Privacy Policy
Last updated: June 2026
Last updated: June 2026
Ledger Valley Inc. ("Ledger Valley," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, store, and disclose data when you engage our financial technology and professional services.
This policy applies to all clients and users who connect their financial platforms to Ledger Valley or provide data to us in the course of an engagement.
In the course of providing our services, we may access and process the following types of information:
When you authorize Ledger Valley to connect to your financial platforms, we access data necessary to perform the agreed-upon services, including:
We may also collect contact information (name, email, phone number), business information, and any documents or data you provide to us directly as part of our engagement.
We use your data solely for the purpose of delivering the services agreed upon in our engagement, including:
We do not sell your data. We do not share your data with advertisers. We do not use your data for any purpose other than delivering the services you engaged us to perform.
Ledger Valley uses technology tools to support the delivery of its services. When these tools process your data:
Specific service providers and sub-processors used in the delivery of services are disclosed in the engagement letter. General provider details are available on request.
Ledger Valley's primary systems are located in Canada. In the course of service delivery, client data is transmitted to and processed by third-party service providers - including technology service providers based in the United States and financial platform APIs - as described in this policy and in the cross-border transfer section below. Client data may be stored on Ledger Valley's local systems and processed by foreign-based providers simultaneously during active engagements. Ledger Valley selects providers that maintain appropriate data protection practices and commercial terms that restrict use of client data to service delivery only.
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:
Where we access your data through third-party platforms, consent is obtained through the platform's standard OAuth authorization flow. By authorizing the connection, you consent to Ledger Valley accessing the data categories described in this policy for the purposes described herein.
You may revoke consent at any time by disconnecting Ledger Valley from your platform. Upon revocation, we will immediately cease all API access to your data. See our End User License Agreement for disconnection instructions.
We retain client data for the duration of the engagement plus five years following the conclusion of services, in accordance with applicable regulatory and contractual requirements. After this period, data is securely deleted unless a longer retention period is required by law.
You may request deletion of your data at any time after the engagement ends. Upon receiving a written deletion request, we will securely delete your data within 30 days, subject to any legal or regulatory retention obligations.
Some of the service providers used in our service delivery are based outside Canada, including in the United States. When your data is processed by these providers, it may be accessible under the laws of those jurisdictions. Under PIPEDA, Ledger Valley remains accountable for your data when it is transferred to a third party for processing, regardless of where that party is located.
We take reasonable steps to ensure that any provider receiving client data is bound by contractual obligations that provide a comparable level of protection to that required under Canadian privacy law. A list of current providers and their jurisdictions is available in the engagement letter or on request.
We do not share your data with third parties except in the following circumstances:
In the event of a security incident involving your data, Ledger Valley will notify you within 24 hours of discovery. The notification will include a description of the incident, the types of data affected, the measures taken to address the incident, and recommended steps you can take to protect yourself.
Where a breach of security safeguards creates a real risk of significant harm, Ledger Valley will also report the breach to the Office of the Privacy Commissioner of Canada as required under the Breach of Security Safeguards Regulations (PIPEDA), and will maintain a record of all breaches of security safeguards as required by law.
As a Canadian organization, Ledger Valley complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the right to:
To exercise any of these rights, contact us using the information below.
This Privacy Policy shall be governed by and construed in accordance with the federal laws of Canada and the laws of the Province of Ontario, regardless of the Client's location. Disputes related to this policy are subject to the dispute resolution provisions in our Terms of Service.
We may update this Privacy Policy from time to time by updating the "Last updated" date at the top of this page.
Ledger Valley has designated a Privacy Officer who is accountable for our compliance with this policy under PIPEDA. For questions about this Privacy Policy, or to exercise your data rights, contact our Privacy Officer at:
Ledger Valley Inc.
Ontario, Canada
info@ledgervalley.com
+1 (289) 698-6693