Privacy Policy

How Ledgit protects your financial data

Privacy Policy

Effective Date: October 2, 2025
Last Updated: October 2, 2025

Introduction

Ledgit (“we,” “our,” or “the app”) is a privacy-first expense and receipt tracking application for Android. This Privacy Policy explains how we collect, use, store, and protect your personal information.

Our Core Privacy Principle: Your financial data belongs to you. We design every feature with privacy as the foundation, not an afterthought.

Information We Collect

Information You Provide

When you use Ledgit, you create and store the following data locally on your device:

  • Expense Records: Amount, currency, description, category, date, and timestamps
  • Receipt Images: Photos or PDF documents you capture or share with the app
  • Receipt Metadata: Extracted text (OCR), vendor names, dates, amounts, tax information, and item details
  • Vault Information: Encrypted vault names and associated authentication keys
  • Location Data (Optional): Geographic coordinates for expenses, only if you explicitly enable location tagging
    • You can choose between approximate or precise location
    • Location tagging is disabled by default
    • Location data is stored locally only and never transmitted to external servers
  • Spending Periods: Budget periods, limits, and associated expense groupings
  • User Preferences: App settings, display preferences, and feature toggles

Automatically Generated Data

The app automatically generates the following data for security and functionality:

  • Encryption Keys: AES-256-GCM encryption keys stored in Android Keystore (hardware-backed, non-exportable)
  • Cryptographic Material: Initialization vectors (IVs), authentication tags, and encrypted record metadata
  • Processing Status: OCR processing states, categorization results, and enrichment status
  • Image Hashes: SHA-256 hashes for receipt deduplication
  • Thumbnails: Compressed WebP thumbnails generated from receipt images

Device Permissions

The app may request the following permissions:

  • Camera: To capture receipt photos
  • Biometric/Fingerprint: To unlock encrypted vaults (optional)
  • Internet: To download AI models via Google Play’s AI Delivery system
  • Notifications: To inform you of receipt processing status
  • Location (Approximate/Precise): Only if you enable expense location tagging
  • Bluetooth (BLE): For peer-to-peer encrypted vault sharing (opt-in, disabled by default)
  • Foreground Service (Data Sync): For background synchronization tasks

All runtime permissions require your explicit consent and can be revoked at any time through Android system settings.

How We Use Your Information

Local Processing Only

All expense data, receipt images, and extracted information are:

  • Processed entirely on your device using on-device ML models
  • Encrypted at rest using hardware-backed AES-256-GCM encryption
  • Never transmitted to our servers or third parties in plaintext form
  • Stored in encrypted vaults protected by Android Keystore

On-Device AI Features

The app uses the following on-device AI technologies:

  • ML Kit Text Recognition: For optical character recognition (OCR) on receipts
  • ML Kit Language Identification: For detecting receipt language
  • Google AI Core / Gemini Nano: For expense categorization and receipt data extraction (downloaded on-demand via Google Play)
  • ML Kit Translation: For multi-language support

Important: These AI features run entirely on your device. Receipt images and extracted text are never sent to external AI services or cloud providers.

Data Storage and Security

Encryption Architecture

Your data is protected by multiple layers of encryption:

  1. Database Encryption: SQLCipher with 16KB page size for the entire database
  2. Per-Record Encryption: Each expense record is individually encrypted with AES-256-GCM
  3. File Encryption: Receipt images stored as encrypted WebP files
  4. Hardware-Backed Keys: Encryption keys stored in Android Keystore, bound to your device’s Secure Element
  5. Biometric Protection: Optional biometric authentication required for vault access

Local Storage Only

  • All data is stored in your device’s private app storage
  • Receipt images are stored as encrypted files (never in the database)
  • Encrypted blobs are excluded from cloud backups
  • No external databases or cloud storage services are used

Network Security

  • No Tracking: No analytics SDKs, no telemetry, no third-party tracking services
  • TLS Only: Cleartext network traffic is explicitly disabled
  • Minimal Network Use: Internet connection only required for downloading AI models via Google Play
  • No Remote Servers: The app does not connect to proprietary backend servers for data storage or processing

Data Sharing and Third Parties

We Do Not Share Your Data

Ledgit does not:

  • Sell your personal information to third parties
  • Share your expense data with advertisers
  • Transmit receipt images or extracted text to cloud services
  • Use analytics or tracking SDKs
  • Send financial data to external servers

Third-Party Services

The app integrates with the following Google services:

  • Google Play AI Delivery: For downloading on-device AI models (Gemini Nano)
  • ML Kit (on-device): For text recognition, language detection, and translation
  • Android Keystore: For hardware-backed encryption key storage

These services are used for on-device processing only and do not transmit your expense data.

Peer-to-Peer Bluetooth Vault Sharing

The app supports optional peer-to-peer encrypted vault synchronization via Bluetooth Low Energy (BLE):

  • Opt-in only: BLE sync is disabled by default and requires explicit user action to enable
  • End-to-end encrypted: All vault data transmitted over BLE is encrypted with vault-specific keys
  • Local network only: BLE operates only between nearby trusted devices you explicitly pair
  • No cloud relay: Bluetooth sync happens directly between your devices without any server involvement
  • Device pairing: You control which devices can sync via QR code-based device pairing
  • Revocable trust: You can revoke trusted devices at any time from vault settings

When enabled, BLE permissions allow the app to discover and sync with your other paired devices for the same vault.

Your Data Rights

You Own Your Data

  • Full Access: You can view all stored expenses, receipts, and metadata within the app
  • Export: Future versions may include data export functionality
  • Deletion: You can delete individual expenses, receipts, or entire vaults at any time
  • Uninstall: Uninstalling the app permanently deletes all local data (cannot be recovered)

Biometric Data

If you enable biometric authentication:

  • Biometric templates (fingerprint, face) are managed by Android OS, not by our app
  • We never access or store your raw biometric data
  • We only receive authentication success/failure results from the system
  • Biometric keys are invalidated when you add/remove biometric enrollments

Location Data

If you enable the optional location tagging feature:

  • Opt-in Only: Location tracking is disabled by default
  • User Choice: You choose between approximate or precise location
  • Local Storage: Location coordinates are stored only on your device
  • No Transmission: Location data is never sent to servers or third parties
  • Revocable: You can disable location tracking at any time in app settings
  • Individual Control: You can remove location data from specific expenses

Children’s Privacy

Ledgit is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided information to the app, please contact us, and we will take steps to delete such information.

Data Retention

  • Active Data: Stored until you manually delete it
  • Encrypted Vaults: Persist until you delete the vault
  • Receipt Images: Stored as encrypted files until you remove them
  • Processing Cache: Temporary processing data is automatically cleared
  • Uninstall: All app data is permanently deleted when you uninstall the app

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • App functionality and features
  • Legal or regulatory requirements
  • Privacy best practices

When we make significant changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify users through an in-app message or prompt
  • Obtain consent for material changes that affect data use

Open Source and Transparency

Ledgit is committed to transparency:

  • The app’s source code is available for inspection
  • Security architecture is documented in the repository
  • Community contributions and security audits are welcome

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

  • Repository Issues: GitHub Repository
  • Email: Contact information available on the repository

This Privacy Policy is designed to comply with:

  • GDPR (General Data Protection Regulation) - EU
  • CCPA (California Consumer Privacy Act) - California, USA
  • Android Privacy Requirements - Google Play Store policies

By using Ledgit, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not use the app.

Summary: Ledgit is built privacy-first. Your financial data stays on your device, encrypted with hardware-backed keys. We don’t track you, we don’t sell your data, and we don’t send your receipts or expenses to external servers. You own your data, and we’re committed to keeping it that way.

Back to Home