Last updated: May 25, 2026
KeepMyLedger is a product of Creek Ridge LLC (“we”, “us”), a personal-finance tool that lets you import bank and credit-card statements, categorize transactions, and attach receipts. This page explains what data we collect, why we collect it, and the third parties involved.
When you sign in with Google, we receive your Google account's public profile information: a stable user ID, email address, display name, and profile picture URL. We use this to create your account and identify you on return visits. We do not receive your Google password.
If you register with an email address and password instead of Google, we store your email address and a bcrypt hash of your password. The plaintext password is never stored or logged. Email addresses are stored encrypted (AES-256-GCM) and looked up via a keyed hash, so the plaintext is not readable at the database layer even if a row is extracted.
When you import a statement, we extract and store: transaction date, description, amount, and (where present) running balance. We also store any categories, rules, notes, tax descriptions, and receipt metadata you create. The original PDF you upload is processed in memory and is not retained on our servers after parsing completes.
If you upload a receipt image or PDF, we store the file on the storage backend you have configured. In self-hosted deployments this is the local filesystem. In hosted deployments with Google Drive integration enabled, the file is uploaded directly to your own Google Drive in a folder named “KeepMyLedger”; we keep only the Drive file ID and metadata in our database.
We split cookies into two groups. Strictly necessary cookies are always on; everything else loads only after you accept on the consent banner that appears on your first visit. You can change your choice anytime from Settings → Cookie preferences.
kml.sid — first-party session cookie that keeps you signed in. HTTP-only, marked Secure in production, SameSite=Lax. Expires after 30 days or on sign-out.__stripe_mid, __stripe_sid on the/billing page only) — fraud prevention and payment processing on the embedded payment form. Set by Stripe under their own privacy policy._ga, _ga_*) — loaded only after you accept on the consent banner. We use Google's Consent Mode v2, so even when the script is loaded, no analytics cookies are set until you grant consent. Used to understand which pages and features are used. Retention: up to 14 months.We do not currently use advertising or re-targeting cookies. The consent banner reserves an “Advertising” toggle for any future change so you would not need to be re-prompted.
Connecting Google Drive is optional. If you connect Drive, you grant us the drive.file OAuth scope, which limits our access to files our application creates or that you explicitly open with our app. We cannot read your other Drive files. We store the OAuth refresh token issued by Google in our database so we can upload receipts on your behalf in future sessions. You can disconnect Drive at any time from the Settings page or by revoking access at myaccount.google.com/permissions.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
AI Assist is an opt-in, per-click feature. When you press the AI Assist button on a transaction, we send a redacted prompt — the transaction's description, amount, date, and the list of your category names — to the large-language-model provider configured for this deployment (e.g., OpenAI or Anthropic). We do not send your full statement, your account numbers, or other users' data. The LLM provider's own privacy and retention terms apply to that request.
When you import a PDF statement that our built-in parsers cannot fully recognize, you will be offered the option to use AI to improve the result. This is never automatic — you must click “Use AI to improve results” and confirm the consent prompt before any data leaves our server. If you consent, the extracted text of your statement (not the original PDF file) is sent to the same LLM provider described above. We do not send scanned images; only the text layer extracted from the PDF. If the AI parse succeeds, we save an anonymized column-structure hint for that bank so future imports of the same format may not require AI. The LLM provider's own privacy and retention terms apply.
If a statement fails to parse and you choose to help us improve coverage, we may collect a redacted text sample (with digits masked) and structural metadata such as page count and bank name. We never upload the original PDF, and we show you the exact payload before it is submitted. This feature is opt-in per submission.
We do not sell your personal data. We do not use your financial data to train machine- learning models. We do not share your data with advertisers.
We retain your data for as long as your account is active. You can request export or deletion of your account by emailing [email protected]. On deletion, your transactions, categories, rules, receipts metadata, and Drive tokens are removed from our database; files stored in your own Google Drive remain in your Drive and are not affected.
We use TLS for data in transit. Sensitive fields — including email addresses, display names, and OAuth tokens — are encrypted at the application layer using AES-256-GCM before being written to the database, independent of any encryption the hosting provider applies. Email lookup uses a keyed HMAC hash so the plaintext is not required for authentication. Drive OAuth tokens and session data are stored in the application database with access restricted to the application service account.
If you use local email/password auth, your password is hashed with bcrypt and the plaintext is never stored. Google OAuth users have no password stored on our side.
KeepMyLedger is not intended for children under 13, and we do not knowingly collect data from children under 13.
If we make material changes, we will update the “Last updated” date above and, for signed-in users, surface a notice in the application.
Questions or requests: [email protected].