Privacy Policy

This Privacy Policy explains how Pivot Software (Pty) Ltd ("we", "us", or "our") collects, uses, stores, and shares your personal information when you use the Ledge mobile application. This policy complies with the Protection of Personal Information Act, 2013 (POPIA) of South Africa.

1. Information We Collect

Account Information: When you register, we collect your email address and a securely hashed password.

Receipt Images: When you scan or upload a receipt, we collect the image file you provide.

Extracted Expense Data: After AI processing, we store the extracted data including store name, date, items, quantities, and totals.

Device Information: We may collect basic device information such as device type, operating system version, and app version for troubleshooting and analytics purposes.

Subscription Information: If you subscribe to Ledge Pro, we receive confirmation of your subscription status from RevenueCat (our subscription management provider). We do not collect or store your payment card details.

2. How We Use Your Information

We use your personal information for the following purposes:

To provide the Ledge service, including storing your receipts and displaying your expense data. To process your receipt images using AI (OpenAI) to extract expense information. To manage your account and authenticate your identity. To manage your subscription status through RevenueCat. To communicate with you about your account or changes to our services. To improve and maintain the app, including fixing bugs and improving performance.

3. Third-Party Data Processing

We share your data with the following third-party service providers:

OpenAI (United States): Your receipt images are sent to OpenAI's API for AI-powered data extraction. Only the receipt image and a processing prompt are sent. OpenAI does not use API data to train their models.

Amazon Web Services (United States / EU): Your receipt images and account data are stored on AWS infrastructure, including S3 for image storage and managed databases for structured data.

RevenueCat (United States): Manages subscription status and entitlements. Receives your anonymous app user ID and subscription events.

Resend (United States): Used for transactional emails such as password resets. Receives your email address when such emails are triggered.

4. Cross-Border Data Transfers

Your personal information may be transferred to and processed in countries outside of South Africa, including the United States. These transfers are necessary to provide the Ledge service. We take reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy and POPIA. By using Ledge, you consent to the transfer of your data to these jurisdictions.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Ledge service. If you delete your account, we will delete your personal information, including your receipt images, within 30 days. Some data may be retained for longer where required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit (HTTPS/TLS), secure password hashing, access controls on our cloud infrastructure, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

7. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights:

The right to be informed about what personal information we collect and how it is used. The right to request access to your personal information. The right to request correction of inaccurate personal information. The right to request deletion of your personal information. The right to object to the processing of your personal information. The right to withdraw your consent to processing at any time. The right to lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, please contact us at support@pivotsoftware.co.za.

8. Information Officer

In accordance with POPIA, our designated Information Officer can be contacted at:

Name: Kushail Singh

Email: support@pivotsoftware.co.za

Organisation: Pivot Software (Pty) Ltd

9. Children's Privacy

Ledge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document and notify you through the app or via email. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@pivotsoftware.co.za

Website: pivotsoftware.co.za