SmartOps Ledger
For Business
Freelancers

Features

InvoicingAccounting reportsAutomations
Pricing
Learn & Support
Getting startedChat supportFAQs

Privacy Notice for SmartOps Ledger

Effective Date: May 29, 2026
Last Updated: May 29, 2026

SmartOps Ledger LLC ("Company," "we," "us," or "our") operates the SmartOps Ledger software-as-a-service platform (the "Service"). This Privacy Notice explains how we collect, use, disclose, and protect your personal information when you use our Service.

Company Information:

SmartOps Ledger LLC

[Your Registered Agent Address in Delaware]

[Your Business Email]

[Your Business Phone Number]

1. Data We Collect

We collect several categories of personal information to provide and improve our Service.

1.1 Information You Provide Directly

CategorySpecific Data PointsLegal Basis (GDPR)
Account InformationFull name, email address, password (hashed), business name, business address, phone numberContract performance
Billing InformationPayment method details (processed directly by Stripe - we do not store full payment credentials), subscription plan choice, billing addressContract performance
Organization DataOrganization name, team member email addresses and roles, business tax ID (if provided)Contract performance
Client DataClient names, email addresses, phone numbers, billing addresses (for invoice recipients)Contract performance
Invoice DataInvoice amounts, descriptions, due dates, status (paid/unpaid), payment history, line itemsContract performance
Automation RulesTrigger configurations, action settings, conditions you defineContract performance
CommunicationsMessages sent through our support channels, feedback, feature requestsLegitimate interest

1.2 Information Collected Automatically

CategorySpecific Data PointsPurpose
Usage DataPages visited, features used, time spent, click paths, automation execution logsService improvement, analytics
Device InformationIP address, browser type, operating system, device identifiersSecurity, fraud prevention, analytics
Log DataAccess times, error logs, API request/response metadataTroubleshooting, performance monitoring

1.3 Information from Third Parties

SourceData ReceivedWhen
StripePayment status, subscription status, invoice payment confirmation, customer IDAfter payment processing
Authentication ProvidersEmail address, name (if you use OAuth login)During account creation/sign-in

1.4 Special Note on Client Data

When you add clients to SmartOps Ledger and send them invoices, you are providing us with their personal information (name, email). You are the data controller for your client data, and we are the data processor acting on your instructions. You are responsible for:

  • Having a legal basis to share your clients' information with us
  • Providing your clients with appropriate notice about your use of SmartOps Ledger
  • Responding to your clients' data subject requests

2. How We Use Your Data

2.1 Core Service Operations

PurposeLegal Basis (GDPR)Data Used
Create and manage your accountContract performanceAccount information
Process subscription paymentsContract performanceBilling information (via Stripe)
Send invoices to your clientsContract performanceClient data, invoice data
Track invoice status and automate follow-upsContract performanceInvoice data, automation rules
Manage team access to your organizationContract performanceOrganization data
Provide customer supportLegitimate interestCommunications, usage data

2.2 Service Improvement & Security

PurposeLegal Basis (GDPR)Data Used
Monitor and analyze usage patternsLegitimate interestUsage data, device information
Detect and prevent fraud or abuseLegal obligation (fraud laws)Log data, IP addresses
Troubleshoot technical issuesContract performanceLog data, error reports
Improve features and user experienceLegitimate interestUsage data, feedback

2.3 Communications & Marketing

PurposeLegal Basis (GDPR)Data Used
Send service updates and security noticesContract performanceAccount email
Send billing-related communicationsContract performanceAccount email
Send marketing communications (new features, tips)Consent (opt-in required for EU users)Account email
Request feedback or reviewsLegitimate interest (opt-out available)Account email

2.4 Legal Compliance

PurposeLegal Basis (GDPR)Data Used
Comply with tax and accounting lawsLegal obligationBilling information, invoice data
Respond to lawful requests from authoritiesLegal obligationRelevant data as required
Enforce our Terms of ServiceLegitimate interestAccount, usage, and organization data

3. How We Share Your Data

3.1 Third-Party Service Providers (Sub-Processors)

We share your data with the following third parties to operate our Service:

ProviderData SharedPurposeLocationGDPR Safeguard
Stripe, Inc.Customer ID, email, subscription details, payment method token, invoice amountsPayment processing, subscription management, invoice payment collectionUSAEU-US Data Privacy Framework certified
Vercel Inc.All data processed through our application (account, client, invoice, automation data)Application hosting, serverless functions, deploymentUSAEU-US Data Privacy Framework certified + SCCs
Neon, Inc. (or your PostgreSQL provider)All data stored in your database (users, organizations, invoices, clients, automations)Database hostingUSA (or specified region)SCCs + encryption at rest
Resend / SendGrid / AWS SES (if applicable)Email addresses of your clients (for invoice delivery), your account emailEmail delivery for invoices and notificationsUSASCCs

3.2 When You Explicitly Instruct Us

  • Invoice Recipients: When you send an invoice to a client via SmartOps Ledger, we share the invoice details (amount, due date, description, payment link) with your client via email.
  • Team Members: When you add members to your organization, those members can access organization data (invoices, clients, automations) according to their assigned role (Owner, Admin, Member).
  • Payment Processing: When a client pays an invoice, we share transaction details with Stripe to complete payment, and Stripe shares confirmation back to us.

3.3 Legal Compliance & Enforcement

We may disclose your data if required by law or in good faith belief that such action is necessary to:

  • Comply with a legal obligation (e.g., tax audit, court order, subpoena)
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users or the public
  • Protect against legal liability

3.4 Business Transfers

If SmartOps Ledger LLC is involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably identify you. For example: "50% of users use the overdue invoice automation feature."

4. How We Protect Your Data

4.1 Technical Security Measures

MeasureImplementation
Encryption in TransitTLS 1.3 for all data transmitted between your browser and our servers
Encryption at RestAES-256 encryption for all data stored in our database
Access ControlsRole-based access control (RBAC) for internal employee access
API SecurityRate limiting, authentication tokens, request validation
Backup & RecoveryAutomated daily backups stored in encrypted, geographically redundant locations
MonitoringIntrusion detection systems, automated security scanning, log monitoring

4.2 Organizational Security Measures

  • Employee Access: Only essential employees have access to production data, and access is granted on a need-to-know basis.
  • Security Training: All employees undergo annual security and privacy training.
  • Vendor Management: We require all third-party providers to sign Data Processing Agreements and maintain appropriate security certifications.

4.3 Payment Security (Stripe)

We do not collect, store, or process full payment card details. All payment information is handled directly by Stripe, which is certified as a PCI Service Provider Level 1 (the highest level of certification). Your payment data is tokenized, and we only store references to payment methods, not the actual card numbers.

4.4 Data Retention

Data CategoryRetention Period
Active account dataDuration of your subscription + 30 days
Invoices (paid)7 years (tax/accounting compliance)
Deleted accountsAnonymized after 30 days, or deleted upon request
Log data90 days (security and troubleshooting)
Automation execution history12 months

4.5 User Responsibility

You are responsible for:

  • Maintaining the security of your account credentials (strong password, not sharing access)
  • Configuring appropriate team member access levels
  • Securing your own devices used to access SmartOps Ledger
  • Complying with your own obligations to protect your clients' data

5. Third-Party Applications

5.1 Core Service Providers

Stripe, Inc.

Purpose: Payment processing, subscription management, invoice payment collection

Data Shared: Customer name, email, subscription plan, payment method token, invoice amounts

Privacy Policy: https://stripe.com/privacy

Vercel Inc.

Purpose: Application hosting, serverless functions, global CDN

Data Shared: All application data (account, organization, invoice, client, automation data)

Privacy Policy: https://vercel.com/legal/privacy-policy

Neon, Inc. (PostgreSQL hosting)

Purpose: Database hosting and management

Data Shared: All data stored in your application database

Privacy Policy: https://neon.tech/legal/privacy

5.2 Optional Integrations (Future Features)

The following integrations may be added in future versions. You will receive notice before enabling them:

Potential IntegrationPurpose
Slack/Discord webhooksAutomation notifications
Zapier/Make.comWorkflow automation connections
Google SheetsData export and reporting
QuickBooks/XeroAccounting software sync

5.3 Third-Party Links

Our Service may contain links to third-party websites or services (e.g., Stripe's customer portal). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with your information.

6. Your Privacy Rights

6.1 Rights for All Users (US & International)

RightDescriptionHow to Exercise
AccessRequest a copy of data we hold about youEmail [email protected]
CorrectionCorrect inaccurate or incomplete dataUpdate in account settings or contact support
DeletionRequest deletion of your dataContact support (subject to legal retention obligations)
Data PortabilityReceive your data in machine-readable formatEmail [email protected]
Opt-out of MarketingStop receiving marketing communicationsClick "unsubscribe" in emails or update account preferences

6.2 Additional Rights for EU/UK Users (GDPR)

Under the General Data Protection Regulation, you also have:

RightDescription
Right to Restrict ProcessingLimit how we use your data while a dispute is resolved
Right to ObjectObject to processing based on legitimate interests
Right to Withdraw ConsentWithdraw previously given consent for marketing or cookies
Right to Lodge a ComplaintFile a complaint with your local supervisory authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

6.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

RightDescription
Right to KnowCategories and specific pieces of personal information collected
Right to DeleteRequest deletion of personal information (subject to exceptions)
Right to Opt-OutOpt-out of "sales" of personal information (we do not sell your data)
Right to Non-DiscriminationNo denial of service for exercising your rights

To exercise CCPA rights, call our toll-free number or email [email protected]. We will verify your identity before responding.

7. International Data Transfers

SmartOps Ledger LLC is based in the United States. If you access our Service from outside the US, your data will be transferred to and processed in the US.

7.1 EU-US Data Transfers

For users in the European Economic Area (EEA), we ensure adequate protection for your data through:

  • EU-US Data Privacy Framework (DPF): Our sub-processor Stripe is DPF certified
  • Standard Contractual Clauses (SCCs): For non-DPF certified providers, we have executed SCCs approved by the European Commission
  • Transfer Impact Assessments (TIAs): Conducted where required to assess local laws

You have the right to request a copy of our SCCs by contacting us at [email protected].

7.2 UK-US Data Transfers

For users in the United Kingdom, we rely on the UK Extension to the EU-US DPF (where applicable) or UK Addendum to the SCCs.

8. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will delete that information promptly.

9. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or operational needs.

Type of ChangeNotice MethodEffective Date
Minor updates (clarifications, typo fixes)Updated "Last Updated" date on this pageImmediately
Material changes (new data uses, new third parties, changed rights)Email notice to account holders + in-app notification + 30-day advance notice30 days after notice
Emergency changes (security incidents, legal compliance)Direct email notification + banner on login pageAs soon as reasonably possible

Your continued use of SmartOps Ledger after the effective date of any material changes constitutes your acceptance of the updated Privacy Notice. If you do not agree with the changes, you may cancel your subscription and request deletion of your data before the changes take effect.

We encourage you to review this Privacy Notice periodically for any changes. The "Last Updated" date at the top indicates when this notice was last revised.

10. Contact Information

10.1 Privacy Inquiries

For privacy-related questions, data subject requests, or concerns about this Privacy Notice:

Email: [email protected]

Response Time: We aim to respond within 5 business days (GDPR requires responses within 30 days)

Mail:

SmartOps Ledger LLC

Attn: Privacy Officer

[Your Registered Agent Address]

[City, State, ZIP Code]

Delaware, USA

10.2 Data Protection Officer (DPO)

For EU/UK users, you may contact our Data Protection Officer at:

Email: [email protected]

10.3 Supervisory Authority Complaints (EU/UK)

If you are in the EEA or UK and believe we have processed your data unlawfully, you have the right to lodge a complaint with your local supervisory authority:

  • EEA: Find your authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • UK: Information Commissioner's Office - https://ico.org.uk

We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority. Please contact us first at [email protected].

10.4 California Residents (CCPA)

For CCPA requests, you may also contact us toll-free at: [Your Toll-Free Number if applicable]

11. Acknowledgment

BY USING SMART OPS LEDGER, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS PRIVACY NOTICE AND AGREE TO THE COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS DESCRIBED HEREIN.

This Privacy Notice is provided for informational purposes and does not constitute legal advice. SmartOps Ledger LLC recommends consulting with qualified legal counsel to ensure compliance with all applicable laws and regulations specific to your use of the Service.

© 2026 SmartOps Ledger. All rights reserved.

SmartOps Ledger is a registered trademark of SmartOps Ledger LLC. Terms and conditions, features, support, pricing and service options subject to change without notice.

By accessing and using this website, you agree to the Terms and Conditions and Privacy Policy.

Create accountLoginPrivacy Policy
FacebookYouTubeX