPA/CPRA. We do not sell personal information as defined under the CCPA.

11. Children's Privacy

LedgerMatters is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and by posting the updated policy on this page with a new effective date.

13. Contact Us

If you have questions about this Privacy Policy, contact us at: