Privacy Notice
Last updated: June 17, 2026
1. Who we are
UpgradeOS Ledger is operated by Jiwoon Kang. We are the data controller for personal data processed through the Service. You can contact us at hello@upgradeosledger.com.
2. What we collect and why
| Category | Purpose | Legal basis |
|---|---|---|
| Account data (name, email, login credentials) | Account creation, authentication, providing the Service | Contract |
| Financial data you enter (accounts, transactions, budgets, goals, uploaded documents) | Operating the personal-finance features you asked for | Contract |
| AI chat content and AI memories | Personalizing the AI CFO and providing the assistant features | Contract |
| Support messages | Responding to your requests | Legitimate interests |
| Usage and telemetry, device identifiers, IP address | Security, fraud prevention, reliability, product improvement | Legitimate interests |
| Marketing emails (only if you opt in) | Product updates and announcements | Consent |
| Tax / billing records | Legal and tax obligations | Legal obligation |
3. Who we share with
- Paddle — our Merchant of Record, for selling subscriptions, processing payments, handling subscription management, tax compliance, and invoicing. Paddle is an independent controller for payment data it collects directly.
- Hosting and infrastructure providers — for running the Service, databases, and email delivery.
- AI model providers — chat messages and financial context sent to the AI CFO are processed by third-party AI providers to generate responses. These providers act as processors under our instructions and do not use your content to train their models.
- Analytics and support tooling — to understand how the Service is used and to respond to support requests.
- Professional advisers — legal, accounting, and audit advisers where reasonably necessary.
- Authorities — where required by law, court order, or to protect rights and safety.
4. International transfers
Some recipients are located outside your country of residence, including in the United States and the European Economic Area. Where required, we use appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions.
5. Retention
We keep personal data only as long as needed for the purposes above, or as required by law. When you delete records inside the Service they are first soft-deleted (recoverable from your settings) and then purged. If you close your account, we delete or anonymize your data within a reasonable period, except where we are required to keep it (for example tax records).
6. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, to withdraw consent, and to lodge a complaint with your local data-protection authority. Users in the UK / EEA have these rights under the UK GDPR and EU GDPR respectively and can expect a response within one month. To exercise any right, email hello@upgradeosledger.com.
7. Security
We use appropriate technical and organizational measures — including encryption in transit, access controls, audit logs, and isolation of sensitive data — to protect personal data against unauthorized access, alteration, disclosure, or destruction.
8. Cookies
We use a small number of essential cookies for authentication and security. We do not use advertising cookies. If we add analytics or marketing cookies later, we will update this notice and provide a way for you to manage preferences.
9. Children
The Service is not directed to children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes
We may update this notice. Material changes will be communicated through the Service or by email.