Privacy policy

Last updated: April 22, 2026

This policy explains how Sleepless Software Inc. (“Sleepless Software”, “we”, “us”) processes personal data when you use the WeeLedge website and software service (together, the “Service”). If you are in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), the Your rights (EEA, UK, and Switzerland) section describes rights you have under the General Data Protection Regulation (“GDPR”) and similar laws.

1. Who is responsible

The data controller for personal data collected through the Service is Sleepless Software Inc. You can reach us for privacy matters using the same support channels described on the WeeLedge website or inside the Service. We have not appointed a Data Protection Officer under Article 37 GDPR; contact us as above for any privacy request.

2. What we collect

• Account data. Username and credentials you provide when you register or sign in.
• Bookkeeping content. Data you enter, such as clients, invoices, ledger entries, categories, company settings, uploaded logos, and similar records needed to run your books.
• Technical and security data. IP address, request metadata, authentication events, and related logs used to operate and protect the Service.
• Payment-related data. If you use Stripe-powered features (for example paying an invoice through Stripe Checkout), Stripe processes payment information as described in Processors.

3. Why we use data (purposes and legal bases)

We process personal data for the following purposes. Depending on where you live, the legal basis under GDPR may include:

• Providing the Service (GDPR Article 6(1)(b), performance of a contract): hosting your account, storing your entries, generating invoices and reports, authentication, and support.
• Security and abuse prevention (Article 6(1)(f), legitimate interests): detecting fraud, enforcing rate limits, and protecting accounts and infrastructure.
• Legal compliance (Article 6(1)(c)): responding to lawful requests and meeting retention obligations where applicable.
• Optional analytics or similar technologies (Article 6(1)(a), consent): we only enable non-essential cookies or similar tools on the marketing site after you choose “Accept” in the cookie dialog. You can change your mind at any time using Cookie preferences in the site footer.

We do not sell your personal data and we do not use automated decision-making that produces legal or similarly significant effects solely by automated means.

4. Processors and service providers

We use subprocessors to host and operate the Service. For example, payment flows may be handled by Stripe, Inc. and its affiliates when Stripe features are enabled. Those providers process data under their own agreements and privacy policies, only as needed to provide their services to us.

5. International transfers

We are based in the United States and may process and store data there or in other countries where we or our providers operate. If we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the relevant authority, we rely on appropriate safeguards where required, such as the EU Standard Contractual Clauses or equivalent mechanisms offered by our providers.

6. Retention

We keep account and bookkeeping data while your account exists and for a reasonable period afterward to recover from accidental deletion, resolve disputes, and meet legal requirements. Session authentication data is kept only for the lifetime of the active session (see Cookies and local storage). Server logs are retained for a limited period for security and diagnostics.

7. Security

We implement technical and organizational measures appropriate to the risk, including access controls and encrypted transport where applicable. No online service can guarantee perfect security.

8. Your rights (EEA, UK, and Switzerland)

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data;
• Erase data (“right to be forgotten”) in certain cases;
• Restrict processing in certain cases;
• Data portability, receiving structured, commonly used data you provided where processing is based on consent or contract and is automated;
• Object to processing based on legitimate interests;
• Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal;
• Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of an alleged infringement.

To exercise these rights, contact us as described in section 1. We may need to verify your identity before responding.

9. California and other U.S. state privacy rights

Depending on your state of residence, you may have additional rights regarding personal information, such as access, deletion, and opt-out of certain types of sharing. We do not “sell” or “share” personal information as those terms are commonly defined in state privacy laws. You may contact us to exercise rights available to you.

10. Children

The Service is not directed at children under 16, and we do not knowingly collect personal information from children.

11. Cookies and local storage

• weeledge_session (HTTP cookie, first party). Set when you sign in or use authenticated features. Used only to keep you logged in. HttpOnly, SameSite=Lax, scoped to our site; in production it is marked Secure. Max age matches your session lifetime on the server. This cookie is strictly necessary for the Service and is not gated behind marketing-site consent.
• weeledge_gdpr_consent (browser localStorage on the marketing site). Stores whether you accepted or rejected optional cookies on our public pages. No personal profile is derived from this value. You can clear or change it using Cookie preferences in the footer, which reopens the consent dialog.

We self-host fonts so that visiting our pages does not send your IP address to a third-party font provider for typography.

12. Changes

We may update this policy from time to time. We will post the new version on this page and change the “Last updated” date.

13. Contact

For privacy questions or requests, contact Sleepless Software Inc. through the support channels listed on the WeeLedge website or in the Service. Our Terms of service also apply to your use of the Service.