Version 1.1 · Effective July 6, 2026
FlagLedger is operated by LUUCKA INC, doing business as FlagLedger ("we," "us," or "our"). We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. FlagLedger is a Business-to-Business (B2B) platform intended for commercial financial diagnostic analysis. The service is not intended for personal, family, or household data tracking. Contact: info@flagledger.com Website: flagledger.com
Account information: When you create an account, we collect your email address and, optionally, your name. Financial data: When you upload financial documents (P&L statements, balance sheets, cash flow statements, general ledgers), we collect and temporarily process that data to generate your report. For free preview reports, the P&L file you upload is also stored briefly so you can upgrade to a full report without re-uploading it (see "Financial Data Handling" below). Payment information: Payment transactions are processed by Stripe. We do not store your credit card numbers. We store your Stripe customer ID to manage billing. Usage data: We collect standard log data including IP addresses, browser type, pages visited, and timestamps to operate and improve the service. Communications: If you contact us, we retain those communications to resolve issues and improve support.
We use your information to: · Generate financial analysis reports based on your uploaded data · Process payments and manage your subscription · Send transactional emails (report delivery, billing receipts, usage alerts) · Provide customer support · Improve the platform through aggregated, anonymized analytics · Comply with legal obligations We do not use your financial data to train AI models, and we utilize enterprise-grade APIs with our sub-processors (such as Anthropic) that contractually prohibit the use of customer payloads for model training. We do not sell your data to third parties. We do not use your data for advertising purposes.
We share your information only with trusted service providers necessary to operate FlagLedger: · Supabase — database and authentication infrastructure · Anthropic — AI analysis engine (financial data is sent to Anthropic's API for report generation; governed by Anthropic's data processing terms) · Stripe — payment processing · Resend — transactional email delivery · Vercel — hosting infrastructure All service providers are contractually required to protect your data and use it only for the services they provide to us. We do not share your data with any other third parties without your explicit consent, except as required by law.
When you upload financial documents (P&L statements, balance sheets, cash flow statements, general ledgers), we parse them to extract the financial figures needed for your analysis. For paid reports, the raw uploaded files are processed in memory and are not retained — only the extracted financial data and the report outputs generated from them are stored securely (encrypted at rest and in transit) and retained for 90 days from the date the report is generated, after which they may be removed from our systems. For free preview reports, the uploaded P&L file is additionally stored in a private, access-controlled location for up to 24 hours so you can upgrade to a full report without re-uploading it; this preview file is automatically deleted when the preview expires or when you upgrade, whichever comes first. If you save a draft of a report you are preparing, the financial files you have attached are likewise stored in a private, access-controlled location so you can resume later; draft files are automatically deleted when you submit the report, when you discard the draft, or after 7 days, whichever comes first. You are responsible for downloading or exporting any report you wish to keep before it is removed. We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security reviews.
Account data is retained for as long as your account is active. You may request deletion of your account and associated data at any time by emailing info@flagledger.com. We will process deletion requests within 30 days, subject to any legal retention obligations. Extracted financial data and report outputs are retained for 90 days from report generation, after which they may be deleted from active systems. Raw uploaded files for paid reports are not retained after parsing. Raw P&L files uploaded for free previews are retained privately for up to 24 hours and are deleted when the preview expires or when you upgrade. Financial files attached to a saved draft are retained privately for up to 7 days and are deleted on submission, on discard, or at expiry. Billing records are retained for 7 years as required by applicable law.
FlagLedger uses essential cookies for authentication and session management. We do not use advertising cookies or third-party tracking pixels. We may use anonymized analytics to understand how the platform is used, but this data cannot be linked back to individual users.
Depending on your location, you may have the following rights regarding your personal data: · Access: Request a copy of the personal data we hold about you · Correction: Request correction of inaccurate data · Deletion: Request deletion of your account and associated data · Portability: Request your data in a portable format · Objection: Object to certain processing activities To exercise any of these rights, email us at info@flagledger.com. We will respond within 30 days.
FlagLedger is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, contact us at info@flagledger.com and we will delete it promptly.
FlagLedger operates in the United States. If you access our service from outside the US, your data may be transferred to and processed in the United States. By using FlagLedger, you consent to this transfer. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy regardless of where it is processed.
We implement technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include AES-256 encryption at rest and TLS 1.2 or higher encryption in transit, access controls, and regular security assessments. However, no system is completely secure, and we cannot guarantee absolute security.
This Privacy Policy and any dispute relating to it are governed by the laws of the State of Florida, United States, without regard to its conflict-of-laws principles, consistent with our Terms of Service.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. The "last updated" date at the top of this page reflects the most recent revision. Continued use of FlagLedger after changes constitutes acceptance of the updated policy.
For privacy-related questions, requests, or concerns, contact us at: LUUCKA INC dba FlagLedger Email: info@flagledger.com Website: flagledger.com