Privacy Policy

Last updated: April 1, 2026

SupaLedger (“we,” “us,” or “our”) is a cloud-based accounting and business management platform operated by Field Elevate Management LLC. This Privacy Policy describes how we collect, use, store, and protect your information when you use our platform at supaledgers.com and related services.

By using SupaLedger, you agree to this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. We use Supabase Auth for authentication and do not store passwords directly.

1.2 Organization & Financial Data

When you use SupaLedger, you may enter or import business financial data including:

• Chart of accounts, journal entries, and trial balances
• Invoices, bills, and payment records
• Contact information (customers, vendors, employees)
• Bank account details and transaction data
• Tax rates, fiscal periods, and financial reports
• Documents and attachments you upload

1.3 Bank Account Data (via Stripe Financial Connections)

If you choose to connect a bank account, we use Stripe Financial Connections to securely link your financial institution. Through this connection, we may access:

• Account details (institution name, account type, last 4 digits)
• Transaction history (pending and posted transactions)
• Account balances

This data is used solely to provide bank reconciliation, transaction categorization, and bookkeeping features within SupaLedger. We store this data only in the United States.

1.4 Payment Information (via Stripe)

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank routing numbers, or other sensitive payment credentials on our servers. Stripe's privacy policy applies to payment data: stripe.com/privacy.

1.5 AI-Powered Features

SupaLedger includes AI-powered features such as transaction categorization, smart import, and document extraction. These features process your data on-platform to provide suggestions and automation. AI features are read-only — they can analyze your data and make suggestions, but cannot create, modify, or delete any records without your explicit approval.

1.6 Usage Data

We collect standard usage data including IP addresses, browser type, pages visited, and feature usage. This helps us improve the platform and diagnose issues.

2. How We Use Your Information

We use your information to:

• Provide and maintain the SupaLedger platform
• Process financial transactions and generate reports
• Import, categorize, and reconcile bank transactions
• Power AI features (categorization, document extraction, assistant)
• Send transactional emails (invoices, receipts, reminders)
• Provide customer support
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. How We Store and Protect Your Data

• Infrastructure: All data is stored on Supabase (hosted on AWS) in the United States.
• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access control: Row-Level Security (RLS) ensures each organization can only access its own data. All database access is scoped to your organization.
• Authentication: We use Supabase Auth with secure session management and support for multi-factor authentication.
• Audit logging: All data modifications are logged for accountability.

4. Data Sharing

We do not sell your data. We share data only with the following service providers, solely to operate the platform:

We do not share your financial data with any third parties for advertising, analytics, or any purpose other than operating the platform.

5. Stripe Financial Connections

When you connect a bank account via Stripe Financial Connections:

• Your bank credentials are handled entirely by Stripe — we never see or store your bank login information.
• Transaction data retrieved through Financial Connections is stored in your SupaLedger organization's database in the United States.
• We use this data only for bank reconciliation, transaction categorization, and financial reporting within your account.
• We do not share bank transaction data with any third parties beyond what is described in Section 4.
• You can disconnect your bank account at any time from Settings > Banking. Disconnecting stops future data syncing. Previously imported transactions remain in your account unless you delete them.

6. Data Retention

• Active accounts: We retain your data for as long as your account is active.
• Deleted accounts: Upon account deletion, we delete your organization data within 30 days. Backups may retain data for up to 90 days before automatic expiration.
• Legal requirements: We may retain certain data longer if required by law (e.g., tax records).

7. Your Rights

You have the right to:

• Access your data — all your data is visible within the SupaLedger platform and can be exported via CSV.
• Correct inaccurate data — you can edit your records directly in the platform.
• Delete your data — contact us to request full account deletion.
• Export your data — all reports and records can be exported as CSV files.
• Disconnect third-party integrations at any time from Settings.

8. Cookies

We use essential cookies only for authentication and session management. We do not use advertising or tracking cookies.

8.5. MCP Connector (Claude / Anthropic)

SupaLedger publishes a Model Context Protocol (MCP) server at supaledgers.com/mcp that lets you connect your SupaLedger org to Claude (Anthropic's AI assistant) via the Anthropic Connectors Directory. The connector is read-only and HIPAA-restricted orgs are excluded entirely.

8.5.1 What Claude can see

When you ask Claude a question about your business, SupaLedger returns the answer as summary data by default — totals by account type, bucket totals on aging reports, and contact metadata without addresses, tax IDs, or internal notes. You can opt into detail mode in your SupaLedger Settings to let Claude see individual account names, transaction details, and full contact records.

8.5.2 How your data travels

Your prompt goes from your device to Anthropic's servers. Claude decides which SupaLedger tool to call, then queries our MCP server with an OAuth token scoped to one of your organizations. SupaLedger returns the answer to Claude; Claude returns the answer to you. Your data is in transit through Anthropic's infrastructure. Anthropic's privacy policy is at anthropic.com/legal/privacy.

8.5.3 What Claude cannot do

• Cannot post journal entries, create invoices, or modify any data.
• Cannot send emails or SMS.
• Cannot access HIPAA-flagged organizations.
• Cannot read free-text fields in our audit log (those are SHA-256-redacted before storage).

8.5.4 What we log

Every Claude request to your SupaLedger org writes one row to platform.mcp_audit_log — tool name, response time, status, structural arguments. Free-text fields like search queries and natural-language instructions are SHA-256-redacted before storage; we keep a length and hash prefix for duplicate detection but never the content. Org admins can query this log at any time.

8.5.5 Disconnecting

You can revoke Claude's access at any time from your claude.ai connector settings, or from SupaLedger Settings → Integrations → MCP Connections. Revoking immediately stops all future tool calls; the audit log retains records of past calls for forensic purposes.

Full integration details (every tool, response shape, error codes, rate limits): supaledgers.com/mcp.

9. Children's Privacy

SupaLedger is a business tool and is not intended for use by individuals under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. The “Last updated” date at the top indicates the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

• Email: privacy@fieldelevate.com
• Mail: Field Elevate Management LLC, 105 S. Mangum St, Durham, NC 27701