Effective date: 13 September 2025
1.1. We care about your privacy and the security of your personal data. This Privacy Policy explains how CarLedger (“CarLedger”, “we”, “us”) processes your personal data and what rights you have.
1.2. This Policy applies when you use the carledger.io website and our Android/iOS apps (together, the “Platform”), visit our official social media accounts, or contact us via email, phone, or other electronic channels.
1.3. “Personal Data” means any information that can identify you directly or indirectly (e.g., name, email, IP address). “You” means a user of the Platform, a visitor to our social accounts, or a person communicating with us.
1.4. We comply with the EU GDPR (2016/679) and applicable national data protection laws.
1.5. By using the Platform or contacting us, you confirm you have read and understood this Policy.
1.6. Our Platform and social accounts may link to third-party sites; their privacy practices are governed by their own policies.
1.7. We may update this Policy; the latest version is always available on carledger.io.
1.8. Cookie details are provided in our separate Cookie Policy. We also provide specific notices for vehicle data processing and job candidates, where relevant.
2.1. Controller: CarLedger Ltd., a company organized under the laws of Finland, registered office in Oulu, Finland (“CarLedger”, “we”).
2.2. Contact for privacy matters: privacy@carledger.io
2.3. Data Protection Officer (if you wish to reach a dedicated contact): dpo@carledger.io
We process Personal Data for the purposes below; for each we indicate typical data, retention, and legal basis (GDPR Art. 6):
• Data: email, login method, encrypted password; optional name, phone, company/role.
• Retention: account lifetime + up to 7 years from last login.
• Legal basis: Contract (b); Legitimate interests (f); Consent (a) for optional fields.
• Data: amount, date, masked card data, payer email, IP; optional name/billing address.
• Retention: statutory finance laws, up to 10 years.
• Legal basis: Contract (b); Legal obligation (c).
• Data: VIN, plate, technical/registration, restrictions, theft checks, service info, mileage, damage records (including photos), inspections.
• Retention: typically 30 days from purchase (longer if saved in your account).
• Legal basis: Contract (b); Legitimate interests (f).
We send marketing only with your consent or, where allowed, to existing customers about similar services (opt-out anytime). Unsubscribing does not affect transactional/service emails.
When you interact with our social profiles, the social network and CarLedger may act as joint controllers. Your activity is also governed by each platform’s own policies.
We process data lawfully, fairly, and transparently, for specified purposes only, applying minimization, accuracy, storage limitation, integrity/confidentiality, and accountability.
You can access, rectify, erase, restrict, object, request portability, and withdraw consent anytime. You may also complain to your local authority. We respond within GDPR timelines.
We apply encryption, access controls, logging/monitoring, backups, and vendor due diligence proportionate to risks.
We use necessary cookies and, with consent, analytics/advertising cookies. For details see our Cookie Policy.
CarLedger Ltd., Oulu, Finland
Email: privacy@carledger.io
DPO: dpo@carledger.io
This Policy is effective as of 14 September 2025 and supersedes prior versions. Material changes will be highlighted on carledger.io.