Ledgenter Privacy Policy

Last updated: June 18, 2026 Effective date: June 18, 2026

This Privacy Policy explains how Apex Business Holdings LLC, doing business as Sentravision ("Sentravision," "we," "us," or "our"), collects, uses, shares, and protects information in connection with Ledgenter — our agent-native, multi-tenant work-management service made available at ledgenter.com, the product console at app.ledgenter.com, the documentation site at docs.ledgenter.com, and the related Ledgenter MCP server and command-line interface (together, the "Service").

This Policy is published at ledgenter.com/privacy. Please read it together with our Terms of Service (ledgenter.com/terms) and, where applicable, our Data Processing Addendum, or "DPA" (ledgenter.com/dpa). If you do not agree with this Policy, do not use the Service.

The Service is operated with substantial automation and AI. AI agent features process Customer Content to provide the Service, and customer support may be AI-assisted. See Section 6.

1. Who we are and how to contact us

The Service is operated by Apex Business Holdings LLC (d/b/a Sentravision), a United States limited liability company.

For any privacy question, request, or concern — including to exercise the rights described in Section 11, and including data-subject and CCPA requests — contact us at:

[email protected]

This address is the designated contact for legal, privacy, support, and data-subject / CCPA requests for the Service. A postal mailing address is available on request at the same address.

2. Scope of this Policy, and our two roles

Ledgenter handles two broad categories of information, and our role — and the document that governs that information — differs between them.

(a) Information we control. For account, authentication, billing, security, and product-analytics information, Sentravision acts as a data controller (or "business," under U.S. state privacy laws). We decide why and how that information is processed, for our own purposes of operating, securing, billing, and improving the Service. This Privacy Policy governs that information.

(b) Customer Content we process on your behalf. "Customer Content" means all data, text, files, and other materials that you or your actors submit to, store in, or generate within a workspace — including projects, tasks, task dependencies, decisions, knowledge notes, handoffs, comments, attachments, skills, code references, repositories, activity records, feature requests, and the vector embeddings derived from your knowledge and decision text. With respect to Customer Content, the customer organization is the controller and Sentravision acts as a processor (service provider) that handles the content only to provide the Service and on the customer's instructions. Our DPA, together with the Terms of Service, governs Customer Content. This Privacy Policy describes Customer Content at a high level so you understand what the Service stores, but it does not change the customer's role as controller of that content.

Activity records are dual-purpose. The activity log — the record of actions taken in a workspace — is treated consistently as follows: within a workspace it is Customer Content, which Sentravision handles as a processor on the customer's behalf; and Sentravision also processes activity records as a controller for security, audit, abuse-prevention, and billing purposes. The controller processing is governed by this Privacy Policy; the processor processing is governed by the DPA.

If you are an individual whose personal data appears inside a customer's Customer Content (for example, because a customer recorded your name in a task or note), the customer organization — not Sentravision — is the controller of that data. Please direct privacy requests about such data to that organization; we will support them as their processor.

3. Information we collect

3.1 Account and identity information

When a human creates or accesses a console account, we collect and store:

• Authentication identity — your email address and authentication credentials, managed through our authentication provider. If you sign in with Google or GitHub, we receive your basic identity information from that provider (such as your email address and a unique identifier) to create and link your account. Google and GitHub are sign-in options you choose; they are upstream identity providers, not subprocessors of your Customer Content.
• Workspace and membership records — the workspaces you create or belong to, and your role within them (owner, admin, or member).
• Actor records — records identifying the humans, AI agents, and service principals that operate in a workspace, including display names and roles.

3.2 API credentials

Each agent or programmatic actor authenticates with a per-actor API key. We store only a cryptographic hash (SHA-256) of each key — never the key itself in readable form — along with a short non-secret display prefix, the key's scopes and label, and a "last used" timestamp. The full key is shown to you only once, at the moment of creation; we cannot recover or redisplay it.

3.3 Customer Content

The Service stores the work your organization puts into it — the Customer Content defined in Section 2(b): projects (titles, descriptions), tasks (titles, bodies, labels, statuses, assignees) and task dependencies, decisions (context, options, rationale, and chosen outcome), knowledge notes (titles, bodies, tags), handoffs, comments, attachments, skills, code references, repositories, activity records, and feature requests. The Service may also generate vector embeddings of your knowledge-note and decision text to power semantic search within your own workspace.

Customer Content is free-form and controlled by the customer. It may contain personal data if the customer chooses to enter it. The customer is responsible for the lawfulness of the Customer Content it stores. See Section 2(b) and our DPA.

3.4 Usage and telemetry

To operate, secure, audit, and debug the Service, we process:

• Activity records — an audit log of actions taken in a workspace (the acting actor, the action, the affected object, a short summary, severity, status, run identifiers, and timestamps). As noted in Section 2, activity records are dual-purpose: they are Customer Content within a workspace, and we also process them as a controller for security, audit, abuse-prevention, and billing.
• Tool-call and access logs — records of MCP tool calls and API access, "last used" and "last seen" timestamps, and idempotency keys used to prevent duplicate operations.
• Rate-limit and abuse-prevention signals — information such as IP address and key identifiers used to enforce rate limits and detect abuse.

3.5 Payment identifiers

We use a third-party payment processor to handle all payments. We do not collect, store, transmit, or process your card number or other payment-instrument details. We store only billing identifiers and subscription state returned to us by the processor: the customer identifier, subscription identifier, price identifier, subscription status, current-period-end date, and whether the subscription is set to cancel at period end. See Section 7(b).

3.6 Cookies and analytics

The Service uses a small number of essential and analytics cookies in the console, and uses a US-hosted product-analytics provider to understand how the Service is used. See Section 5 for details, including how we honor opt-out preference signals.

3.7 Communications

If you contact [email protected] or otherwise communicate with us, we keep your messages and our responses so we can assist you and keep records. Please note that support and operations may be AI-assisted and processed by a third-party AI provider, as described in Section 6.

4. How and why we use information

We use the information we control for the following purposes:

• To provide the Service — to create and authenticate accounts, scope access to the correct workspaces, operate the console, and deliver the features you use.
• To process payments and manage subscriptions — to determine plan entitlements, process billing through our payment processor, and manage upgrades, downgrades, renewals, cancellations, and past-due status.
• To secure the Service — to authenticate agents and users, enforce tenant isolation, detect and prevent abuse, enforce rate limits, and maintain an audit trail.
• To support you — to respond to your requests and provide customer support.
• To maintain and improve the Service — to debug issues, understand activation and usage patterns, and improve features and reliability.
• To comply with law — to meet legal obligations, enforce our Terms, and protect our rights, our users, and the public.

We do not use Customer Content to train, fine-tune, or improve any machine-learning or AI models. See Section 6.

Where the law requires a legal basis for processing (for example, under the EU/UK GDPR), we rely on: performance of a contract (to provide the Service you request); our legitimate interests (to secure, maintain, and improve the Service and prevent abuse); compliance with legal obligations; and your consent where required (for example, for non-essential analytics cookies). We process Customer Content only on the customer's documented instructions, as set out in the DPA.

5. Cookies and similar technologies

This section is our cookie notice. The Service uses two kinds of cookies:

Essential cookies. The console uses a small set of essential cookies to keep you signed in (authentication and session cookies set by our authentication provider) and to remember which workspace you have selected. These are required for the Service to function and cannot be turned off through the Service.

Analytics cookies. We use a US-hosted product-analytics provider to understand activation and usage of the Service — for example, how users move from sign-up to creating their first project. This uses analytics cookies or similar technologies. Where required by law, we obtain consent for non-essential analytics cookies and provide a means to manage your choices (for example, a cookie banner or settings control).

Opt-out signals and no sale/share. Sentravision honors the Global Privacy Control (GPC) and other recognized opt-out preference signals. We do not sell your personal information and do not share it for cross-context behavioral advertising, and we do not place advertising or cross-site tracking cookies. Most browsers let you block or delete cookies; if you block essential cookies, parts of the console may not work.

6. AI and automated processing

Ledgenter is operated with substantial automation and AI. We want to be clear about how AI is involved.

• Your AI agents are primary users of the Service. AI agent features process Customer Content to provide the Service: AI agents connect through the MCP server and CLI using your credentials and create, read, and update your Customer Content. That processing is carried out with your own agent infrastructure; we provide the coordination layer and act as the processor for the resulting stored content.
• Semantic search uses a third-party AI provider. To enable search across your workspace, the text of knowledge notes and decisions may be sent to a third-party AI and embeddings provider to generate vector embeddings. This processing is performed server-side and degrades to non-AI search if it is unavailable. This provider is a subprocessor (see Section 7).
• Our operations and support may be AI-assisted. Sentravision operates the Service with substantial AI assistance, including for monitoring, billing oversight, and customer support. When you contact [email protected], your communications and related operational data may be processed by a third-party AI provider acting as a subprocessor (we identify it by category, not by name).

No training on your data. Sentravision does not use Customer Content to train, fine-tune, or improve any machine-learning or AI models, and we use AI providers under terms that do not train their models on data submitted through their APIs.

We do not use the Service to make decisions that produce legal or similarly significant effects about you without a human in the loop.

7. How we share information; subprocessors

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only as described here.

(a) Subprocessors. We use a limited number of trusted third-party service providers ("subprocessors") to operate the Service. We describe them by category and function only: hosting, payments, email, analytics, AI and embeddings, and CDN/DNS. These providers process information only to perform services for us, under contractual confidentiality and data-protection obligations. We do not name specific subprocessors in this Policy. A current list of our subprocessors is available on request — contact [email protected]. Where the DPA applies, additional terms govern our use of subprocessors, including advance notice of changes and a right to object. (The Google and GitHub sign-in options described in Section 3.1 are upstream identity providers you choose, not Customer-Content subprocessors.)

(b) Payment processor. Payments are handled entirely by a third-party payment processor that is responsible for the security of payment-instrument data and maintains PCI-DSS compliance. We receive only the billing identifiers and subscription state described in Section 3.5. We are not the merchant of record for card data and do not store card details.

(c) Legal and protective disclosures. We may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is reasonably necessary to enforce our Terms, prevent fraud or abuse, or protect the rights, safety, or property of Sentravision, our users, or others.

(d) Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy and applicable law.

8. International data transfers

We are based in the United States, and we store and process information in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, which may have data-protection laws that differ from those in your country. You are responsible for complying with applicable law if you choose to submit data that is subject to the laws of a jurisdiction outside the United States.

Where required by applicable law, we use appropriate safeguards for international transfers — such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or other lawful transfer mechanisms — in respect of personal data transferred from the European Economic Area, the United Kingdom, or Switzerland. Where the DPA applies to Customer Content, the transfer mechanisms in the DPA govern.

9. How we store and protect information

We use technical and organizational measures designed to protect information appropriate to its sensitivity. These include:

• Multi-tenant isolation. Customer data is segregated at the database level using Postgres row-level security. Every workspace's data is scoped to that workspace and isolation is enforced by database policies, so that, through the ordinary application paths, one customer's content is not commingled with another's.
• Least-privilege access. Application writes are performed only through controlled, access-checked database routines; agent and client systems do not hold database roles or our most privileged keys.
• Hashed credentials. API keys are stored only as cryptographic hashes (SHA-256), never in readable form.
• Encryption in transit. Traffic between clients and the Service is encrypted using TLS (HTTPS).
• Encryption at rest. Stored data, including backups, is encrypted at rest by our managed-infrastructure providers. We do not represent any specific cipher, standard, or certification beyond what those providers apply by default.
• Short-lived, scoped access tokens. Programmatic access uses short-lived, workspace-scoped tokens rather than long-lived database credentials.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We do not hold any security certification (such as SOC 2 or ISO 27001) and do not offer an uptime, availability, or disaster-recovery commitment. You are responsible for safeguarding your account credentials and API keys.

If you revoke an API key, access is cut promptly; however, because access tokens are short-lived, a revoked key may remain usable for up to fifteen (15) minutes until its current token expires.

Because the Service is an evolving product, we recommend that customers retain their own copies of important data using the export feature described in Section 12.

10. Data retention

Activity logs. Audit/activity records are retained for a period that depends on the workspace's plan and then automatically purged:

• Free plan: 90 days
• Pro plan: 365 days

Other plan tiers may have different activity-retention periods; the applicable period for your plan is reflected in the Service.

Customer Content. Projects, tasks, decisions, knowledge notes, and other Customer Content are retained until you delete them or delete the workspace. There is no automatic time-based deletion of Customer Content. Most content can be deleted by you within the Service; decisions are append-only and are superseded rather than deleted, by design.

Account and billing records. We retain account and billing-related information for as long as your account is active and for a reasonable period afterward as needed to meet legal, tax, accounting, security, and dispute-resolution requirements.

Backups. Information may persist in routine backups after deletion from the live Service, and is deleted as those backups age out on their normal retention cycle. See Section 12 for the deletion timeline.

11. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding personal data we control about you:

• Access — to know what personal data we hold about you.
• Portability — to receive a copy of your data in a portable format.
• Correction — to correct inaccurate or incomplete data.
• Deletion — to request deletion of your data.
• Objection / restriction — to object to or restrict certain processing.
• Withdraw consent — where we rely on consent, to withdraw it at any time (without affecting prior processing).
• Non-discrimination — we will not discriminate against you for exercising your privacy rights.

You can manage much of your information directly in the Service (see Section 12). To make any other request, email [email protected]. We will verify your request as required by law and respond within the timeframe the applicable law requires. You may also have the right to lodge a complaint with your local data-protection authority.

For Customer Content: if your personal data appears in a customer's workspace, the customer is the controller. Please direct access, correction, and deletion requests to that organization; we will assist them as their processor.

California residents: we do not sell your personal information and do not share it for cross-context behavioral advertising, and we honor the Global Privacy Control and other recognized opt-out preference signals. You may exercise the access, deletion, and correction rights described above, and you may use an authorized agent to do so, by contacting [email protected].

Account-holder duties

You are responsible for the accuracy of the information you provide. If you are a workspace owner or admin, you are responsible for managing the access of the actors and agents in your workspace.

12. Data export and deletion

The Service provides built-in tools that let you exercise portability and erasure rights yourself.

• Export. A workspace admin or owner can export the workspace's data as a single structured JSON document containing the workspace's user-facing records (including actors, memberships, projects, tasks, decisions, knowledge notes, work requests, comments, attachments, activity, skills, code references, repositories, and feature requests). The export is read-only and scoped to your own workspace.
• Deletion. A workspace owner can permanently delete an entire workspace. Deletion requires the owner to confirm by typing the workspace's identifier, operates only on the owner's own workspace, and permanently removes the workspace's data — including its records, API keys, memberships, actors, and billing state — from the live database. After deletion, all access to that workspace is cut.

Deletion timeline. On account or workspace deletion, Customer Content is removed from our live systems promptly and in any event within 30 days. Residual copies that remain in routine backups are purged within 30 days thereafter, as those backups age out on their normal retention cycle. We do not restore deleted data from backups except as part of a general disaster-recovery event. As noted in Section 9, a revoked API key may remain usable for up to fifteen (15) minutes until its current short-lived token expires.

If you need help exporting or deleting data, contact [email protected].

13. Eligibility and children's privacy

The Service is intended for business use by organizations and by individuals who are at least 18 years old. The Service is not directed to anyone under 18, and we do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us personal data, contact [email protected] and we will take appropriate steps to delete it. Customers are responsible for ensuring that any personal data they enter as Customer Content complies with applicable laws protecting minors.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (for example, by email or an in-product notice). Your continued use of the Service after an update takes effect means you accept the revised Policy.

15. Governing law and dispute resolution

This Policy and any dispute relating to it are governed by the laws of the State of Minnesota, USA, without regard to its conflict-of-laws rules.

Binding individual arbitration. Except for the carve-outs below, you and Sentravision agree that any dispute, claim, or controversy arising out of or relating to this Policy or the Service will be resolved by binding individual arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, seated in Minnesota. Judgment on the award may be entered in any court of competent jurisdiction.

Class-action and jury-trial waivers. You and Sentravision agree that each may bring claims against the other only in an individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding. You and Sentravision each waive any right to a jury trial.

Small-claims carve-out. Either party may bring an individual claim in small-claims court instead of arbitration if the claim qualifies.

Injunctive-relief carve-out. Either party may seek injunctive or other equitable relief in court for matters relating to intellectual property or confidentiality.

30-day opt-out. You may opt out of this arbitration agreement by emailing [email protected] within 30 days of first accepting this Policy. If you opt out, the venue provision below governs your disputes.

Venue for non-arbitrable matters. For any matter not subject to arbitration, the exclusive venue is the state courts of Hennepin County, Minnesota and the U.S. District Court for the District of Minnesota, and you and Sentravision consent to the personal jurisdiction of those courts.

Nothing in this section deprives you of any mandatory consumer-protection right, or of any right to bring a matter before a competent authority, that cannot be waived under the law of your place of residence.

16. Contact us

Questions, requests, or complaints about this Policy or your personal data:

Apex Business Holdings LLC (d/b/a Sentravision) Email: [email protected] A postal mailing address is available on request.

Ledgenter is a product of Apex Business Holdings LLC (d/b/a Sentravision).