Privacy Policy

1. Introduction

Ledge (“Ledge,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data handled through our website, platform, applications, portals, communications, and related services (collectively, the “Service”).

This Privacy Policy explains what personal data we collect, how we use it, when we share it, how we protect it, and the rights available to individuals whose data we process.

This Privacy Policy applies to personal data we collect or process in connection with the Service, including when you:

• visit our website;
• create or use an account;
• use landlord, property manager, staff, tenant, or payer features;
• make or record payments through the Service;
• contact us for support, onboarding, or other inquiries; or
• interact with our emails, notices, or other communications.

2. Scope and Roles

Depending on the context, Ledge may process personal data in different roles.

• In many cases, users such as landlords, property managers, and operators decide what personal data is uploaded to the Service and how it is used in their property operations. In those cases, they may act as the primary controller or equivalent decision-maker for that data, and Ledge may act as a processor or service provider on their behalf.
• In other cases, Ledge may act as an independent controller for personal data we use for account administration, security, fraud prevention, service analytics, billing, legal compliance, support, and direct communications about the Service.

This Privacy Policy covers both situations unless we state otherwise.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Account and Identity Data

• Full name
• Email address
• Phone number
• Business or organisation name
• Job title or role
• Login credentials and authentication-related data
• Account status and verification information

3.2 Property, Lease, and Relationship Data

• Property addresses and unit identifiers
• Landlord, tenant, occupant, guarantor, agent, staff, and vendor details
• Lease terms, tenancy dates, rent amounts, deposit records, and payment obligations
• Notices, communications, maintenance records, and occupancy-related records
• Documents uploaded to the Service, such as agreements, receipts, photos, or attachments

3.3 Payment and Transaction Data

Where payment features are used, we may collect or receive:

• Transaction references and identifiers
• Payment status, timestamps, amounts, payer and payee details
• Partial payment instrument details made available to us by the payment processor, such as card type or masked card details
• Refund, reversal, chargeback, and settlement-related information
• Billing, invoicing, subscription, and fee records

We do not store full payment card numbers or CVV details on our own servers. Online payments are processed by third-party payment providers such as Paystack.

3.4 Technical and Usage Data

• IP address
• Browser type and version
• Device type and operating system
• Log data, timestamps, and diagnostic data
• Session activity and usage patterns
• Cookies and similar technologies
• Approximate location derived from IP address or device settings, where applicable

3.5 Communications and Support Data

• Support messages and tickets
• Email correspondence
• Feedback, survey responses, and onboarding communications
• Call notes or meeting notes where relevant to support, sales, or implementation

4. How We Collect Personal Data

We collect personal data in several ways:

• Directly from you, when you sign up, fill forms, contact us, upload records, invite users, configure properties, or use the Service
• From your organisation or account administrator, when they add you to a workspace or submit your details
• From tenants, payers, occupants, vendors, and other users, where they enter or submit information through the Service
• Automatically, through cookies, logs, analytics, device information, and technical monitoring tools
• From third parties, such as payment processors, integrations, service providers, and public or regulatory sources where relevant

5. How We Use Personal Data

We may use personal data to:

• Provide, operate, maintain, and improve the Service
• Create and manage accounts, workspaces, and access permissions
• Support property management, lease management, communication, maintenance, and financial workflows
• Facilitate payment requests, payment visibility, reconciliation, receipts, transaction support, and related operations
• Process subscriptions, billing, and fees payable to Ledge
• Provide customer support, onboarding, implementation, and troubleshooting
• Detect, prevent, investigate, and respond to fraud, abuse, security incidents, and technical issues
• Monitor performance, usage, and product quality
• Enforce our Terms, policies, and contractual rights
• Comply with legal, regulatory, audit, law enforcement, tax, and dispute-resolution obligations
• Send service-related notices, updates, security alerts, and administrative messages
• Send marketing or product communications where permitted by law or where you have consented

6. Legal Bases for Processing

Where required by applicable law, we rely on one or more lawful bases for processing personal data, including:

• Contract: where processing is necessary to provide the Service, administer accounts, enable requested features, or perform our contractual obligations
• Legal obligation: where processing is required to comply with applicable law, regulation, court order, lawful request, tax obligation, or regulatory requirement
• Legitimate interests: where processing is reasonably necessary for service administration, security, fraud prevention, analytics, support, product improvement, internal operations, or protecting our legal rights, provided such interests are not overridden by applicable rights
• Consent: where consent is required for a specific purpose, such as certain cookies or specific marketing communications

7. Payment Processing and Financial Data

Where you use payment features, online payments are processed by third-party payment providers, including Paystack, and may also involve banks, card networks, transfer rails, telecom providers, and other financial partners.

In connection with payments, we may share or receive personal data such as payer identity details, transaction references, payment status, amounts, timestamps, masked instrument details, dispute information, and related metadata as reasonably necessary to:

• initiate or support payment workflows;
• reconcile transactions;
• generate receipts and records;
• prevent or investigate fraud;
• respond to disputes, reversals, and chargebacks; and
• comply with regulatory, audit, or law enforcement requirements.

The relevant payment processor may process personal data under its own privacy notice and terms. We encourage users to review the privacy materials of any payment processor they use through the Service.

8. Cookies and Similar Technologies

We may use cookies, pixels, local storage, SDKs, and similar technologies to:

• keep users signed in;
• remember preferences and settings;
• secure the Service and detect abuse;
• understand website and product usage;
• improve performance and functionality; and
• support analytics and communications.

Some cookies are necessary for the Service to function. Others may be optional, depending on applicable law and how the relevant interface is configured.

You can manage browser cookies through your browser settings. Blocking some cookies may affect the functionality of the Service.

9. How We Share Personal Data

We may share personal data with:

• Service providers and subprocessors that help us host, maintain, secure, analyse, support, communicate, and operate the Service
• Payment processors and financial partners involved in payment acceptance, verification, reconciliation, settlement support, fraud review, refunds, or disputes
• Other users within the same workspace or transaction context, where access is required for the Service to function
• Professional advisers, such as lawyers, auditors, insurers, and accountants
• Regulators, public authorities, law enforcement, and courts, where required or permitted by law
• Corporate transaction counterparties, if we are involved in a merger, acquisition, financing, restructuring, asset sale, or similar transaction

We do not sell personal data in the ordinary sense of selling user databases for unrelated third-party marketing.

10. International and Cross-Border Transfers

Your personal data may be processed in countries other than the country in which it was originally collected, including where our service providers, infrastructure providers, analytics providers, or payment partners operate.

Where we transfer personal data across borders, we take steps reasonably designed to ensure that the data remains protected in accordance with applicable law and appropriate safeguards.

11. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide the Service;
• maintain records and account history;
• support payments, reconciliation, disputes, and audits;
• comply with legal, tax, accounting, and regulatory obligations;
• resolve complaints and enforce our agreements; and
• prevent fraud and maintain security.

Retention periods may vary depending on the type of data, the sensitivity of the data, the nature of the service provided, legal requirements, and operational necessity.

When personal data is no longer reasonably required, we may delete it, anonymise it, or securely archive it, subject to backup systems and legal retention obligations.

12. Data Security

We use administrative, technical, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

However, no internet-based service or storage system is completely secure. We cannot guarantee absolute security.

Users are responsible for maintaining the confidentiality of their credentials and for using appropriate access controls within their organisations.

13. Your Rights

Subject to applicable law, individuals may have rights in relation to their personal data, including the right to:

• request access to personal data;
• request correction of inaccurate or incomplete personal data;
• request deletion, anonymisation, blocking, or restriction in appropriate circumstances;
• object to certain processing;
• withdraw consent where processing is based on consent;
• request portability where applicable; and
• lodge a complaint with the Nigeria Data Protection Commission or another competent supervisory authority.

Where Ledge acts only on behalf of a customer or workspace administrator, we may direct your request to that customer or administrator, or ask you to contact them directly.

We may request information necessary to verify identity before processing a rights request.

14. Children

The Service is not intended for children, and we do not knowingly collect personal data directly from children through the consumer-facing use of the Service.

If you believe a child has provided personal data to us unlawfully, contact us and we will investigate and take appropriate steps.

15. Third-Party Services and Links

The Service may contain links to third-party websites, portals, integrations, or services. We are not responsible for the privacy, security, or data handling practices of third parties. Their use of personal data is governed by their own terms and privacy notices.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, regulatory guidance, operational practices, or third-party integrations.

If we make material changes, we may provide notice by email, in-product notification, website notice, or other reasonable means. The updated version will become effective on the date stated at the top of this Privacy Policy.

17. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact:

support@ledgeapp.co

If you are contacting us about a privacy rights request, please include enough detail for us to identify your account or relationship to the relevant workspace and to understand the scope of your request.