Ledgiva

GDPR Compliance

Last Updated: February 28, 2026

1. Overview

Ledgiva is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and describes the rights available to you as a data subject.

2. Data Controller

Ledgiva acts as a data processor on behalf of our customers (the data controllers). When you use Ledgiva to manage your business finances, you are the data controller for your customers' personal data. Ledgiva processes this data on your behalf in accordance with our Terms of Service and this GDPR policy.

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract Performance: Processing necessary to provide our invoicing and accounting services to you.
  • Legitimate Interest: Processing necessary for platform security, fraud prevention, and service improvement.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.
  • Consent: Where required, we obtain your explicit consent before processing (e.g., marketing communications).

4. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: You can request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.
  • Right to Object: You can object to the processing of your personal data for certain purposes.

5. Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Name, email address, company name, and password (hashed).
  • Business Data: Customer details, invoices, payments, products, and financial records you enter into the platform.
  • Usage Data: Login timestamps, feature usage patterns, and audit logs for security purposes.
  • Payment Data: Subscription billing is handled by PayFast; we do not store card details.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

7. Data Transfers

Your data is stored on servers located in secured data centers. If data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including standard contractual clauses where applicable.

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

9. Contact Us

To exercise your GDPR rights or for any data protection inquiries, please contact us at contact@ledgiva.com.

Home
About
Login
Pricing
Contact