๐Ÿš€ Client Pulse is live โ€” the only tool that tells you exactly which clients read their report and which didn't. Learn more โ†’

Privacy Policy

Last updated: April 2026

What Data We Collect

We collect the minimum amount of data required to provide you with automated reporting services:

  • Account Information: Your name, email address, agency name, and secure billing information necessary for your subscription.
  • OAuth Tokens: We request read-only access to platforms like Google Analytics 4, Google Ads, and Meta Ads. We do not store raw data histories continuously.
  • Report Metadata: Your custom report layouts, saved parameters, and execution logs of generated PDFs.

Google User Data

LedgeSpace requests access to your Google account data solely to connect your Google Analytics 4 and Google Ads integrations and generate client reports on your behalf. The specific Google user data we access includes your Google account email address (used for authentication), and OAuth access tokens for GA4 and Google Ads (used to fetch performance data for report generation).

We do not share, sell, transfer, or disclose your Google user data with any third parties. We do not use your Google user data for advertising purposes. We do not allow humans to read your Google user data except where you have given us explicit permission or where it is necessary for security purposes such as investigating abuse.

Google user data is stored securely in our database solely for the purpose of maintaining your integration connection. You may revoke LedgeSpace's access to your Google account at any time by disconnecting the integration from your LedgeSpace dashboard or by visiting your Google account permissions page at myaccount.google.com/permissions. Upon disconnection, your OAuth tokens are deleted from our database immediately.

LedgeSpace's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What We Do NOT Collect

To power automated report generation, we store normalized performance snapshots โ€” aggregated metric summaries โ€” from your connected platforms (GA4, Google Ads, Meta Ads) in our secure database. We do not store raw session-level data, individual user identities, or full historical event logs. We store only the summarized metrics required to generate your PDF reports (e.g. total sessions, total spend, top campaigns). These snapshots are scoped to your agency and client and are permanently deleted upon account cancellation.

How OAuth Processing Works

Our app connects to your agency's data sources via official OAuth2 protocols requesting strictly read-only access limits. Access refresh tokens are fully encrypted at rest inside our databases. You can unilaterally revoke our access at any point directly from your Google or Meta security settings panes.

Meta Ads Data

When you connect a Meta Ads account, we request read-only access via the ads_read permission. We store aggregated campaign performance metrics (spend, impressions, clicks, conversions, ROAS) as normalized snapshots tied to your agency account. We do not store individual user data, audience data, or any Meta user's personal information. To request deletion of all Meta-related data we hold for your account, visit https://ledgespace.com/data-deletion or email ledgespace@gmail.com

Report Delivery Emails

When you configure a client's email address to receive automated PDF dispatches, we use that email address solely to dispatch the configured message via standard SMTP transport. Your clients' emails are completely partitioned per agency and are absolutely never sold, cataloged, or added to internal marketing lists under any circumstances.

Third-Party Processors

We rely on compliant infrastructure to function:

  • Polar as our exclusive Merchant of Record processing subscription billing.
  • Gmail / SMTP Networks to dispatch outgoing client emails accurately.
  • Leading Cloud Providers to securely host our Node.js and MongoDB instances.

Data Retention

We maintain application configurations indefinitely for active subscribers. Upon full cancellation of a paid subscription, accounts enter a 30-day grace/portability window. Following this window, we permanently scrub your OAuth tokens, client associations, and agency metrics from our physical clusters.

GDPR & European Privacy Rights

You hold absolute rights concerning access, portability, and "right to be forgotten" deletion requests to all tracking instances we maintain. EU entities acting as controllers may request our standard Data Processing Addendum (DPA) verifying our compliance acting purely as processors.

Cookies & Minor Protections

We operate utilizing solely strictly-necessary session cookies executing critical login states (NextAuth) alongside minimal anonymized analytical cookies which users can universally opt-out of upon landing. Note importantly that Ledgespace operates distinctly as a B2B platform designed and purposed strictly for users over age 18 representing registered commercial agencies.

Contact

Direct any intensive questions or requests involving your precise data rights strictly to ledgespace@gmail.com.