Privacy Policy

Last updated: 2026-05-21

Bytecode Ledger (“the app”) is operated by Bytecode Technologies Ltd. (“we”, “us”). This policy describes what data the app and this website collect, how it is used, who it is shared with, and your rights as a user.

1. Data we collect

Account data

When you create an account, we collect and store:

• Email address
• Display name (optional, defaults to “Anonymous”)
• A salted, hashed version of your password using an industry-standard algorithm (the plaintext password is never stored or logged)
• If you sign in with Apple: the Apple-provided subject identifier and the email Apple chooses to share with us (real or relay address)
• Passkey credentials and biometric public keys (public-key cryptography only, no biometric template ever leaves your device)

Financial data you enter or import

• Accounts (bank name, last four digits, currency, user-given label)
• Transactions (date, amount, description, category, optional external identifier from the parser)
• Bank statement PDFs you upload, the parsed text extracted from them, and the import job metadata (file SHA-256, status, parser-detected period and last-four)
• Invoices (customer details, line items, taxes, payments, attachments)
• Saved invoice items, tax presets, and templates
• Categories and notes you create

Address data

When you use address autocomplete (for customer or sender addresses on an invoice), the search text is sent to our own geocoder service. We do not retain individual address-search queries beyond operational logs (typically 30 days).

Technical data

• IP address, device model, OS version, app version, and request timestamps in our server logs
• DPoP key bindings used to prevent token theft (these are public keys generated and stored on your device)

2. How we use your data

• Authentication. Verifying it's you when you log in, refreshing tokens, and issuing access scoped to the APIs your account is allowed to call.
• Operating the app. Storing, displaying, and computing over your transactions, invoices, and statements so the app can show you balances, spending breakdowns, and invoice totals.
• Parsing PDFs. Extracting structured rows from the bank statement PDFs you upload, so you don't have to enter transactions manually.
• Sending email. Sending you account-verification, password-reset, and invoice emails you explicitly request.
• Debugging and abuse prevention. Server logs are used only to investigate incidents, never for advertising or profiling.

We do not sell your data, do not use it for advertising, and do not share it for analytics with third-party trackers. The app has no third-party analytics SDKs.

3. Third-party processors

We use the following processors to operate the service. Each receives only the data necessary for its function:

• A third-party AI service for PDF parsing. The text extracted from bank-statement PDFs you upload is sent to this service for the sole purpose of returning structured transaction rows. We choose providers whose terms prohibit using submitted content to train their models. The specific provider may change over time; email [email protected] for the current provider.
• Apple Inc. If you use Sign in with Apple, your sign-in flows through Apple and Apple may share an email relay address with us.
• Apple Push Notification service (if you opt into notifications). Receives device tokens; payloads carry no sensitive financial data.
• Email transport. Outbound transactional emails are relayed through Apple iCloud SMTP from a [email protected] address.

All other data (databases, file storage, search) runs on infrastructure operated by Bytecode Technologies Ltd. and is not exposed to third parties.

4. Where data is stored

All persistent data is stored on servers we operate in Canada. PDFs are stored in our own object storage with encryption at rest. We use TLS for all data in transit. Access to the production database is restricted to authenticated service accounts.

5. Retention

• Account, transaction, invoice, and statement data: retained as long as your account exists. When you delete your account, this data is removed immediately as part of the deletion.
• Server logs: rotated after 30 days unless retained for an active incident investigation.
• Import job rows and uploaded PDFs: deleted on commit (the parsed transactions are kept; the PDF and intermediate rows are removed).

6. Your rights

You can, at any time:

• View and edit any data the app shows you (in-app)
• Delete individual records (in-app)
• Delete your entire account from the app: Profile, then Delete Account. This permanently removes your login, all linked sign-in methods, and every transaction, invoice, statement, and uploaded file tied to your account. The action is immediate and cannot be undone.
• Request a full export of your data by emailing [email protected]

These rights apply regardless of where you live. If you are in a region with a specific data-protection framework, such as the EEA or UK under the GDPR or California under the CCPA, we honour the access, correction, deletion, and portability rights those laws provide. Email [email protected] to exercise them, and we do not discriminate against you for doing so.

7. This website

Separately from the app, this marketing website (ledger.bytecode.ca) collects data only when you actively submit it:

• Contact form. If you use the contact form, the name, email, and message you provide are delivered to our team by email and used only to respond to you.

The website uses no advertising or analytics cookies and no third-party trackers. This data is not sold or shared for marketing.

8. Children

Bytecode Ledger is not directed to children under 13 and we do not knowingly collect data from them.

9. Changes

Material changes to this policy will be reflected by updating the “Last updated” date above and, for significant changes, by an in-app notice or email before the change takes effect.

10. Contact

Questions, requests, or complaints: [email protected]