Privacy Policy

Who we are

MyLedja is operated by Planexi Global Consult Limited ("we", "us"). We act as the data controller for personal data processed through the MyLedja web application. This policy explains our practices under the Nigeria Data Protection Regulation (NDPR) and, where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR.

What we collect

We collect information you provide directly: name, email address, password (stored hashed), profile and tax settings, and financial records you enter or upload — including transaction data extracted from bank statement files. We may collect device, browser, and session metadata for security and fraud prevention.

Lawful basis & consent

We process your data to perform our contract with you (providing the MyLedja service) and, where required, on the basis of your explicit consent captured at sign-up or before first use. You may withdraw consent for optional processing by contacting us; core account features may no longer be available if processing is required to deliver the service.

How we use your data

Your data powers budgeting, transaction categorisation, income and investment tracking, tax estimates, statements of account, and related features. We do not sell your personal information. We do not use your financial data for credit decisions or share it with banks or lenders for marketing.

Support & admin access

Authorised MyLedja staff may access user data to provide support, investigate errors, and maintain security. Support agents can view account metadata and statement upload logs (filename, status, counts) but not full transaction amounts or income details unless escalated to a Super Admin. All such access is logged in our admin activity audit trail with the administrator's identity and timestamp.

Data storage & retention

Production deployments should use MongoDB Atlas or equivalent persistent storage with encryption at rest. Passwords are hashed with bcrypt; sessions use short-lived JWTs. We retain your data while your account is active. When you delete your account, we erase your profile and associated financial records from our primary database within a reasonable period, except where we must retain limited records for legal, accounting, or security obligations.

Third-party processors

We use subprocessors to deliver the service, including cloud hosting (e.g. Vercel), database hosting (e.g. MongoDB Atlas), optional media storage (Cloudinary), and AI providers (Anthropic Claude and/or Google Gemini) for bank statement parsing and categorisation. Transaction descriptions and statement content may be sent to AI APIs for processing; their privacy policies apply. API keys and secrets are kept in server environment variables, not in client code.

International transfers

Where data is processed outside Nigeria or your country of residence (for example, on EU or US cloud infrastructure), we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions, or your explicit consent where required by NDPR or GDPR.

Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict, or object to processing, and to data portability. In MyLedja you can:

• Export your data — Settings → Privacy & Data → Export my data (JSON)
• Delete your account — Settings → Privacy & Data → Delete my account (permanent erasure)
• Correct your data — edit records in the app or update profile settings

You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

Tax estimates disclaimer

PAYE and tax figures produced by MyLedja are planning estimates only and do not constitute tax advice. Consult a qualified tax professional for filing obligations.

Contact

Data protection enquiries: support@ledja.ng. See also our Terms of Service.