Privacy Policy
Effective date: March 25, 2026 Last updated: March 25, 2026
Contractor’s Ledger, Inc. (“Contractor’s Ledger,” “we,” “our,” or “us”) operates the platform available at contractorsledger.com (the “Service”). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you have over it.
By creating an account or using the Service, you agree to the practices described in this Policy. If you do not agree, do not use the Service.
1. Who This Policy Covers
This Policy applies to:
- Subscribers — contractors, sole proprietors, and business owners who create a paid or free-trial account.
- Client data subjects — your customers whose names, contact details, or invoice records you enter into the platform on their behalf.
- Website visitors — anyone who visits contractorsledger.com without creating an account.
When you enter your clients’ information into Contractor’s Ledger, you act as the data controller for that information and we act as the data processor. You are responsible for having a lawful basis to share that data with us.
2. Information We Collect
2a. Information You Provide Directly
| Category | Examples |
|---|---|
| Account registration | Full name, email address, password, company name, business type |
| Business profile | Business address, phone number, tax identification number (EIN/SSN), state of incorporation |
| Financial records | Job names, contract amounts, cost codes, expense entries, invoice line items, payment amounts |
| Client records | Client name, email, phone number, mailing address, billing terms |
| Payment information | Credit or debit card details processed by our payment processor (we do not store raw card numbers) |
| Support communications | Messages, attachments, and context you send when contacting support |
2b. Information Collected Automatically
When you use the Service or visit our website, we automatically collect:
- Usage data — pages viewed, features used, buttons clicked, session duration, and error events
- Device and browser data — IP address, browser type and version, operating system, screen resolution, and referring URL
- Log data — server logs including timestamps, request paths, and response codes
- Cookie and tracking data — described in Section 8 below
2c. Information from Third Parties
We may receive information about you from:
- Payment processors (Stripe) — transaction confirmations, dispute notices, and fraud signals
- Authentication providers — if you sign in with Google or another OAuth provider, we receive your name and email address from that provider
- Public sources — state contractor license databases, business registries, or other sources used to verify account information
3. How We Use Your Information
We use the information we collect to:
- Provide the Service — create and maintain your account, process your financial entries, generate invoices, and calculate job cost reports
- Process payments — charge your subscription, issue refunds, and handle billing disputes
- Send transactional messages — account confirmations, invoice delivery, payment receipts, password resets, and service alerts
- Provide customer support — respond to questions, diagnose technical issues, and resolve disputes
- Improve the platform — analyze usage patterns, identify bugs, and develop new features
- Detect and prevent fraud — monitor for unusual activity and investigate suspected violations of our Terms of Service
- Comply with legal obligations — respond to lawful requests from courts, regulators, or law enforcement
- Send product communications — feature announcements and product updates (you can opt out at any time)
We do not use your financial data or your clients’ data to train machine learning models, sell to advertisers, or build audience profiles.
4. How We Share Your Information
We do not sell your personal information. We share data only in the following circumstances:
4a. Sub-processors and Service Providers
We engage third-party vendors to operate the Service. Each is contractually required to handle your data only as directed by us and in accordance with applicable law.
| Vendor | Purpose |
|---|---|
| Stripe | Payment processing and subscription billing |
| Amazon Web Services (AWS) | Cloud infrastructure and data storage |
| Postmark / SendGrid | Transactional email delivery |
| Intercom / Crisp | In-app support chat |
| Sentry | Application error monitoring |
| Google Analytics | Aggregate website analytics |
An up-to-date list of sub-processors is available at contractorsledger.com/sub-processors.
4b. Business Transfers
If Contractor’s Ledger is involved in a merger, acquisition, asset sale, or bankruptcy, your data may be transferred to a successor entity. We will notify you by email and provide you 30 days to export or delete your data before any such transfer takes effect.
4c. Legal Obligations
We may disclose your information if required by a valid court order, subpoena, or government request, or if we believe disclosure is necessary to prevent fraud, illegal activity, or imminent harm to any person.
4d. With Your Consent
We may share your data with third parties when you have given us explicit, informed consent to do so.
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Active account data | Retained for the life of your account |
| Financial and transaction records | 7 years after account closure (to support tax and audit obligations) |
| Support communications | 3 years after resolution |
| Server and access logs | 90 days |
| Payment records | As required by Stripe and applicable law |
After the applicable retention period, data is securely deleted or anonymized. You may request earlier deletion subject to the exceptions in Section 6.
6. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request deletion of your account and associated data (subject to legal retention requirements)
- Portability — export your financial data in CSV or PDF format at any time from your account dashboard
- Restriction — ask us to limit how we process your data in certain circumstances
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
California residents (CCPA/CPRA): You have the right to know what personal information we collect and sell (we do not sell it), the right to delete, the right to correct, and the right to non-discrimination for exercising your rights.
EEA and UK residents (GDPR/UK GDPR): Our legal bases for processing are: contract performance (providing the Service), legitimate interests (security, fraud prevention, product improvement), legal obligation (tax and regulatory compliance), and consent (marketing communications).
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before fulfilling any request.
7. Data Security
We maintain a formal information security program described in detail on our Security page. Key measures include:
- All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- All data stored on our servers is encrypted at rest using AES-256.
- Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.
- We engage independent security firms to conduct annual penetration tests.
No system is perfectly secure. If we become aware of a data breach that affects your personal information, we will notify you at your account email within 72 hours of discovery, as required by applicable law.
8. Cookies and Tracking
We use the following categories of cookies:
| Category | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly necessary | Session management, authentication, CSRF protection | No (required for Service to function) |
| Analytics | Aggregate usage statistics via Google Analytics | Yes — via our cookie banner or browser settings |
| Preferences | Remembering your display settings and language | Yes — via account settings |
| Marketing | We do not currently use marketing or retargeting cookies | N/A |
You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using the Service.
9. Children’s Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted data to us, contact us at [email protected] and we will delete it promptly.
10. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email and display a prominent notice in the platform at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated Policy.
The version history of this Policy is available on request.
11. Contact Us
Privacy inquiries: [email protected]
Mailing address: Contractor’s Ledger, Inc. [Street Address] [City, State, ZIP]
For general questions, contact us at [email protected].