← Back

Privacy Policy

Last updated: May 25, 2026

KeepMyLedger is a product of Creek Ridge LLC (“we”, “us”), a personal-finance tool that lets you import bank and credit-card statements, categorize transactions, and attach receipts. This page explains what data we collect, why we collect it, and the third parties involved.

1. Information we collect

Account information

When you sign in with Google, we receive your Google account's public profile information: a stable user ID, email address, display name, and profile picture URL. We use this to create your account and identify you on return visits. We do not receive your Google password.

If you register with an email address and password instead of Google, we store your email address and a bcrypt hash of your password. The plaintext password is never stored or logged. Email addresses are stored encrypted (AES-256-GCM) and looked up via a keyed hash, so the plaintext is not readable at the database layer even if a row is extracted.

Financial data you provide

When you import a statement, we extract and store: transaction date, description, amount, and (where present) running balance. We also store any categories, rules, notes, tax descriptions, and receipt metadata you create. The original PDF you upload is processed in memory and is not retained on our servers after parsing completes.

Receipts

If you upload a receipt image or PDF, we store the file on the storage backend you have configured. In self-hosted deployments this is the local filesystem. In hosted deployments with Google Drive integration enabled, the file is uploaded directly to your own Google Drive in a folder named “KeepMyLedger”; we keep only the Drive file ID and metadata in our database.

Cookies and similar technologies

We split cookies into two groups. Strictly necessary cookies are always on; everything else loads only after you accept on the consent banner that appears on your first visit. You can change your choice anytime from Settings → Cookie preferences.

Strictly necessary (always on)

Analytics (off by default)

We do not currently use advertising or re-targeting cookies. The consent banner reserves an “Advertising” toggle for any future change so you would not need to be re-prompted.

2. Google Drive integration

Connecting Google Drive is optional. If you connect Drive, you grant us the drive.file OAuth scope, which limits our access to files our application creates or that you explicitly open with our app. We cannot read your other Drive files. We store the OAuth refresh token issued by Google in our database so we can upload receipts on your behalf in future sessions. You can disconnect Drive at any time from the Settings page or by revoking access at myaccount.google.com/permissions.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. AI features

AI Assist (transaction categorization)

AI Assist is an opt-in, per-click feature. When you press the AI Assist button on a transaction, we send a redacted prompt — the transaction's description, amount, date, and the list of your category names — to the large-language-model provider configured for this deployment (e.g., OpenAI or Anthropic). We do not send your full statement, your account numbers, or other users' data. The LLM provider's own privacy and retention terms apply to that request.

AI-assisted PDF parsing (opt-in per import)

When you import a PDF statement that our built-in parsers cannot fully recognize, you will be offered the option to use AI to improve the result. This is never automatic — you must click “Use AI to improve results” and confirm the consent prompt before any data leaves our server. If you consent, the extracted text of your statement (not the original PDF file) is sent to the same LLM provider described above. We do not send scanned images; only the text layer extracted from the PDF. If the AI parse succeeds, we save an anonymized column-structure hint for that bank so future imports of the same format may not require AI. The LLM provider's own privacy and retention terms apply.

4. Statement-format telemetry (opt-in)

If a statement fails to parse and you choose to help us improve coverage, we may collect a redacted text sample (with digits masked) and structural metadata such as page count and bank name. We never upload the original PDF, and we show you the exact payload before it is submitted. This feature is opt-in per submission.

5. How we use your data

We do not sell your personal data. We do not use your financial data to train machine- learning models. We do not share your data with advertisers.

6. Third-party processors

7. Data retention and deletion

We retain your data for as long as your account is active. You can request export or deletion of your account by emailing [email protected]. On deletion, your transactions, categories, rules, receipts metadata, and Drive tokens are removed from our database; files stored in your own Google Drive remain in your Drive and are not affected.

8. Security

We use TLS for data in transit. Sensitive fields — including email addresses, display names, and OAuth tokens — are encrypted at the application layer using AES-256-GCM before being written to the database, independent of any encryption the hosting provider applies. Email lookup uses a keyed HMAC hash so the plaintext is not required for authentication. Drive OAuth tokens and session data are stored in the application database with access restricted to the application service account.

If you use local email/password auth, your password is hashed with bcrypt and the plaintext is never stored. Google OAuth users have no password stored on our side.

9. Children

KeepMyLedger is not intended for children under 13, and we do not knowingly collect data from children under 13.

10. Changes to this policy

If we make material changes, we will update the “Last updated” date above and, for signed-in users, surface a notice in the application.

11. Contact

Questions or requests: [email protected].