Privacy Policy
Last updated: July 2026
What Data We Collect
We collect the minimum amount of data required to provide you with automated reporting services:
- Account Information: Your name, email address, agency name, and secure billing information necessary for your subscription.
- OAuth Tokens: We request read-only access to platforms like Google Analytics 4, Google Ads, and Meta Ads. We do not store raw data histories continuously.
- Report Metadata: Your custom report layouts, saved parameters, and execution logs of generated PDFs.
Google and YouTube User Data
LedgeSpace requests access to your Google account data solely to connect your Google Analytics 4, Google Ads, and YouTube integrations to generate client reports on your behalf.
YouTube API Services: LedgeSpace uses YouTube API Services to authenticate and pull read-only analytics data. By authenticating your YouTube account with LedgeSpace, you are agreeing to be bound by the YouTube Terms of Service, which can be reviewed here: https://www.youtube.com/t/terms. The data we access is also strictly governed by the Google Privacy Policy, which can be reviewed here: https://policies.google.com/privacy.
The specific Google user data we access includes your Google account email address (used for authentication), and OAuth access tokens (used strictly to fetch read-only performance data for report generation).
We do not share, sell, transfer, or disclose your Google or YouTube user data with any third parties. We do not use your Google or YouTube user data for advertising purposes. We do not allow humans to read your Google user data except where you have given us explicit permission or where it is necessary for security purposes such as investigating abuse.
Google and YouTube user data is stored securely in our database solely for the purpose of maintaining your integration connection. You may revoke LedgeSpace's access to your Google and YouTube data at any time by disconnecting the integration from your LedgeSpace dashboard or by visiting your Google account permissions page at https://myaccount.google.com/permissions. Upon disconnection, your OAuth tokens are deleted from our database immediately.
LedgeSpace's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
LinkedIn User Data
LedgeSpace requests access to your LinkedIn account data solely to connect your LinkedIn Company Pages and LinkedIn Ads integrations to generate client reports.
We use the LinkedIn Community Management API and Advertising API strictly to pull read-only performance metrics (such as page followers, impressions, ad spend, and clicks). The specific data we access includes your LinkedIn profile email (for authentication) and OAuth access tokens (to fetch performance data).
We do not share, sell, transfer, or disclose your LinkedIn user data with any third parties. We do not use your LinkedIn data for our own advertising or sales purposes. We do not allow humans to read your LinkedIn data except for security or abuse investigations. You can permanently revoke LedgeSpace's access at any time through your LinkedIn account settings. Upon disconnection, your OAuth tokens are immediately deleted from our database.
Data Protection Mechanisms for Sensitive Data
LedgeSpace employs strict security measures to protect your sensitive data, including Google OAuth tokens. All sensitive data is encrypted in transit using industry-standard TLS (Transport Layer Security) protocols, and encrypted at rest using AES-256 encryption. Access to our database is strictly restricted to authorized infrastructure necessary for automated report generation.
What We Do NOT Collect
To power automated report generation, we store normalized performance snapshots โ aggregated metric summaries โ from your connected platforms (GA4, Google Ads, YouTube, Meta Ads) in our secure database. We do not store raw session-level data, individual user identities, or full historical event logs. We store only the summarized metrics required to generate your PDF reports (e.g. total sessions, total spend, top campaigns). These snapshots are scoped to your agency and client and are permanently deleted upon account cancellation.
How OAuth Processing Works
Our app connects to your agency's data sources via official OAuth2 protocols requesting strictly read-only access limits. Access refresh tokens are fully encrypted at rest inside our databases. You can unilaterally revoke our access at any point directly from your Google or Meta security settings panes.
Meta Ads Data
When you connect a Meta Ads account, we request read-only access via the ads_read permission. We store aggregated campaign performance metrics (spend, impressions, clicks, conversions, ROAS) as normalized snapshots tied to your agency account. We do not store individual user data, audience data, or any Meta user's personal information. To request deletion of all Meta-related data we hold for your account, visit https://ledgespace.com/data-deletion or email hello@ledgespacehq.com
HubSpot Data
When you connect a HubSpot account, we request read-only access to your CRM data (contacts, deals, and owners). We use this data strictly to generate aggregated reports for your clients. We do not sell, transfer, or use this CRM data for any external marketing purposes. For more information regarding our HubSpot data privacy practices or to submit a data privacy request, please visit our HubSpot Data Privacy Request Page.
Report Delivery Emails
When you configure a client's email address to receive automated PDF dispatches, we use that email address solely to dispatch the configured message via standard SMTP transport. Your clients' emails are completely partitioned per agency and are absolutely never sold, cataloged, or added to internal marketing lists under any circumstances.
Third-Party Processors
We rely on compliant infrastructure to function:
- Polar as our exclusive Merchant of Record processing subscription billing.
- Gmail / SMTP Networks to dispatch outgoing client emails accurately.
- Leading Cloud Providers to securely host our Node.js and MongoDB instances.
Data Retention
We maintain application configurations indefinitely for active subscribers. Upon full cancellation of a paid subscription, accounts enter a 30-day grace/portability window. Following this window, we permanently scrub your OAuth tokens, client associations, and agency metrics from our physical clusters.
GDPR & European Privacy Rights
You hold absolute rights concerning access, portability, and "right to be forgotten" deletion requests to all tracking instances we maintain. EU entities acting as controllers may request our standard Data Processing Addendum (DPA) verifying our compliance acting purely as processors.
Cookies & Minor Protections
We operate utilizing solely strictly-necessary session cookies executing critical login states (NextAuth) alongside minimal anonymized analytical cookies which users can universally opt-out of upon landing. Note importantly that Ledgespace operates distinctly as a B2B platform designed and purposed strictly for users over age 18 representing registered commercial agencies.
Contact
Direct any intensive questions or requests involving your precise data rights strictly to hello@ledgespacehq.com.