Privacy Policy
Effective date: 25 April 2026 Version: 1.0
1. Who we are
Ledger Vault ("Ledger Vault", "we", "us", "our") is operated by Trinity (NZ) Limited, a New Zealand company.
| Legal name | Trinity (NZ) Limited |
| NZBN | 9429049276305 |
| Registered office | 48 Greys Avenue, Auckland Central, Auckland 1010, New Zealand |
| Service URL | https://ledgervault.co.nz |
| Contact for privacy queries | [email protected] |
Trinity (NZ) Limited is the agency responsible for personal information collected and held through Ledger Vault for the purposes of the Privacy Act 2020. Privacy queries, requests under Information Privacy Principles 6 and 7, and complaints can be sent to [email protected] and will be handled by our Privacy Officer.
2. Scope of this policy
This Privacy Policy describes how we handle personal information when you use Ledger Vault to authenticate with Xero, generate exports of accounting data from a Xero organisation, and download those exports. It is written to comply with the New Zealand Privacy Act 2020 and the thirteen Information Privacy Principles ("IPPs").
Ledger Vault is offered to businesses and sole traders located in New Zealand. It is not directed at consumers acquiring goods or services for personal use, and is not directed at people under the age of 18.
3. What information we collect
3.1 Information you provide via Xero (IPP 1, 2)
When you sign in with Xero, Xero shares the following information with us via OpenID Connect and the Xero API, with your authorisation:
- Your Xero user ID, name and email address (from the Xero ID token).
- The Xero organisation(s) you authorise us to access, including the organisation name and Xero tenant ID.
- Encrypted OAuth access and refresh tokens issued by Xero.
When you generate an export, we read the following data from the Xero organisation you have connected, using the OAuth scopes offline_access openid profile email accounting.settings.read accounting.reports.trialbalance.read:
- Organisation profile information, including legal/trading name, financial-year-end, country and tax registration number.
- Chart of accounts: account code, name, type, tax type, description, and bank account details where present.
- Trial balance figures: account codes, debit and credit balances, and year-to-date figures as at the date you select.
3.2 Information your browser and device send
- IP address, user agent and approximate location derived from IP, recorded in our session and audit logs.
- A Laravel session cookie and a CSRF token cookie, both strictly necessary for the service to function.
3.3 Product analytics and error tracking
- Anonymised page views and feature-usage events captured by PostHog and Google Analytics.
- Exception payloads captured by Sentry when something goes wrong, which may include your user ID, the URL you were on, and a stack trace. We configure Sentry to scrub request bodies and headers that may contain credentials.
3.4 Audit logs
We keep an audit log of significant actions taken on your account (sign-in, organisation connection, export creation, organisation disconnection). Audit logs intentionally exclude OAuth tokens.
4. How we use your information (IPP 1, 10)
We use your information solely to:
- authenticate you via Xero;
- generate, deliver and (briefly) store the export files you request;
- operate, secure, monitor and troubleshoot Ledger Vault; and
- comply with our legal obligations.
We will not use your information, or any data obtained from the Xero API, to train or contribute to the development of any artificial-intelligence or machine-learning model. This restriction reflects clause 3 of the Xero Developer Platform Terms and Conditions effective 2 March 2026.
We do not sell your personal information, and we do not use your information for marketing.
5. Cookies and analytics
| Cookie / pixel | Purpose | Type |
|---|---|---|
ledger_vault_session |
Server-side session identifier (Laravel) | Strictly necessary |
XSRF-TOKEN |
Cross-site request forgery protection | Strictly necessary |
| PostHog cookies | Product analytics (anonymous events) | Analytics |
Google Analytics cookies (_ga, _ga_*) |
Aggregate web analytics | Analytics |
You can opt out of PostHog and Google Analytics by enabling Do Not Track in your browser, by using browser extensions that block these vendors, or by emailing [email protected] to request a server-side opt-out flag on your account.
6. Who we share your information with (IPP 11)
We share information with the third parties listed below, each of whom acts as a sub-processor and is bound by appropriate confidentiality and data-protection obligations:
| Sub-processor | Purpose | Country |
|---|---|---|
| Xero Limited | Authentication and source data | New Zealand / Australia |
| Amazon Web Services, Inc. (via Laravel Cloud) | Application hosting and PostgreSQL database | Australia (ap-southeast-2 / Sydney) |
| Amazon Web Services, Inc. (S3) | Encrypted storage of generated export files | Australia (ap-southeast-2 / Sydney) |
| Functional Software, Inc. (Sentry) | Error tracking | United States |
| PostHog, Inc. | Product analytics | United States |
| Google LLC (Google Analytics) | Aggregate web analytics | United States |
| Sinch / Mailgun Technologies, Inc. | Transactional email delivery | United States |
We may also disclose information where required by New Zealand law, in response to a lawful request from a regulator or court, or where necessary to protect the rights, property or safety of Ledger Vault, our users or others.
7. Cross-border transfer of information (IPP 12)
Hosting and primary data storage occur in Australia (AWS Sydney). Australia is recognised as having privacy laws comparable to New Zealand for the purposes of IPP 12.
The sub-processors marked "United States" above will receive limited information (error reports, analytics events, and email delivery metadata) in the United States. We rely on contractual data-protection obligations with these vendors, including the EU Standard Contractual Clauses where applicable, to provide comparable protection to that required under the Privacy Act 2020.
8. How we store and secure your information (IPP 5)
- All traffic between your browser and Ledger Vault is encrypted with TLS.
- The PostgreSQL database is operated by Laravel Cloud on AWS in Sydney with encryption at rest.
- Xero OAuth access and refresh tokens are encrypted at rest using Laravel's application-key encryption and are excluded from our audit logs.
- We do not store Xero passwords. Authentication is delegated to Xero via OAuth 2.0 with OpenID Connect.
- Access to production systems is restricted to authorised personnel of Trinity (NZ) Limited and is protected by multi-factor authentication.
No system is perfectly secure. If we become aware of a privacy breach that has caused, or is likely to cause, serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required by Part 6 of the Privacy Act 2020.
9. How long we keep your information (IPP 9)
Ledger Vault is designed as a low-retention export tool. Our retention principles are:
- Active connection: while you have at least one connected Xero organisation, we retain your account, your encrypted OAuth tokens, and the metadata of any exports you have generated.
- On disconnection: when you disconnect your last Xero organisation from Ledger Vault, we delete your user record, your
XeroConnectionrecords, your export records, the corresponding export files in S3, your audit log entries, and clear your Sentry user context. - Cached Xero data: chart-of-accounts and trial-balance figures fetched from Xero are written into the export file you download and are not retained in our database after the export is delivered.
- Server logs: web-server access logs are retained for up to 30 days for security and operational purposes.
If a legal obligation (for example, a regulator's request) requires us to retain data for longer, we will retain only the minimum necessary for the period required.
10. Your rights (IPP 6, 7)
Under the Privacy Act 2020 you have the right to:
- request access to the personal information we hold about you;
- request correction of personal information you believe is inaccurate; and
- ask us to attach a statement of correction if we decline to make the correction.
To exercise these rights, email [email protected] from the address registered on your Xero account. We will respond as soon as reasonably practicable and within 20 working days, as required by sections 40 and 41 of the Privacy Act 2020.
You also have the right to disconnect Xero at any time from the Ledger Vault dashboard. Disconnection triggers the deletion described in clause 9.
11. Communications
We will only contact you with transactional messages directly related to your use of the service, for example: a notification that an export is ready, a security or account alert, or notice of a material change to this policy or our Terms of Service. We do not send marketing emails.
12. Children
Ledger Vault is intended for use by businesses and sole traders. It is not directed at people under the age of 18 and we do not knowingly collect information from minors.
13. Geographic availability
Ledger Vault is offered to users in New Zealand. We may decline to provide the service to anyone outside New Zealand.
14. Complaints
If you believe we have not handled your personal information in accordance with the Privacy Act 2020, please contact us first at [email protected] so we can investigate. If you are not satisfied with our response, you may make a complaint to the Office of the Privacy Commissioner at https://www.privacy.org.nz.
15. Changes to this policy
We may update this Privacy Policy from time to time. If a change is material, we will notify you by email and display an in-app notice at least 14 days before the change takes effect. The current version, version number and effective date will always be visible at the top of this page.
16. Contact
Questions about this Privacy Policy or our handling of your personal information can be sent to:
Privacy Officer Trinity (NZ) Limited 48 Greys Avenue, Auckland Central, Auckland 1010, New Zealand [email protected]