The Holdings Ledger — Privacy Policy

Effective Date: February 4, 2026
Last Updated: February 4, 2026

This Privacy Policy describes how Adam Segal (d/b/a The Holdings Ledger) ("The Holdings Ledger," "we," "us," or "our") collects, uses, and shares information when you access or use our websites, applications, and related services (the "Service").

1) Information We Collect

A. Account & Authentication

  • Email address (stored in your account record; used to deliver sign-in links). Note: Security logs reference a cryptographic hash of your email, not the email itself.
  • Name (optional; if you provide one or your organization pre-populates it)
  • Authentication and security events (e.g., sign-in link requested/sent, sign-in success/failure, terms acceptance)
  • Organization identifiers and access permissions (e.g., which data sets you are authorized to access)

B. Usage & Technical Information

  • IP address (used for rate limiting, fraud prevention, and security; held transiently in memory for rate limiting; may appear in security logs)
  • Device/browser information (e.g., user agent)
  • Log and event data (timestamps, pages/routes accessed, actions taken, error codes, response status)
  • Cookies and similar technologies required for session and security

C. Customer Data

If you or your organization provide data to the Service—or if the Service processes data on your behalf—we treat that information as "Customer Data." We process Customer Data only as necessary to provide, secure, and improve the Service, and as otherwise permitted by your organization's instructions or agreement.

2) How We Use Information

We use information to:

  • authenticate users and manage access,
  • provide and operate the Service,
  • enforce authorization controls (e.g., ensuring you only access authorized data sets),
  • secure the Service (fraud prevention, abuse prevention, auditing),
  • troubleshoot issues and improve reliability and performance,
  • communicate with you about security and access (e.g., sign-in emails, account notices).

3) How We Share Information

We do not sell personal information.

We may share information with:

  • Service providers that help us operate the Service (e.g., hosting, email delivery, databases, monitoring). Examples may include Vercel, Resend, and Neon (or similar providers).
  • Legal/compliance recipients when required by law or to protect rights, safety, and security (e.g., to respond to lawful requests, prevent fraud, or investigate abuse).
  • Business transfers if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets (information may be transferred as part of that transaction).

4) Cookies and Similar Technologies

We use cookies and similar technologies primarily for:

  • session authentication,
  • security controls (e.g., abuse prevention),
  • basic functionality.

We do not currently use advertising cookies. If we introduce analytics or other tracking technologies in the future, we will update this Privacy Policy.

5) Data Retention

We retain personal information and logs for as long as reasonably necessary to:

  • provide and secure the Service,
  • maintain audit and security records,
  • comply with legal obligations.

Typical retention (current target):

  • Security and application logs: retained per our infrastructure provider's defaults (typically up to ~14 days depending on plan/provider)
  • Account records: while your account is active, and for a reasonable period afterward for security and compliance

Longer retention may apply where required by law or to resolve disputes/enforce agreements.

6) Security

We use reasonable technical and organizational safeguards designed to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7) Your Choices and Rights

Depending on your location, you may have rights to access, correct, or delete personal information. You may submit requests by emailing adam@holdingsledger.com.

If your organization controls your access (e.g., evaluation or enterprise use), requests may need to be routed through your organization's administrator.

8) Children

The Service is not intended for children, and we do not knowingly collect personal information from children.

9) International Users

If you access the Service from outside the United States, your information may be processed in the United States and other jurisdictions where we or our service providers operate.

10) Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last Updated" date and posting the revised policy.

11) Contact

For privacy questions or requests: adam@holdingsledger.com