Legal

Privacy Policy

How Ledger Audits collects, uses, and protects personal data on this website and in our engagements.

Last updated: June 2026

This policy explains how Ledger Audits ("we," "us") handles personal data. It covers visitors to ledgeraudits.com and the contacts at our clients and prospects. We treat all client information as confidential and keep engagements segregated.

Who we are

Ledger Audits is an independent firm providing ISO 27001 internal audits and SOC 2 readiness. For privacy questions, contact [email protected]. Our registered entity details and data-protection contact are confirmed in our engagement paperwork.

What we collect

  • Information you give us. When you submit the contact form or email us, we collect your name, work email, company, framework of interest, and anything you write in your message.
  • Engagement information. During an engagement we process the evidence, documentation, and system information you share with us, which may include limited personal data about your personnel. This is governed by our Data Processing Agreement.
  • Basic technical data. Our host may log standard request data such as IP address and user agent for security and reliability. We do not run advertising or analytics tracking cookies on this site.

How we use it

To respond to your enquiry, to scope and deliver engagements, to send engagement communications and invoices, to meet legal and professional obligations, and to secure our systems. Our lawful bases include your consent, the performance of a contract, our legitimate interest in running the firm, and legal obligation, as applicable under the law that governs you.

Cookies and the contact form

This site sets no advertising or analytics cookies. Fonts are loaded from Google Fonts, which may receive your IP address to serve the font files. The contact form is processed by FormSubmit, which forwards your message to us by email; your submission is sent to that processor solely to deliver the message. We do not sell your data, ever.

Sharing

We share personal data only with service providers who help us operate, such as our email, document storage, and form processor, each under appropriate confidentiality and data-protection terms, and where required by law. Our approved sub-processors are listed in our Data Processing Agreement, available to clients.

International transfers

We serve clients in the United States, United Kingdom, European Union, Australia, and the United Arab Emirates. Where personal data is transferred across borders, we rely on an adequate transfer mechanism such as an adequacy decision or the applicable Standard Contractual Clauses or UK Addendum.

Retention

We keep enquiry data only as long as needed to respond and for our legitimate business records. Engagement evidence is retained for the period set in the engagement agreement, then securely deleted.

Your rights

Depending on where you are, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. To exercise any of these, email [email protected]. You may also complain to your local supervisory authority.

Security

We protect personal data with least-privilege access, multi-factor authentication, encryption in transit and at rest, segregated client repositories, and logged access. These are the same disciplines we help our clients evidence.

Changes

We may update this policy and will revise the date above. Material changes will be reflected here.

This policy is a template starting point. Before launch, confirm your registered entity, data-protection contact, and processor list with your counsel, and align it with the Ledger Audits Data Processing Agreement.