Legal
Privacy Policy
This policy explains what information NP Ledger collects, how it is used, which service providers are involved, and the controls available to your organization.
Last updated: July 6, 2026
How 70Ware LLC handles service data
This summary covers account data, financial records, AI-related processing, storage, and retention. Questions? Contact us at support@70Ware.com.
1. Introduction
70Ware LLC ("we," "us," or "our") operates NP Ledger, a cloud-based nonprofit fund accounting service. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.
NP Ledger serves nonprofit organizations in the United States and other countries outside the European Union. We do not direct the Service to organizations established in the EU or EEA. For details on who we serve — and what it means for information you record about donors or contacts who reside in the EU/EEA — see the Service Scope section of our Terms of Service.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and organization name. If you sign in with Google OAuth, we receive your name and email from Google.
Financial Data
You enter financial data into the Service, including transactions, accounts, contacts, funds, and supporting documents. This data belongs to you (see our Terms of Service).
Payment Information
Subscription payments are processed by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe may collect and store payment information in accordance with their privacy policy.
Usage Data
We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. We also use Google Analytics 4 (GA4) to measure usage across our site — both public marketing pages and, once you sign in, the application — including pageviews and conversion events such as pricing page views and signups. GA4 only runs after you consent to analytics cookies: analytics are off by default, and a cookie banner lets you accept or decline. If your browser sends a Global Privacy Control (GPC) signal, we treat that as a decline automatically. GA4 data helps us understand how the Service is used so we can maintain and improve it.
AI and Voice Data
If you use Voice Entry, audio you record is processed by AssemblyAI for speech-to-text conversion — either by upload or by real-time streaming. We do not store audio recordings after processing. The resulting transcript is then sent to Google Gemini to extract the fields for your entry. If you use receipt or invoice capture, the photo you upload is sent to Google Gemini to read the amount, date, and payee from the image. Separately, if you use AI Help, your query and your organization's financial context are processed by Google Gemini.
Under our paid-tier terms with these providers, the data sent to Google Gemini and AssemblyAI is not used to train their AI models and is retained only transiently by the provider for abuse monitoring. These AI features are optional. For a fuller description of these data flows and the safeguards around them, see our internal AI data-flow assessment, summarized on the sub-processors page.
AI Agent Connections (Model Context Protocol)
NP Ledger offers an optional connector that lets you link an external AI assistant — such as Claude or ChatGPT — to your account through a one-click consent screen. This connection is optional and initiated by you. You sign in with your existing NP Ledger credentials, and the connection can only reach an organization you are already an active member of. You choose a single organization on the consent screen, and that choice is re-verified on every request — if your membership in that organization ends, the assistant's access ends with it. You can disconnect at any time from within the assistant.
What the assistant can do is bounded by your own role in that organization, exactly as in the app: a view-only role cannot make changes through the connector, recording entries requires a role that permits it, and the assistant is only offered the tools your role can use. You also choose at the consent screen whether to grant read-only or read-and-write access.
While connected, the assistant can, at your direction, read that organization's financial data (such as fund balances, accounts, and transactions) and — where your role and the access you granted permit — record entries such as donations and expenses on your behalf. Any data you ask the assistant to retrieve is transmitted to the provider of that assistant (for example, Anthropic or OpenAI), which processes it under its own privacy policy and terms, not ours. We do not control how those providers use data once it reaches them; review their privacy policies before connecting.
Sign-in for these connections is brokered by Scalekit, our authorization provider, which verifies your identity and issues the access token; it does not receive your financial records.
Sensitive Data Categories We Hold
Because NP Ledger is a nonprofit accounting system, some of what you enter is more sensitive than an ordinary account profile. We want to name those categories plainly so you know what is in the Service:
- Donor and contact personal information — names, email and mailing addresses, phone numbers, and the giving history you record for the donors and contacts your organization tracks.
- Bank-feed and financial-account data — if you connect a bank feed, the account metadata and transactions we import for the accounts you link, plus the bank and account records you enter by hand.
- Payroll and compensation data — employee and contractor pay records, amounts, and the related expense entries you record for your organization's payroll.
- Government-filing data — the figures and organization details you compile for filings such as IRS Form 990.
Nearly all of this is data your organization records about other people, for which your organization is the controller and we act as your service provider. We hold it on your instructions to run the accounting features you signed up for, and we do not use it for our own purposes. Payment card details are the exception — those are handled by Stripe and are not stored on our servers (see Payment Information above).
3. How We Use Your Information
We use your information to:
- Provide and maintain the Service.
- Process your transactions and generate reports.
- Process subscription payments.
- Send transactional emails such as password resets, donation receipts, and notifications.
- Provide AI-powered assistance based on your financial data.
- Monitor and improve service performance and security, and comply with legal obligations.
Why we process each category of data
- Account information — to create and secure your account and provide the Service you have signed up for (performance of our contract with you).
- Financial data you enter — including data about donors and contacts — is processed on your instructions so we can deliver the accounting features. For this data you record, we act as your service provider (processor); your organization is the controller. See the Service Scope section of our Terms.
- Payment information — to bill your subscription (performance of our contract).
- Server logs and security data — to keep the Service secure and reliable and to meet legal obligations (our legitimate interest in operating a secure service).
- Analytics — only with your consent (see Cookies).
4. Data Storage and Security
Your data is stored on Google Cloud Platform (GCP) infrastructure in the United States (us-central1 region). We use the following security measures:
- Encryption in transit (TLS/HTTPS).
- Encryption at rest (GCP default encryption).
- Role-based access controls within the application.
- Two-factor authentication (TOTP) for administrative access.
- Daily automated database backups with 7-day retention.
- Point-in-time recovery capability.
- Audit logging of all data modifications.
5. Data Breach Notification
If we confirm a breach of security that leads to the unauthorized access, disclosure, or loss of your personal information or the data you hold in the Service, we will notify affected customers without undue delay — our target is within 72 hours of confirming the breach — and in any case as required by applicable law.
Our notice will describe, to the extent we know it at the time, what happened, the categories of data involved, the steps we are taking in response, and what you can do to protect yourself. We will send it to the email address on your account, so please keep that address current. If you are a donor or contact whose information was entered by a nonprofit that uses NP Ledger, that organization is the controller of your data; where a breach affects such data, we notify the organization and support it in meeting its own notification obligations.
6. Third-Party Services
We use the following third-party services that may process your data. Our complete, dated list of sub-processors — including their function and processing location — is published on our sub-processors page.
| Service | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Infrastructure and hosting | All application data |
| Stripe | Payment processing | Payment and billing information |
| Google Gemini | AI Help feature | Financial context for queries |
| AssemblyAI | Voice Entry speech-to-text | Audio recordings (not retained) |
| Mailgun | Transactional email | Email addresses and message content |
| Google Analytics 4 | Website usage measurement | Pageviews, conversion events, browser/device info (site-wide, only after you consent to analytics; GA4 does not log IP addresses by default) |
| Scalekit | OAuth authorization for AI agent connections | Login identity and access tokens (no financial records) |
| Teller | Bank-feed connectivity (optional; you connect your bank) | Bank transactions and account metadata for accounts you link |
| Cloudflare (Turnstile) | Bot and abuse protection on public forms | Visitor IP address and a challenge token |
| Connected AI assistants (e.g., Claude, ChatGPT) | Optional, user-initiated AI agent access | Financial data you direct the assistant to read or write, within your role's permissions |
8. Data Retention
We retain your data for as long as your account is active. You can delete your own account at any time from Account Settings, and an organization owner can permanently delete their organization and all of its data from the organization's settings. If you cancel your subscription, we keep your data for a while so you can still retrieve it, and we will delete or anonymize it on request — either from within the Service or by contacting us at support@70ware.com. Because NP Ledger is a fund-accounting system, posted accounting transactions cannot be erased outright (they are required for the integrity of the books and for tax purposes); to honor a deletion request we remove the personal details of the individual (such as a donor's name and contact information) while keeping the underlying ledger entry. Backup copies may persist for a short additional period in accordance with our backup retention policy before they age out.
9. Your Rights
You have the right to:
- Access your data at any time through the Service.
- Export your data using the built-in data export feature.
- Correct inaccurate information through account settings.
- Delete your account yourself in Account Settings, or request deletion or anonymization of your data (see Data Retention).
- Object to data processing.
You can exercise Access, Export, Correction, and account Deletion yourself inside the Service at any time. An organization can also export everything it holds about a specific donor or contact from within the Service. For anonymization of a specific person's details, to object to processing, or if you would rather we handle a request for you, email us at support@70ware.com and we will respond within a reasonable time. If you are a donor or contact whose information was entered by a nonprofit that uses NP Ledger, please contact that organization directly — it controls that data and we act on its instructions.
"Do Not Sell or Share" — not applicable. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. There is nothing to opt out of on that basis. We honor Global Privacy Control (GPC) signals for analytics cookies as described under Cookies.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you specific rights over your personal information. This section explains those rights and how to exercise them. It applies to personal information we handle as a business; for the donor and contact data a nonprofit records in the Service, that organization is the business and you should contact it directly.
Categories of personal information we collect
In the past 12 months we have collected the categories of personal information described in Information We Collect — including identifiers (such as name and email), account and organization details, commercial and financial records you enter, bank-feed data, payroll data, internet and network activity (server logs and analytics), and audio or image data you submit to the optional AI features. We collect these from you directly, from your use of the Service, and from providers you connect (such as Google OAuth or a bank feed). We use them for the purposes described in How We Use Your Information, and we disclose them to the service providers listed in Third-Party Services to run the Service.
Your rights
- Right to know — request the categories and specific pieces of personal information we have collected about you, the sources, the purpose, and the categories of third parties we disclosed it to.
- Right to delete — request that we delete personal information we collected from you, subject to legal exceptions (for example, records we must keep for tax or bookkeeping integrity, as described in Data Retention).
- Right to correct — request that we correct inaccurate personal information we hold about you.
- Right to opt out of sale or sharing — we do not sell your personal information and do not share it for cross-context behavioral advertising, so there is nothing to opt out of. We honor Global Privacy Control (GPC) signals for analytics cookies as described under Cookies.
- Right to limit use of sensitive personal information — we use the sensitive information we hold only to provide the Service you asked for and for the purposes CCPA permits without a right to limit; we do not use it to infer characteristics about you.
- Right to non-discrimination — we will not deny you service, charge you a different price, or give you a lesser experience for exercising any of these rights.
How to exercise your rights
You can exercise Access, Export, Correction, and account Deletion yourself inside the Service at any time (see Your Rights). Otherwise, email us at support@70ware.com and we will verify your request against the information on your account before acting on it. You may use an authorized agent to submit a request on your behalf; we may ask the agent for proof of your written permission and may ask you to verify your identity with us directly.
Appeals
If we decline your request, we will tell you why. You may appeal that decision by replying to our response or emailing support@70ware.com with the word "Appeal" in the subject line. We will review the appeal and respond within the time allowed by law.
11. Children's Privacy
The Service is not directed to individuals under 16. We do not knowingly collect information from children under 16. If we become aware that we have collected such information, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when changes were last made.
13. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at support@70ware.com.