Ledgerly.
Sign in Start free trial
Legal · POPIA

Privacy Policy

Last updated: 24 April 2026

This policy explains how Ledgerly (“Ledgerly”, “we”, “us”) collects, uses, stores and protects your personal information. It is written to comply with South Africa's Protection of Personal Information Act, 4 of 2013 (POPIA).

1. Who we are

Ledgerly operates the SaaS platform at ledgerly.net.za that provides bookkeeping, accounting, and SA tax compliance tooling to registered bookkeeping and accounting firms.

Information Officer: the Information Officer is the person appointed by Ledgerly under section 55 of POPIA. You can contact them at privacy@ledgerly.net.za for any request relating to your personal information.

2. What information we collect

We collect and process these categories of personal information:

  • Account data: name, work email, password (hashed), role, firm name.
  • Client data you enter: your clients' business name, trading details, financial records, tax numbers, bank and invoicing information — as processed on their behalf.
  • Billing data: subscription tier, invoice history. Card details are never stored by Ledgerly — they are handled and tokenised entirely by Yoco.
  • Technical data: IP address, browser/user-agent, session cookies, timestamps of logins, and audit-trail records of changes you make.
  • Communications: emails you send to our support address.

3. Lawful basis for processing

We rely on these POPIA justifications (s11):

  • Contract: to provide the Service you signed up for.
  • Legal obligation: to keep tax, VAT, and accounting records as required by SA law (SARS, Companies Act, Tax Administration Act).
  • Legitimate interest: to secure the platform, prevent fraud, and improve the Service.
  • Consent: for optional activities (e.g. marketing emails — opt-in only).

4. How we use your information

  • To create, authenticate, and operate your account.
  • To store, process and display bookkeeping and accounting records.
  • To generate reports, financial statements, and SA tax forms.
  • To send you transactional emails (invoices, trial-end reminders, password resets).
  • To bill you via Yoco for your monthly subscription.
  • To investigate security incidents and enforce our Terms of Service.

We do not sell your data. We do not use your client data for training machine-learning models.

5. Who we share information with

We only share personal information with these categories of recipients:

  • Yoco Technologies (Pty) Ltd — our payment processor. Receives your billing contact details and payment-card information you enter into their hosted checkout.
  • Our hosting provider and SMTP email relay — to run the platform and deliver transactional email.
  • SA authorities — SARS, CIPC, the Information Regulator, or a court of competent jurisdiction, where we are legally compelled.
  • Professional advisors — legal, accounting, under strict confidentiality.

Every operator (processor) we use is bound by a written agreement that requires them to protect your information to the same standard we do, as required by POPIA s21.

6. Where your data is stored

Ledgerly data is stored on infrastructure located in South Africa where practical. Certain operators (e.g. some email delivery providers) may process limited data outside the Republic; where that happens we only use providers that offer protection substantially similar to POPIA (POPIA s72).

7. Your rights under POPIA

As a data subject you are entitled to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is wrong or outdated.
  • Deletion — ask us to delete your information (subject to our legal record-keeping obligations).
  • Objection — object to processing based on legitimate interest, or to direct marketing.
  • Withdraw consent — where we process on the basis of consent.
  • Complain to the Regulator — the Information Regulator of South Africa (inforegulator.org.za).

To exercise any of these rights, email privacy@ledgerly.net.za. We will respond within 30 days.

8. Retention

We keep your account and financial records for as long as your subscription is active, and for at least 5 years after closure to comply with SA tax and companies-law record-keeping rules. After the retention period expires we delete or de-identify the data.

9. Security

We take reasonable technical and organisational measures to protect your information against loss, misuse and unauthorised access — including TLS in transit, encrypted database storage, hashed passwords, per-firm data isolation, audit logging, and role-based access control. No system is perfectly secure; if a security breach affects your personal information we will notify you and the Information Regulator as required by POPIA s22.

10. Children

Ledgerly is a B2B product for registered firms. It is not directed at, or intended for use by, children under 18.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email. The “Last updated” date at the top reflects the most recent revision.

12. Contact

Information Officer
Ledgerly
Email: privacy@ledgerly.net.za

See also: Terms of Service · Cookies