Privacy policy
Last updated: July 2026
SoloLedger is operated by Hiurda's Holistic Agency. We do not run a ledger database: your invoices, expenses, receipts, and business settings live in your own Google Sheets and Google Drive. We process only the minimum data needed to sign you in, sync with Google, and manage your subscription.
Your business data stays in Google
When you use SoloLedger, financial records are written to a spreadsheet and folders in your Google account — not to a SoloLedger-owned database. This includes invoice and expense rows, counters, business profile settings, receipt files, invoice PDFs, and optional logo uploads. You can open, export, copy, or delete this data directly in Google Sheets and Google Drive at any time.
Minimal data on our servers
To operate the service we store a small amount of account metadata on our servers: • Your email address and Google spreadsheet ID (to route API requests to the correct workbook) • Encrypted Google refresh tokens (only if you create API keys for machine access) • Hashed API key records (label, prefix, creation date — never the full secret after creation) • Subscription status linked to your email (plan tier and Stripe identifiers) We do not store your invoice lines, expense rows, receipt files, or tax calculations on our servers.
Sign-in and Google OAuth
Sign-in uses Google OAuth. We request access to your Google profile (name, email), Google Sheets, and Google Drive files created or opened by SoloLedger. Session cookies hold an encrypted token so you stay signed in between visits. Google OAuth tokens used for sync are kept in that encrypted session cookie and are not exposed to browser JavaScript. You can revoke SoloLedger's access at any time in your Google Account security settings.
Payments
Paid plans are processed by Stripe. We receive your email and subscription status from Stripe; card details are handled entirely by Stripe and never touch our servers.
Optional Gemini features
Receipt OCR and tax chat are optional. If you add a Gemini API key, it is stored encrypted in your Google Sheet settings tab. When you scan a receipt or use tax chat, the request goes from our server to Google using your key — we do not send receipt images to a SoloLedger-owned AI service.
Contact messages
If you use the in-app contact form, we receive the message you send (including your account email) and forward it to our support inbox. We use Cloudflare Turnstile when configured to reduce spam.
Retention and deletion
Your business records remain in Google until you delete them. Server-side account metadata (tokens, API key hashes, subscription records) is removed when no longer needed to provide the service or when you ask us to delete your account. Revoking Google access or canceling your subscription stops further sync; data already in your Google account stays under your control.
Your rights
Depending on where you live, you may have rights to access, correct, or delete personal data we process. Because most of your business data is in your Google account, you can manage it there directly. For questions or deletion requests about data we hold on our servers, contact us via the address in your account settings or on your invoice.
Changes
We may update this policy when the product or legal requirements change. The date at the top of this page shows when it was last revised.
This policy is provided for transparency. It does not constitute legal advice.