Legal

Privacy Policy

Effective date: March 15, 2026  ·  Last updated: May 12, 2026

RemindLedger™ does not sell your personal data. We do not share your financial data with advertisers, data brokers, or any third parties except as described in this policy.

1. Who We Are

RemindLedger is owned and operated by REMINDLEDGER INC., a Delaware corporation. This Privacy Policy describes how we collect, use, and protect information when you use our Operative Finance platform — accounts receivable automation, payment matching, and Invoice-On-Payment™ orchestration for B2B SMBs.

Contact: [email protected]

2. Information We Collect

2.1 Information You Provide

  • Account data: Name, email address, company name, role, and password (hashed with bcrypt)
  • Business data: Customer names, email addresses, phone numbers, invoice amounts, and payment records you enter into the platform
  • Payment method: Credit/debit card data processed by our licensed payment processor. We never store full card numbers.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, timestamps, and actions taken within the application
  • Device and browser data: IP address, browser type, operating system, and device identifiers
  • Log data: Server logs for security and troubleshooting purposes (retained 90 days)

2.3 Bank Connection and Payment Notification Data

When you use our payment reconciliation features, we may collect bank transaction data through verified read-only bank connections, process payment notification emails you forward, or ingest bank statement files you upload. We may collect:

  • Payment amount, date, and sender/reference number
  • ACH trace numbers, Zelle transaction IDs, or Wire reference numbers
  • Account metadata, transaction descriptions, and provider-issued connection tokens needed to maintain the read-only bank connection

We do not initiate transfers, store online banking passwords, or access unrelated inbox content. For forwarded emails, we do not retain full inbox contents outside the payment records you intentionally submit.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To automatically match payment notifications to open invoices in your account
  • To send payment reminders to your customers on your behalf (only when you instruct us to)
  • To generate financial reports and analytics for your business
  • To send you service-related notifications and product updates
  • To detect fraud, abuse, and security incidents
  • To comply with legal obligations

We do not use your data to train AI/ML models sold to third parties. We may use aggregate, anonymized data to improve our own matching algorithms.

4. Information Sharing

We share your information only in the following circumstances:

  • Service providers: We use third-party providers to operate the Service (e.g., cloud hosting, email delivery, SMS delivery). These providers are contractually bound to protect your data and may only process it as instructed.
  • Payment processors: Payment processing is handled by licensed Money Services Businesses registered with FinCEN. They act as independent controllers of cardholder and bank-account data under their own privacy notices and security frameworks (PCI-DSS Level 1, GLBA where applicable). The list of integrated processors may change over time; we will reflect material updates in this policy.
  • Bank connectivity providers: When you authorize a bank connection, approved service providers may process bank account metadata, access tokens, and transaction data solely to maintain the read-only connection and deliver data to RemindLedger.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of RemindLedger, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We do not sell, rent, or share your personal data with advertisers, data brokers, or marketing firms.

4.1 Financial Privacy (GLBA) Notice

When payment processing or banking features are enabled, certain information about you or your customers may constitute Non-Public Personal Information ("NPI") under the Gramm-Leach-Bliley Act, 15 U.S.C. §6801 et seq. ("GLBA"). RemindLedger is not itself a financial institution under GLBA; however, our payment-processing and bank-connectivity partners are. We process NPI only as a service provider to those partners and the merchant, subject to GLBA's Safeguards Rule and the partner's privacy notice.

We do not disclose NPI to any non-affiliated third party except to provide the Service, to comply with legal obligations, or with your express direction (for example, when you elect to submit a financing application through a referred partner).

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

  • Account and business data is retained for 30 days post-cancellation, then purged
  • Financial transaction records may be retained for up to 7 years to comply with accounting and tax regulations
  • Backup snapshots are purged within 90 days of deletion

6. Security

We implement industry-standard security measures including TLS 1.3 for data in transit, AES-256 encryption for sensitive data at rest, bcrypt password hashing, and regular security audits. However, no method of transmission over the internet or electronic storage is 100% secure.

7. Your Rights

All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
  • Portability: Export your data in a machine-readable format (JSON)
  • Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. This right is not applicable to RemindLedger's current practices.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service

To exercise your rights, email [email protected] with the subject "Privacy Request — [Right you are exercising]". We will respond within 45 days.

You may also submit a data deletion request at: Account Settings → Delete Account

Canadian Residents (PIPEDA)

If you are located in Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information and challenge its accuracy. Our Privacy Officer can be reached at [email protected].

8. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies: Used to understand how users interact with the Service (anonymized). You may opt out.

We do not use advertising or tracking cookies. We do not use third-party ad networks.

9. International Data Transfers

RemindLedger is operated by RemindLedger Inc. on dedicated servers in professional data-centre facilities located in Miami, Florida (United States). If you access the Service from Canada or any other jurisdiction, your data may be transferred to and processed in the United States. We implement appropriate safeguards for cross-border data transfers, including Standard Contractual Clauses (SCCs) where applicable. When RemindLedger uses AI models, processing occurs on RemindLedger-operated infrastructure — your data is never sent to third-party AI vendors (OpenAI, Google, Anthropic, etc.).

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email at least 14 days before material changes take effect. The "last updated" date at the top of this page will reflect the most recent revision.

Payment Behavior Score (Internal)

Controller: RemindLedger Inc., Delaware, USA. Privacy contact: [email protected].

Data Protection Officer: RemindLedger has not appointed a formal DPO at its current size. All privacy enquiries are centralised in the [email protected] inbox, monitored directly by the founder team.

Purpose: We compute an internal "payment behavior score" based on your invoice and payment history with the merchant that serves you. This score is used ONLY by that merchant for its internal collections and credit decisions.

Legal basis: Explicit consent (GDPR Art. 6(1)(a) — for EU/UK residents) plus contract performance (Art. 6(1)(b)). For US residents, processing is grounded in legitimate business purpose plus your contractual relationship with the merchant.

This is NOT a credit check: this is NOT a credit-bureau report, this is NOT a Consumer Reporting Agency furnishing under the Fair Credit Reporting Act (FCRA, 15 U.S.C. §1681), and this score is NOT shared with third parties or with other merchants. It is an internal, closed-loop reputation signal.

Recipients: none outside RemindLedger. Cross-merchant lookups are NOT enabled today. If we ever add furnishing to credit bureaus, we will solicit a fresh, specific consent.

Retention: Score history is retained for seven (7) years after the last activity on your account, then anonymised. Full detail in our Data Retention Policy.

Source of your data (GDPR Art. 14): You either signed up directly, or the merchant that serves you created your profile in our system through their Sync/ERP integration or manual upload. In the second case, you should also have received the merchant's own privacy notice.

Your rights:

  • Access (Art. 15): email [email protected].
  • Rectification (Art. 16): dispute any factor from the portal.
  • Erasure (Art. 17): request by email; soft-delete within 30 days (some financial records are retained 7 years by law).
  • Withdrawal of consent (Art. 7(3)): Settings → Privacy → Withdraw, or DELETE /individual/consent/credit_scoring via API.
  • Human review of an automated decision (Art. 22(3)): Settings → Score → "Request human review", or POST /individual/score-review.

Right to lodge a complaint: You may file a complaint with the US Federal Trade Commission (FTC) and with your state Attorney General — for example, the California Privacy Protection Agency for California residents. Canadian residents may complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca). EU/UK residents may also complain to their national data-protection authority.

Notice version: rl_v1. Last updated: 2026-05-27. Canonical URL: https://remindledger.com/legal/privacy.

12. Contact and Data Requests

For any privacy questions, requests, or concerns:

Email: [email protected]

Mail: REMINDLEDGER INC., Delaware, USA

Response time: We respond to all privacy requests within 45 days.