Privacy Policy

This Privacy Policy describes how TronLedger ("we", "our", "us") collects, uses, stores, and shares information when you use the service available at tronledger.com (the "Service").

1. Information we collect

1.1 Information you provide

• Account: email address, password (stored as a salted hash), and optionally name and company.
• Google sign-in: if you sign in with Google, we receive your email, name, and profile picture URL from Google.
• Wallet data: the public TRON wallet addresses you add to your account, along with optional labels you assign to them.
• Support requests: messages you send us by email.

1.2 Information collected automatically

• Session data: authentication cookies, session identifiers, login timestamp, and IP address.
• Audit log: security-relevant events such as logins, password resets, and admin actions.
• Browser metadata: user agent string, used to help diagnose issues.

1.3 Information from third parties

• Lemon Squeezy: when you subscribe, we receive your subscription status, plan, renewal/expiration dates, and a customer identifier — but never your full card number.
• TRON public ledger: we read on-chain data (balances, transactions) for the wallet addresses you add. This data is already public on the TRON blockchain.

2. How we use information

We use the information we collect to:

• Provide, maintain, and secure the Service.
• Authenticate you and protect your account from unauthorized access.
• Display the wallet activity, balances, and reports you request.
• Send transactional emails (verification, password reset, subscription receipts, important account notices).
• Process subscription payments and manage trials, renewals, and cancellations through our payment processor.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

3. Legal basis (GDPR)

If you are in the European Economic Area, the United Kingdom, or another region with similar laws, our legal bases for processing are: (a) performance of a contract with you; (b) our legitimate interests in operating and securing the Service; (c) your consent where required (for example, optional cookies); and (d) compliance with legal obligations.

4. Sharing of information

We do not sell your personal information. We share information only with the service providers we need to run the Service:

• Cloudflare — hosting (Workers, D1, Pages), DDoS protection, and CDN.
• Lemon Squeezy — payment processing and subscription management. Lemon Squeezy is the merchant of record for purchases.
• Resend — sending transactional emails.
• Google — only if you choose to sign in with Google.
• TronGrid / TRON network nodes — to read on-chain data for the wallet addresses you add.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of users or the public.

5. Wallet data and the TRON blockchain

The wallet addresses you add to TronLedger are public addresses on the TRON blockchain. Anything visible on-chain is, by definition, public. TronLedger does not have access to your private keys or seed phrases, and you should never share them with us or anyone claiming to represent us.

We do not control on-chain data. If a wallet address has been associated with your identity outside the Service, that linkage may exist independently of TronLedger.

6. Cookies and similar technologies

We use a small number of strictly necessary cookies, primarily for authentication (the session cookie). We do not use third-party advertising or cross-site tracking cookies. Local browser storage is used to remember preferences such as the dashboard theme and a small cache.

7. Data retention

• Account data: retained for as long as your account is active.
• Audit logs: retained for up to 24 months for security and abuse-prevention purposes.
• Webhook events: retained for up to 90 days for replay protection and reconciliation.
• Backups: may persist for up to 30 days after deletion in encrypted form before being purged.

If you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (for example, tax records related to invoices).

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your account and personal data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@tronledger.com. We will respond within 30 days.

9. Security

We use industry-standard security measures including TLS for data in transit, password hashing with PBKDF2, HMAC-verified webhooks, secure session cookies (HttpOnly, Secure, SameSite=Lax), and least-privilege access controls. No system is perfectly secure, but we work hard to protect your data.

If you discover a security vulnerability, please report it to security@tronledger.com.

10. International data transfers

Our service providers operate globally, and your data may be processed in countries other than your own (including the United States and the European Union). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to protect your data in transit.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or through a prominent notice in the Service before the changes take effect. The "Last updated" date at the top of this page reflects the latest revision.

13. Contact

Questions or concerns about this Privacy Policy? Email privacy@tronledger.com.