Privacy Policy

NDLedger is operated by AREASPEC PTY LTD (ACN 690 941 078), an Australian company based in Ipswich, Queensland. References in this policy to "we", "us", or "NDLedger" mean AREASPEC PTY LTD trading as NDLedger.

We collect the minimum information needed to run NDLedger:

• Email address — used for account authentication.
• Conversation transcripts that you upload — used only for extraction, then deleted (see Section 5).
• Extracted insights, topics, decisions, tasks, and commitments generated from your transcripts.
• Timestamps that you provide against transcripts and insights.

Voice recordings are processed locally in your browser using the Web Speech API. The resulting text is sent to NDLedger for extraction, but the audio itself is never uploaded to or stored by us.

We use your data only to:

• Provide the NDLedger service,
• Extract and organise insights using AI, and
• Authenticate your account.

We do not sell your data, share it with advertisers, or use it to train AI models.

Your data is stored on Supabase servers in Sydney, Australia. Data is encrypted in transit using TLS and encrypted at rest on disk. Row Level Security is enforced at the database layer so that you can only access rows tied to your own account.

Transcripts are deleted automatically after extraction is complete. We do not retain the raw content of your conversations.

Extracted insights, topics, decisions, tasks, and commitments are retained until you delete them. You can delete individual insights — which cascades to related topics — or delete your entire account via Settings.

Account data (email address) is retained while your account is active. If your account is inactive for more than 24 months, we may delete it along with all associated data in accordance with Australian Privacy Principle 11.2 (destruction or de-identification of personal information no longer needed).

NDLedger relies on the following third-party services:

• Supabase — database and authentication. Hosted in Sydney, Australia.
• Vercel — application hosting. May process IP addresses and request logs.
• Anthropic (Claude) — AI processing. Transcripts are sent to Claude for extraction. Per Anthropic's policy, API content is processed to return a response and is not retained or used for training.
• Cloudflare — DNS and email routing. Cloudflare does not process the content of your transcripts or insights.

Under the Australian Privacy Principles, you have the right to:

• Access your data through the app,
• Delete your data through the app,
• Request correction of your data by contacting us at privacy@ndledger.com, and
• Request information about how your data is handled by contacting us.

We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth). If a data breach occurs that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as soon as reasonably practicable.

NDLedger uses session cookies for authentication only. We do not use tracking cookies, advertising cookies, or third-party cookies.

NDLedger is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us and we will delete it.

NDLedger complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you believe we have breached the APPs, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If you access NDLedger from outside Australia, your data will be transferred to and stored in Australia. By using NDLedger, you consent to this transfer.

We use industry-standard security measures including TLS encryption in transit, encryption at rest, and Row Level Security at the database layer. No system is perfectly secure, but we take reasonable steps to protect your data.

Questions about this policy or how your data is handled?

• Email: privacy@ndledger.com
• Address: AREASPEC PTY LTD (ACN 690 941 078), Ipswich, Queensland, Australia 4305

We may update this policy from time to time. If we make material changes, we will notify you by email or through an in-app notice before the changes take effect.