1. Overview and scope
This Privacy Policy explains what information Line Ledger, Inc. (“LineLedger,” “we,” “us”) collects when you visit our website at lineledger.org (the “Site”), how we use and share it, and the choices and rights you have. LineLedger is operated from British Columbia, Canada.
This Policy covers the Site only. It is a marketing and documentation website with two interactive features: a contact form and a public feature-request board.
2. We never see your accounting data
LineLedger is free, open-source software that you download and run on infrastructure you control. We operate no hosted service. There is no account to create, no subscription, and no server of ours that your books ever touch.
That means we do not collect, receive, store, or have any means of accessing your ledgers, invoices, contacts, documents, payroll records, tax identifiers, or bank details. When you install LineLedger, you become the controller of the data it processes, and you are responsible for your own privacy practices, disclosures, and obligations toward the people whose data you record.
If the software sends data anywhere — for example to an AI provider, if you switch on the optional bank-statement import or Business Q&A features — it does so from your server, under credentials you supply, to a provider you have chosen. That traffic never passes through us and is governed by that provider’s terms, not this Policy.
3. Information the site collects
- Contact form. Your name, email address, and the message you write. We email it to ourselves so we can reply.
- Feature-request board. Your name, email address, and the title and description of your request. Requests are confirmed by a double opt-in email before they appear. The board is public: the name and text you submit are visible to everyone. Your email address is not published.
- Votes. A random, non-identifying device identifier stored in a cookie (
ll_device), so the same browser cannot vote twice on one request. - Rate-limiting and abuse prevention. Your IP address, stored briefly against form submissions and votes, so a single source cannot flood the board.
- Bot protection. Cloudflare Turnstile runs on both forms and receives limited technical signals from your browser to distinguish humans from bots.
- Usage and device data. IP address, browser and device type, operating system, pages visited, timestamps, and referrer — collected to operate, secure, and understand traffic to the Site.
We do not ask for, and have no use for, any payment information. There is nothing to buy.
4. How we use information
We use the information above to:
- Reply to messages you send us.
- Operate the feature-request board, confirm submissions, and keep voting honest.
- Detect, investigate, and prevent spam, abuse, and security incidents.
- Analyze traffic in aggregate to understand which pages are useful and prioritize improvements to the software.
- Comply with legal obligations and enforce our Terms.
Where Canadian privacy law applies, we rely on a combination of your consent (express or implied), performance of our contract with you, and our legitimate interests in operating the Site securely and lawfully.
5. Cookies and analytics
The Site uses Google Analytics to understand aggregate visitor traffic — for example which pages are most visited. Google Analytics sets its own cookies and processes data under Google’s terms. We do not use it to serve advertising, and there is no advertising or cross-site tracking on the Site.
The Site also sets one strictly-functional cookie, described in section 3: ll_device, for vote de-duplication.
The LineLedger application ships with no third-party analytics of any kind. Once you install it, nothing reports back to us.
You can block or delete cookies through your browser settings. We treat Global Privacy Control (“GPC”) signals as a valid opt-out request where required by applicable law.
6. How we share information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
We share information only as described below:
- Service providers. A small set of third parties help us run the Site: Resend (transactional email for contact replies and request confirmations), Cloudflare (Turnstile bot protection), Google Analytics (aggregate traffic measurement), and our cloud hosting and infrastructure provider. Each is bound by confidentiality and data-protection obligations and may use the information only to provide services to us.
- Publicly, on the request board. The name and text of a confirmed feature request are published. Do not put anything confidential in one.
- Legal compliance and safety. We may disclose information if we believe in good faith that disclosure is required by law (for example, in response to a valid subpoena or court order) or is necessary to protect the rights, property, or safety of LineLedger, our users, or the public.
- Business transfers. If LineLedger is involved in a merger, acquisition, financing, or sale of assets, information held about Site visitors may be transferred as part of that transaction.
- With your consent. We will share information for any other purpose only with your consent.
7. International data transfers
Some of the providers that support the Site — for example Resend, Cloudflare’s global network, and Google Analytics — may process limited information in the United States or other countries outside Canada.
Where information is processed outside your jurisdiction, the laws governing data protection may differ from those in your home jurisdiction. We use contractual and technical safeguards designed to provide a comparable level of protection consistent with applicable privacy law, including Canada’s federal Personal Information Protection and Electronic Documents Act (“PIPEDA”), and, for transfers of data subject to it, standard contractual clauses.
8. Data retention
Contact-form messages are retained in our email for as long as needed to handle your enquiry and keep a reasonable record of correspondence. Feature requests and their associated email addresses are retained while the board is active; unconfirmed requests and their tokens expire and are purged. IP addresses recorded for rate limiting are retained only briefly. Analytics data is retained according to the retention period configured in Google Analytics.
You may ask us to delete a feature request you submitted, or any message you sent us, at any time — see section 11.
9. Security
We use reasonable technical and organizational measures to protect the limited information the Site holds, including encryption in transit (TLS), access controls, and the principle of least privilege. You can read more on our Security page. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If we become aware of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the appropriate regulators (such as the Office of the Privacy Commissioner of Canada) as required by applicable law, and keep records of breaches as the law requires.
The security of the LineLedger installation you run is your responsibility. See the Security page for how to report a vulnerability in the software itself.
10. Children
The Site is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Your privacy rights — Canada
If you are in Canada, you have rights under PIPEDA and, depending on your province, the BC Personal Information Protection Act (“BC PIPA”), Alberta PIPA, or Quebec’s Act respecting the protection of personal information in the private sector (commonly called Law 25). These rights include:
- Access. You can ask what personal information we hold about you.
- Correction. You can ask us to correct inaccurate or incomplete information.
- Withdrawal of consent. You can withdraw consent to our processing, subject to legal or contractual restrictions.
- Complaint. You can complain to the Office of the Privacy Commissioner of Canada or to your provincial regulator (for example, the Office of the Information and Privacy Commissioner for BC).
Quebec residents have additional rights, including the right to data portability and the right to be informed of any decision based exclusively on automated processing that produces legal effects. We do not use automated decision-making with legal effects on individuals.
12. Your privacy rights — United States
If you are a resident of California, the California Consumer Privacy Act, as amended by the CPRA (“CCPA”), gives you the following rights:
- Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
- Right to delete personal information we have collected from you, subject to certain exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. As stated above, we do not sell or share personal information for behavioral advertising.
- Right to non-discrimination for exercising any of these rights.
Categories of personal information we have collected in the past 12 months, by CCPA category, include: identifiers (name, email, IP address) and internet or network activity (logs, pages visited, referrer). We collect this information from you directly and from your interactions with the Site. We do not collect sensitive personal information.
You may use an authorized agent to submit a request on your behalf. We will verify requests using information we already have, such as control of the email address used to submit a request.
If you are a resident of another US state with a comprehensive privacy law — for example Virginia, Colorado, Connecticut, Utah, or Texas — you have similar rights to access, correct, delete, and (where applicable) opt out, and you can exercise them through the same contact below.
We do not respond to browser “Do Not Track” signals because no consistent industry standard exists, but we honor Global Privacy Control signals where required by applicable law.
13. How to exercise your rights
To exercise any of the rights above, email [email protected] with the subject line “Privacy request” and tell us what you would like us to do. We will respond within the timelines required by applicable law (generally 30 days for PIPEDA requests and 45 days for CCPA requests, extendable as permitted by law). We may need to verify your identity before acting on your request.
14. Changes to this policy
We may update this Policy from time to time. When we do, we will post the revised Policy here and update the “Last updated” date above.
15. Contact
Questions, concerns, or privacy requests? Our Privacy Officer can be reached at [email protected], or write to us at:
Line Ledger, Inc.
205 – 50 Lonsdale Ave
Office #2404
North Vancouver, BC V7M 2E6
Canada