If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), to opt out of the sale or sharing of your personal information, and to exercise additional rights described in our Privacy Policy. Use the options below to submit a request. We will respond within the time required by law (generally 45 days).
This toggles the cookie-level “sale or sharing” setting in your browser. It applies to this device only.
For requests that go beyond cookies (right to know, delete, correct, opt out across our records), use the form below or email [email protected]. We may need to verify your identity before fulfilling the request.
You may use an authorized agent to submit requests on your behalf. We will require written proof of authorization and may require you to verify your identity directly with us. Email [email protected].
This page is required under California law (CCPA/CPRA) and is provided in good faith. See our Privacy Policy for the full description of practices and rights.
Every privacy request that reaches Ledgee runs through a fixed pipeline before any action is taken. The first step is identity verification. We match the email address on the request against the account record, and for sensitive actions like deletion or data export we require confirmation from a link sent to that address. If the request comes from an authorized agent, we ask for written permission signed by the account holder plus verification of the agent's own identity. Requests that fail verification are held for 45 days, during which the requester can supply additional information, and are then closed.
Once verification clears, the request enters the response queue. Statutory deadlines drive the schedule: 45 days for CCPA and CPRA requests, 30 days for GDPR requests, and 45 days for most other US state privacy laws. We confirm receipt within 10 business days and provide a reference number that can be used to check status. If a request is unusually complex, we may extend the timeline by an additional 45 days and will notify the requester in writing before the original deadline lapses, with the specific reason for the extension stated.
The response itself depends on the request type. Access requests return a structured export covering account data, transaction history tied to the account, support correspondence, and any inferences drawn from usage. Deletion requests trigger removal from production systems within 30 days and from backups on the next scheduled rotation, typically within 90 days. Correction requests update the record and propagate the change to downstream systems on the next sync. Opt-out requests for sale or sharing of personal information take effect within 15 business days and are recorded against the account permanently.
If a request is denied, the response will state the legal basis for denial, the specific exception invoked, and the process for appeal. Common grounds for denial include unverifiable identity, requests for information held under a separate legal obligation such as tax records, and requests that would compromise the privacy of another person. Appeals are reviewed by a different team than the original decision and are resolved within 45 days. After exhausting the appeal process, requesters retain the right to file a complaint with their state attorney general or supervisory authority.