Privacy policy

Last updated: 15 May 2026 · Effective: 15 May 2026

LDGR is an iPhone application that lets you keep a private ledger of your appointments, the people you meet with, and the things you've promised each other. This policy explains what data LDGR collects, where it's stored, and what we do (and don't do) with it.

LDGR is operated by Siani Johnston, a sole trader based in Australia. We comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

If you have questions about this policy or your data, contact us at hello@ldgr.com.au.

Note on TestFlight / early builds. In early TestFlight builds of LDGR, all data is stored locally on your device. Account sign-in and cloud sync (which trigger most of the data flows described below) activate in a later release. We will update this policy and notify users in-app when those changes ship.

1. What we collect

When you use LDGR, the following information is or will be stored (some only after account sign-in and cloud sync are introduced):

Account information (planned, not yet active)

Your email address (used to sign in)
An Apple ID identifier or Google account identifier if you sign in via those providers
A password (encrypted, only if you sign in with email)

Your ledger data (currently stored locally on your device)

This is the content you create inside the app. Everything you type stays inside your private ledger. It includes:

Appointments: title, time, location, notes, fields, attendees
People (your "ledgers"): name, phone, email, addresses, notes you write about them
Follow-ups, commitments, and to-do items you create
Custom templates and template fields
Preferences and settings

Technical information (planned, not yet active)

Anonymous usage analytics (which screens you visit, what features you use), collected via PostHog. We do not associate this with your name or content. You can opt out at any time in Settings.
Crash reports collected via Sentry, used to fix bugs. Crash reports do not include the contents of your ledger.

We do not collect: your location, your contacts list, your photos, your microphone audio, or any data from other apps on your device.

2. What we do and don't do with your data

We collect what we collect for one reason: to make LDGR work.

Account information lets you sign in and keeps your ledger linked to your account.
Your ledger data is what LDGR exists to store. It's your data, returned to you when you open the app.
Technical information helps us find and fix bugs, and understand which features are useful enough to keep building.

We do not:

Sell your data. Ever. To anyone. For any reason.
Share your data for advertising. Your information is not used to target ads to you, on LDGR or anywhere else.
Currently use your ledger content to train AI models. Your notes, client records, meeting history, follow-ups, and commitments do not go into training a model. If that ever changes, we will update this policy, notify you in-app or by email, and give you the option to opt out before any of your data is used for training. (See section 7 for how we use AI features inside the app. That's different from training.)

We do:

Collect anonymous usage data: which screens you visit, which features you use, how long sessions last, where you drop off. We use this to understand how LDGR is being used and to make it better. It is never linked to your name or the contents of your ledger.
Run AI features on your behalf, on your own data, when you choose to use them. For example, a generated morning brief that reads your appointments and notes and summarises them back to you. This is in-product processing on your own data, for you. The data stays yours; we don't retain prompts or outputs beyond what's needed to deliver the feature, and we don't learn from it.
Read crash reports (via Sentry) when the app fails, so we can fix bugs. These contain stack traces, not your ledger content.

3. Where it's stored

Currently (TestFlight builds): all your ledger data is stored locally on your device. Nothing is sent to a server. If you uninstall the app, your data is deleted from the device.

Once cloud sync is introduced (planned): your ledger data will be stored in a Supabase Postgres database hosted in the AWS Sydney (ap-southeast-2) region. Data is encrypted in transit (TLS) and at rest. Every database row is protected by row-level security policies that ensure only you can read or modify your own data.

When analytics and crash reporting are introduced, they will be processed by PostHog and Sentry respectively. These providers act as data processors on our behalf and are bound by their own privacy commitments.

We will not transfer your data outside of Australia for primary storage. Some service-provider processing may occur in other jurisdictions; in those cases we rely on contractual safeguards. See clause 4 (Cross-border data).

4. Cross-border data (APP 8)

Where any of our service providers processes your data outside of Australia, we take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles. Specifically:

Supabase (database, when activated): primary storage in the AWS Sydney region; no cross-border transfer for primary storage. Subject to Supabase's published Data Processing Addendum.
PostHog (analytics, when activated): processing may occur in the EU or US; relied upon under their published Data Processing Addendum, which incorporates Standard Contractual Clauses where applicable.
Sentry (crash reports, when activated): processing may occur in the EU or US; relied upon under their published Data Processing Addendum.

Apple-side data flows (e.g. Apple ID for App Store sign-in, TestFlight identifiers) are governed by Apple's privacy policy and are outside our control.

5. Who else sees it

Nobody, by default. Your ledger is private to you. We do not share your data with third parties for marketing, profiling, or analytics that identify you.

The only situations where someone other than you might see your data are:

You explicitly share it. Future versions of LDGR may include sharing features (shared calendars, team mode). If you opt into those features, the people you choose to share with will see the shared content.
A court orders it. If we receive a lawfully issued legal request (subpoena, warrant), we may be required to disclose specific records. We will challenge requests that appear overbroad.
A safety emergency. If we reasonably believe disclosure is necessary to prevent serious harm to a person, we may disclose data to appropriate authorities.

We never sell your data.

6. Sensitive and health information

LDGR is intended for keeping a record of your own appointments, clients, follow-ups, and commitments.

LDGR is not intended for storing health information about your clients. If your professional work involves recording client health information (for example, sleep consultancy, allied health, therapy practice, or any kind of clinical or paramedical work), please contact us at hello@ldgr.com.au before using LDGR for that purpose. Additional consent flows and compliance considerations apply under the Privacy Act 1988 (Cth) and state Health Records Acts that aren't yet built into the v1 product.

If you record information about yourself that may be sensitive (your own appointments with a GP, therapist, etc.), the security controls outlined in this policy apply. The data is your own, and stays in your ledger.

7. Automated decision-making and AI features (APP 1)

LDGR includes AI-assisted features that operate on content you have written. For example, a generated morning prep brief that reads your upcoming appointments, linked notes, and outstanding follow-ups, and summarises them back to you.

How we use AI on your data:

AI features run on your own data, for you, in the moment. The output (a brief, a summary, a suggestion) is yours.
We do not retain prompts or outputs beyond what is needed to deliver the feature.
We do not use your ledger content to train, fine-tune, or improve any AI model. Ours or anyone else's. If that ever changes, we will update this policy, notify you in-app or by email, and give you the option to opt out before any of your data is used for training.
Before any new AI feature is enabled in your account, we will update this policy with specific disclosures and give you the option to opt out of that feature.

This complies with the automated-decision-making disclosure obligations under APP 1, taking effect on 11 December 2026.

8. Marketing communications (APP 7)

We do not send marketing communications by default.

If we introduce a product newsletter or other promotional communications in the future, they will be opt-in only at the time of account creation or via a Settings toggle. You can unsubscribe at any time. We will never sell your contact information to a third party for marketing.

Transactional communications (such as account verification, security alerts, password resets, or notifications about material changes to this policy) are not "marketing" and will be sent to your account email as needed to operate the service.

9. Your rights

Under the Australian Privacy Principles, you have the right to:

Access: request a copy of the data we hold about you (APP 12)
Correct: ask us to correct inaccurate data (APP 13)
Delete: ask us to delete your account and all associated ledger data (APP 12.7)
Export: download a copy of your ledger data in a portable format (planned in-app under Settings → Profile)
Object: opt out of anonymous analytics at any time, via Settings inside the app
Complain: lodge a complaint with us, or with the Office of the Australian Information Commissioner (OAIC) if you believe we've breached the APPs

To exercise any of these rights, email hello@ldgr.com.au. We respond within 30 days. Deleting your account permanently removes your ledger data from our systems within 30 days; backups containing your data are purged within 90 days.

10. Children

LDGR is not intended for use by children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data without parental consent, contact us at hello@ldgr.com.au and we will remove it.

11. Tracking technologies

LDGR is a native iOS application and does not use web cookies, browser-based tracking, or cross-site advertising identifiers. We do not track you across other apps or websites for any purpose.

12. Security

We protect your data with:

TLS encryption for all data in transit
Encryption at rest in our Sydney-region database (once cloud sync is enabled)
Row-level security policies that prevent any user from reading another user's data
Authentication via email + password, Apple Sign-in, or Google Sign-in
Regular security review of third-party dependencies

No system is perfectly secure. If we ever have reason to believe your data has been compromised, we will notify you in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

13. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "Last updated" date at the top. Material changes (anything that expands the data we collect, or how we use it) will be communicated to you in-app or by email at least 14 days before they take effect.

14. Contact

LDGR, operated by Siani Johnston
Email: hello@ldgr.com.au

If you're not satisfied with our response to a privacy concern, you can contact the Office of the Australian Information Commissioner:

Phone: 1300 363 992
Website: oaic.gov.au