Privacy Policy

Aperim Pty Ltd (ABN 46 150 699 737) trading as Ledgerprise ("we", "us", "our", or "Ledgerprise") is committed to protecting your privacy and personal information. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as applicable international privacy regulations including the General Data Protection Regulation (GDPR) for users in the European Economic Area.

This Privacy Policy explains how we collect, use, disclose, store, and otherwise handle your personal information when you:

• Visit our website at ledgerprise.com or any of our subdomains
• Use our budget management platform and related services
• Communicate with us via email, phone, or other channels
• Register for a waitlist, newsletter, or promotional materials
• Apply for employment or contractor positions with us

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

In this Privacy Policy:

• "Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in material form or not.
• "Sensitive Information"means personal information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health information, or criminal record.
• "Services" means the Ledgerprise budget management platform, website, mobile applications, and any related services we provide.
• "User"or "you" means any individual who accesses or uses our Services.
• "Organization" means a company, business, government agency, or other entity that uses our Services.

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: When you create an account, we collect your name, email address, job title, organization name, and password.
• Profile Information: Your profile photo, timezone preferences, notification preferences, and any other information you choose to add to your profile.
• Financial Data: Budget data, cost codes, approval workflows, and other financial information you enter into the platform. Note: We do not collect or store payment card details directly; payment processing is handled by our third-party payment processor.
• Communications: Information you provide when contacting our support team, responding to surveys, or participating in promotions.
• Waitlist Information: If you join our waitlist, we collect your name and email address.

3.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type and version, unique device identifiers, and mobile network information.
• Log Data: IP address, access times, pages viewed, features used, referring URL, and other system activity.
• Usage Data: Information about how you interact with our Services, including features used, time spent, and navigation patterns.
• Location Data: General location derived from your IP address (country and city level). We do not collect precise geolocation data.

3.3 Information from Third Parties

We may receive information about you from third parties, including:

• Organization Administrators: If your organization uses Ledgerprise, your administrator may provide your contact information and assign you roles and permissions.
• Integration Partners: If you connect third-party services (such as accounting software or SSO providers), we may receive information from those services as authorized by you.
• Analytics Providers: We use analytics services that may provide aggregated or anonymized data about user behavior.

We collect information through various means:

• Direct Collection: Through forms, account registration, and direct communications with you.
• Automated Collection: Through cookies, web beacons, pixels, and similar tracking technologies when you use our Services.
• Third-Party Sources: From integration partners, organization administrators, and service providers who assist us in operating our Services.

We only collect personal information by lawful and fair means. Where practicable, we collect personal information directly from you. In some cases, we may collect information from third parties where you have consented to such collection or it is otherwise permitted by law.

We use your personal information for the following purposes:

5.1 Providing and Improving Our Services

• Creating and managing your account
• Providing access to the Ledgerprise platform and its features
• Processing and recording budget data, approvals, and audit trails
• Generating reports and analytics you request
• Improving and developing new features based on usage patterns
• Personalizing your experience and content

5.2 Communications

• Sending service-related notifications (e.g., approval requests, system alerts)
• Responding to your inquiries and support requests
• Sending administrative messages about updates to our terms or policies
• With your consent, sending marketing communications about new features and promotions

5.3 Security and Compliance

• Protecting the security and integrity of our Services
• Detecting, preventing, and addressing fraud, security issues, or technical problems
• Maintaining audit trails as required by law or our enterprise customers
• Complying with legal obligations and responding to lawful requests

5.4 Business Operations

• Analyzing trends and usage to improve our Services
• Conducting research and development
• Managing our relationship with you and your organization
• Processing payments and managing subscriptions

We process your personal information based on one or more of the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you or your organization, such as providing access to the platform and maintaining your account.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring security, provided these interests do not override your rights.
• Legal Compliance: Processing necessary to comply with our legal obligations, such as maintaining audit records or responding to lawful government requests.
• Consent: Processing based on your explicit consent, such as receiving marketing communications. You may withdraw consent at any time.

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

7.1 With Your Organization

If you use Ledgerprise through your organization, your organization's administrators may access your activity, profile information, and budget data as permitted by your organization's subscription.

7.2 With Service Providers

We share information with trusted third-party service providers who assist us in operating our Services, including:

• Cloud hosting providers (for secure data storage)
• Email service providers (for transactional and marketing emails)
• Payment processors (for subscription billing)
• Analytics providers (for usage analysis)
• Customer support platforms (for managing support inquiries)

These providers are contractually obligated to protect your information and may only use it to provide services to us.

7.3 For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

• Comply with applicable laws or legal proceedings
• Protect the rights, property, or safety of Ledgerprise, our users, or others
• Enforce our terms of service or other agreements
• Detect, prevent, or address fraud or security issues

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and any choices you may have.

7.5 With Your Consent

We may share your information in other circumstances where you have given us explicit consent.

Ledgerprise is headquartered in Australia, and our primary servers are located in Australia. However, we may transfer your personal information to service providers in other countries, including the United States and other jurisdictions.

When we transfer personal information internationally, we ensure appropriate safeguards are in place:

• We only transfer data to countries that provide an adequate level of data protection, or
• We implement Standard Contractual Clauses approved by relevant data protection authorities, or
• We rely on binding corporate rules or other appropriate transfer mechanisms

For users in the European Economic Area, we comply with GDPR requirements for international transfers. For Australian users, we comply with APP 8 requirements regarding cross-border disclosure.

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices consider:

• Account Data: Retained while your account is active and for 7 years after account closure for legal and audit purposes.
• Budget and Financial Data:Retained according to your organization's data retention settings, with a minimum of 7 years to comply with financial record-keeping requirements.
• Audit Logs: Retained for a minimum of 7 years to support compliance and audit requirements.
• Communication Records: Retained for 3 years from the date of communication.
• Marketing Preferences: Retained until you opt out or withdraw consent.

When data is no longer needed, we securely delete or anonymize it. Anonymized data may be retained indefinitely for statistical and analytical purposes.

We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

10.1 Technical Safeguards

• Encryption of data in transit using TLS 1.3
• Encryption of data at rest using AES-256
• Cryptographic signing of audit records using Ed25519
• Regular security assessments and penetration testing
• Multi-factor authentication for user accounts
• Role-based access controls with principle of least privilege
• Regular security patching and system updates

10.2 Organizational Safeguards

• Employee background checks and confidentiality agreements
• Regular security awareness training for all staff
• Incident response procedures and breach notification protocols
• Regular review of access permissions
• Physical security measures for our facilities

10.3 Data Breach Response

In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify you and relevant regulatory authorities as required by applicable law. In Australia, we comply with the Notifiable Data Breaches scheme under the Privacy Act.

You have certain rights regarding your personal information. The specific rights available to you may depend on your location and applicable laws.

11.1 Rights Under Australian Law

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate, incomplete, or outdated personal information.
• Complaint: Make a complaint about our privacy practices.
• Anonymity: In some cases, interact with us without identifying yourself.

11.2 Additional Rights Under GDPR (EEA Users)

If you are located in the European Economic Area, you also have the right to:

• Erasure: Request deletion of your personal information in certain circumstances.
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Receive your personal information in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Automated Decision-Making: Not be subject to decisions based solely on automated processing.

11.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

Note that some rights may be limited where we have overriding legitimate grounds or legal obligations. If we cannot fulfill your request, we will explain why.

We use cookies and similar tracking technologies to enhance your experience on our website and Services. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can manage your cookie preferences through your browser settings or through the cookie consent tool on our website. Note that disabling certain cookies may affect the functionality of our Services.

Our Services are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately at [email protected].

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Ledgerprise. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Services.

We are not responsible for the privacy practices or content of third-party services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on our Services
• For significant changes, we may seek your explicit consent where required by law

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any changes constitutes acceptance of the updated policy.

If you have a complaint about how we handle your personal information, please contact our Privacy Officer first at [email protected]. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the relevant supervisory authority:

• Australia: Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
• European Union: Your local data protection authority. A list is available at edpb.europa.eu
• United Kingdom: Information Commissioner's Office (ICO) at ico.org.uk

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
Aperim Pty Ltd trading as Ledgerprise
ABN: 46 150 699 737
Email: [email protected]

For General Inquiries:
Email: [email protected]
Website: www.ledgerprise.com