Privacy Policy

Last updated: May 23, 2026

Lejr is an accounting platform. You can run your books entirely on your own, and you can optionally connect an AI assistant that reads from and writes to them on your behalf. This policy explains what we collect, why, and who else is involved when you use the product — with or without an AI assistant.

Information we collect

  • Account info. Email address and (if you sign in with Google) the name and avatar your identity provider returns.
  • Ledger data. Everything you or your LLM records: accounts, journal entries, invoices, customers, vendors, products, and supporting notes.
  • Usage data. Timestamps, IP address, and basic request logs for security, rate limiting, and debugging.
  • Billing info. If you subscribe, our payment processor (Stripe) handles card details — we never see or store them.

How we use it

  • Operate the ledger — store, retrieve, and display your books.
  • Authenticate you, keep your session safe, and route requests to the correct organization.
  • Communicate transactional messages (sign-in links, password resets, billing receipts, important service notices).
  • Investigate abuse, fraud, or security incidents.

We do not sell your data, and we do not use your ledger contents to train machine-learning models.

Who else processes your data

Lejr runs on a small set of subprocessors. Each one handles a specific job, under their own privacy and security commitments.

  • Supabase — database, authentication, file storage.
  • Vercel — application hosting and edge network.
  • Anthropic— if you connect Claude to Lejr via MCP, your prompts and tool calls flow through Anthropic's API. Claude does not have blanket access to your ledger — only the tools you grant it.
  • Stripe — subscription billing (only if you pay).
  • ZeptoMail — transactional email (sign-in links, receipts).
  • Plaid— if you connect a bank account, Plaid Inc. brokers the connection to your financial institution and returns account, balance, and transaction data to Lejr. Plaid's handling of the data it collects during the connection flow is governed by Plaid's End User Privacy Policy. You can review the data Plaid has collected, and revoke Plaid's access, at any time at my.plaid.com.

Data you share with AI assistants

When you connect a language model (Claude, or another LLM) to Lejr via MCP, the assistant reads from and writes to your ledger on your behalf. The content of your conversation, including any ledger data the model retrieves, is subject to that provider's privacy terms — not ours. See Anthropic's privacy policy if you use Claude.

Retention and deletion

We retain personal data only as long as we need it for the purposes described in this policy, in line with applicable privacy laws (including the California Consumer Privacy Act and, where it applies, the EU General Data Protection Regulation).

  • Active accounts. Ledger data, account info, and connected-bank data are retained while your account is active.
  • After cancellation or deletion request. We retain your ledger for up to 30 days so you can restore or export it, then permanently delete it from our primary database.
  • Database backups. Backups roll off on a 30-day window. After that, deleted data is gone from backups too.
  • Request and access logs. Operational logs (IPs, timestamps, request metadata) are retained for 90 days for security and debugging, then deleted.
  • Bank credentials. If you disconnect a bank, we revoke the access token with Plaid and null the encrypted credential in our database immediately. Account and transaction data already imported into your ledger follows the same lifecycle as the rest of your ledger.
  • Billing records. Stripe retains invoice and payment records for the period required by tax and accounting law (typically seven years in the US). We retain the corresponding subscription metadata for the same period.
  • Email logs. Transactional email logs (sign-in codes, receipts) are retained by ZeptoMail per their own retention schedule (typically 30 days).

We review this retention policy at least once a year, and sooner if applicable laws or our subprocessors change.

Your rights and choices

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to opt out of certain uses. To exercise any of these rights:

  • Export your data at any time from Settings.
  • Disconnect a bank in Settings → Integrations. We revoke the Plaid access token and null the stored credential immediately.
  • Revoke a connected LLM in Settings → Integrations at any time.
  • Delete your account, or make any other rights request, by emailing privacy@lejr.app. We confirm your identity, then complete the request within 30 days of confirmation (and tell you sooner if we need an extension, as the law allows).

We will not discriminate against you for exercising any of these rights.

Cookies

Lejr uses only the cookies it needs to work. We do not use advertising cookies, and we do not sell or share data for cross-site tracking.

  • Essential cookies.A secure session cookie keeps you signed in and routes requests to the right organization. Without it, you can't use the app.
  • Privacy-friendly analytics.We measure aggregate traffic with a cookieless analytics tool — it sets no tracking cookie and doesn't build a profile of you across sites.

Because we only set strictly-necessary cookies, you won't see a cookie-consent banner. You can clear cookies in your browser at any time, but doing so will sign you out.

Security

Data is encrypted in transit (TLS) and at rest. Row-level security isolates each organization's data at the database layer. We follow least-privilege access internally. No system is perfectly secure — if we learn of a breach affecting your data, we'll notify you.

Contact

Questions about this policy or your data? privacy@lejr.app