GDPR Compliance
Last updated: 9/4/2025
LedgerOwl is committed to compliance with the General Data Protection Regulation (GDPR), which affects users in the European Union and the United Kingdom.
Our Commitment as a Data Processor
When you use our service to process your financial statements, you are the Data Controller, and LedgerOwl acts as the Data Processor. We process data on your behalf based on your instructions, which you provide when you upload a document for conversion.
Key GDPR Principles We Adhere To
- Lawfulness, Fairness, and Transparency: We process data only for the purpose of extracting transaction information as requested by you. Our process is transparent, and we do not use your data for any other purpose.
- Purpose Limitation: The data is used solely to provide you with a structured version of your financial statement. We do not repurpose it.
- Data Minimization: We have instructed our AI to specifically avoid extracting personally identifiable information (PII) like names and addresses, focusing only on the financial data points.
- Storage Limitation (Right to be Forgotten): We do not store your files or the extracted data. All data is processed in-memory and is immediately and irretrievably discarded after the processing is complete. Therefore, your "right to be forgotten" is fulfilled by default as we do not retain your data.
- Integrity and Confidentiality: We use encryption (TLS) for data in transit and run our services in a secure, isolated cloud environment. Please see our Data Protection page for more details.
- Data Portability: You can download your extracted data in common formats like CSV and JSON, which allows for data portability.
Data Breach Notifications
In the unlikely event of a data breach, we have procedures in place to notify relevant authorities and affected individuals as required by GDPR, although the risk is minimized as we do not store personal data post-processing.
Contact Us
If you have any questions about our GDPR compliance, please contact us.