Legal

Privacy Policy

Last updated: 01/01/2026

This Privacy Policy explains how AccessLedger ("Service") collects, uses, and protects personal data. The Service is operated by Sole Proprietor Vityuk V.G., tax ID 3225423979 ("we", "us", "our").

1. Information We Collect

We collect only the data necessary to operate the Service.

1.1 Account Information

  • Name
  • Email address
  • Authentication identifiers (via Supabase Auth)

1.2 Customer-Provided Data

When using the Service, you may provide:

  • Names and email addresses of employees, contractors, or vendors;
  • Access-related metadata (resources, access level, expiry dates, owner).

1.3 Technical Data

  • IP address
  • Browser and device information
  • Log and usage data (for security and reliability)

2. How We Use Personal Data

  • Provide and operate the Service;
  • Send transactional emails (access reminders, alerts, confirmations);
  • Maintain security and prevent abuse;
  • Comply with legal and tax obligations.

We do not sell personal data.

3. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contractual necessity (providing the Service);
  • Legitimate interests (security, service improvement);
  • Legal obligations (billing, compliance);
  • Consent, where required.

4. Data Processors and Subprocessors

We use trusted third-party providers strictly for Service operation, including:

  • Supabase - authentication, database, and hosting;
  • Payment provider - payments and billing (merchant of record);
  • Resend - transactional email delivery;
  • Internal automation services (self-hosted n8n) - notification and workflow processing

All processors comply with applicable data protection regulations.

5. Data Retention

We retain personal data only for as long as necessary:

  • while your account is active;
  • as required to comply with legal, accounting, or audit obligations.

You may delete data manually within the Service or request deletion.

6. Data Subject Rights (GDPR)

If you are located in the EU/EEA, you have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • request deletion ("right to be forgotten");
  • restrict or object to processing;
  • request data portability.

Requests can be sent to help@access-ledger.com.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • encrypted connections (HTTPS);
  • role-based access controls;
  • restricted access to production systems.

No system is 100% secure, but we take reasonable steps to protect data.

8. International Data Transfers

Personal data may be processed outside your country of residence, including within the EU and other jurisdictions, in accordance with applicable data protection laws.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published within the Service or on our website.

11. Contact Information

For privacy-related questions or requests, contact us at:

Email: help@access-ledger.com