Last updated: 2025-09-09
Ledgentic AB ("Ledgentic", "we", "us") provides a business software service for accounts payable (the "Service"). This Privacy Policy explains how we handle personal data for:
* Visitors to our website (the "Site").
* Users and prospective users of the Service.
* People who contact us (e.g., demos, events, support).
Controller/Processor roles. For the Site and for your user/account data in the Service, we act as controller. For data we process on behalf of our customers inside the Service (e.g., invoice or supplier data uploaded by customers), we act as processor under a Data Processing Agreement (DPA).
Company details & contact.
Ledgentic AB,
556991-6421,
Ropgränd 40,
187 42
Täby, Sweden
Email: [email protected]
When we act as controller (our Site \+ your user/account for the Service):
* Contact & account data – name, work email, phone, job title, company, login details, preferences.
* Usage & device data – pages visited, buttons clicked, IP address, device/browser type, cookies, basic analytics, and audit logs related to your account activity.
Billing/admin – billing contact details and subscription/transaction records for our relationship with your company.
When we act as processor (data you or your company put into the Service):
AP documents & metadata – invoices, credit notes, purchase orders, goods receipts, coding, and posting data.
* Supplier/vendor master data – business names, addresses, tax IDs, and contact details (e.g., names/emails/phone numbers). Where a supplier is a sole trader, items like bank account/IBAN may be personal data.
* Attachments – files you upload or connect from your systems.
Sensitive data (special categories).
We do not need special-category data (e.g., health, biometric, union) and the Service is not intended to process it. Please do not include such data; if it is included contrary to our instructions, you are responsible for having a lawful basis and we may delete or restrict processing under the DPA.
We use data to:
* Provide and operate the Site and Service.
* Support you (onboarding, customer success, troubleshooting).
* Secure the Service (fraud/abuse detection, access logs).
* Improve and develop features (including using aggregated or de‑identified data).
* Communicate with you about the Service and send optional marketing (you can opt out anytime).
Comply with law and enforce our terms.
We do not sell personal data.
Depending on the context, we rely on:
Contract necessity (to provide the Service).
* Legitimate interests (product improvement, security, basic analytics, B2B outreach).
* Consent (e.g., certain cookies/marketing where required).
Legal obligation (e.g., tax/accounting, compliance).
We share personal data only with:
Service providers/sub‑processors who help us run the Site/Service (hosting, email, support, analytics). They act under contract and appropriate safeguards.
* Legal/Compliance – if required by law or to protect rights.
Business transfers – in connection with mergers, acquisitions, or similar events.
We do not sell personal data to third parties.
If we transfer personal data outside the EEA/UK, we use lawful safeguards such as European Commission Standard Contractual Clauses or rely on adequacy decisions, as applicable.
We keep personal data only as long as needed for the purposes above:
Account & support records – kept for the duration of your contract with us and for a short period afterward (e.g. for billing or legal purposes).
* System logs & usage data – retained for a limited period (up to 180 days) for security and diagnostics, then deleted or anonymised.
Customer financial records (invoices, POs, receipts, payment data) – stored in our systems only as long as needed to provide the Services and for the periods set out in our DPA. It is the Customer’s responsibility to export and retain records for the period required by applicable accounting/tax laws (for example, the Swedish Bokföringslagen* requires companies to keep accounting materials for 7 years).
When no longer needed, we delete or anonymize data.
We use reasonable technical and organizational measures to protect personal data. No system is 100% secure, but we work to prevent unauthorized access and will act as required by law if an incident occurs.
Subject to law, you can ask us to access, correct, delete, or export your personal data, and to object or restrict certain processing. To exercise rights, email [email protected]. We may verify your identity and will respond within the time required by law.
You also have the right to complain to a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY) – see imy.se.
We use cookies and similar technologies on the site. See our Cookie Policy for details and controls.
Our Service is for businesses and is not directed to children. We do not knowingly collect data from children.
We may update this policy from time to time. If changes are material, we will let you know by a notice on the Site or by email (where appropriate). The date at the top shows when it was last updated.
Questions or requests about this policy?
Email: [email protected]
Address: Ledgentic AB, Ropgränd 40, 187 42 Täby, Sweden