Privacy Policy
Last Updated: December 30, 2025
TestLedger LLC ("TestLedger," "we," "us," or "our") operates the TestLedger™ Compliance Platform. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, applications, and services (collectively, the "Service").
Summary
We collect information necessary to provide our documentation and compliance services. We do not sell your personal information. We implement industry-standard security measures to protect your data. You retain ownership of all records you create.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and email address
- Organization name and billing address
- Phone number (optional)
- Payment information (processed securely by Stripe)
- User role and access permissions
1.2 Service Usage Data
When you use TestLedger, we automatically collect:
- Device information (type, operating system, browser)
- IP address and approximate location
- Usage patterns and feature interactions
- Timestamps and session duration
- Error logs and performance data
1.3 Record Data
Records you create in TestLedger may include:
- Test results and documentation entered by your organization
- Photographs, images, and file attachments
- Operator identification and credentials
- Timestamps, GPS coordinates (if enabled), and metadata
- Cryptographic seals and audit trail information
2. How We Use Information
| Purpose | Data Used |
|---|---|
| Provide and operate the Service | Account information, record data, usage data |
| Process payments and billing | Payment information, billing address |
| Send service communications | Email address, account preferences |
| Improve and develop features | Aggregated usage data, feedback |
| Ensure security and prevent fraud | IP address, device information, access logs |
| Comply with legal obligations | As required by applicable law |
3. Data Ownership and Access
You Own Your Data
All records, documentation, and content you create using TestLedger remain your property. We do not claim ownership of your data. You may export your data at any time in multiple formats (PDF, JSON, CSV).
Our access to your record content is limited to:
- Providing technical support when you request assistance
- Investigating security incidents or abuse
- Complying with valid legal process
4. Information Sharing
We do not sell, rent, or trade your personal information. We may share information with:
4.1 Service Providers
- Stripe: Payment processing
- Amazon Web Services: Cloud infrastructure and data storage
- Analytics providers: Aggregated usage analysis
4.2 Legal Requirements
We may disclose information when required by law, court order, subpoena, or to protect our rights, property, or safety.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership.
5. Data Security
We implement comprehensive security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Cryptographic sealing of records using SHA-256 hashing
- Role-based access controls and audit logging
- Regular security assessments and monitoring
- SOC 2 Type II certified infrastructure (AWS)
6. Data Retention
We retain your data as follows:
- Record data: Configurable retention period (1 year to indefinite, default 7 years)
- Account information: Duration of account plus 90 days after deletion
- Usage logs: 2 years
- Billing records: 7 years (legal requirement)
You may request deletion of your account and associated data at any time, subject to legal retention requirements and our ability to maintain cryptographic verification of sealed records.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal information
- Correction: Update inaccurate personal information
- Deletion: Request deletion of your personal information
- Portability: Export your data in machine-readable format
- Opt-out: Unsubscribe from marketing communications
- Restriction: Limit how we process your information
To exercise these rights, contact us at privacy@testledger.io.
8. HIPAA Compliance
For customers using TestLedger to document healthcare-related testing, we offer Business Associate Agreements (BAA) and implement technical safeguards consistent with HIPAA Security Rule requirements. Request a BAA through Settings → Compliance or contact compliance@testledger.io.
9. International Data Transfers
TestLedger is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses where required.
10. Children's Privacy
TestLedger is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your session and preferences
- Analyze usage patterns
- Improve performance and security
You can control cookies through your browser settings. Disabling cookies may limit functionality.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance of the updated policy.
14. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination for exercising privacy rights
15. Contact Us
TestLedger LLC
San Diego, California, USA
Privacy Inquiries: privacy@testledger.io
Compliance: compliance@testledger.io
General Support: support@testledger.io