Privacy & Cookie Policy
Last updated: 6 July 2026
This policy is in two parts. Part 1 (Privacy Policy) explains how LedgerBee handles personal data. Part 2 (Cookie Policy) explains how we use cookies and similar technologies on our website. Both are issued by LedgerBee Technologies A/S and share the contact details at the end of Part 1.
Part 1 - Privacy Policy
At LedgerBee, we value your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how LedgerBee Technologies A/S ("LedgerBee", "we", "us") collects, uses, stores and protects personal data when you visit our website or use our services, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (databeskyttelsesloven).
1. Who we are and our role
Data controller for this website and our own business contacts: LedgerBee Technologies A/S, CVR 36958723 (VAT DK36958723), Edison Park 4, st., DK-6715 Esbjerg N, Denmark. Email info@ledgerbee.com, tel. +45 92 82 25 25.
When you use the LedgerBee platform, you (our customer) are the data controller for the personal data you enter, and LedgerBee acts as your data processor under our Data Processing Agreement (DPA) at ledgerbee.com/data-processing-agreement. This Privacy Policy governs the data for which LedgerBee is itself the controller (website visitors, account administrators, prospects and business contacts).
Data Protection Officer / contact: privacy matters can be raised with our Privacy Team at info@ledgerbee.com. We keep under review whether a Data Protection Officer is mandatory under Article 37 GDPR given the scale of payroll/CPR processing carried out on behalf of customers; our current assessment and any appointment are documented and available to the supervisory authority on request.
2. Personal data we collect
Account & identity data: name, email address and a single sign-on identifier when you sign in with Microsoft or Google SSO; we use this to verify your identity, create and manage your account and communicate with you about your subscription.
Usage & device data: how you interact with our website and app, IP address, browser/device information and cookie identifiers (see section 4).
Customer content: data you enter into the platform about your own employees, job applicants, customers and suppliers — processed on your behalf under the DPA, not for our own purposes.
Business-contact data: details of prospects and contacts for sales, support and marketing.
Where the data comes from. We collect most data directly from you. Some we receive from others — for example, an employer enters its employees' payroll data, and a customer enters contact details for its own customers and suppliers. Where LedgerBee processes such data on a customer's behalf, that customer is the controller.
3. Purposes and legal bases
We process personal data for the purposes and on the legal bases set out below (Article 6 GDPR):
| Purpose | Data used | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Provide and maintain the LedgerBee platform and Advisor services | Account, usage and content data | Performance of a contract — Art. 6(1)(b) |
| Authenticate you via Microsoft or Google SSO | Name, email, SSO identifier | Performance of a contract — Art. 6(1)(b) |
| Process customer/employee data on a customer's behalf | Data described in Annex A of the DPA | We act as processor; the legal basis is the customer's (Art. 28) |
| Provide customer support | Contact details and ticket content | Contract — Art. 6(1)(b); legitimate interests — Art. 6(1)(f) |
| Send marketing to business contacts | Name, email, company | Consent — Art. 6(1)(a), or legitimate interests — Art. 6(1)(f); opt out any time |
| Website analytics and non-essential cookies | Device, usage and cookie identifiers | Consent — Art. 6(1)(a) (Danish Cookie Order) |
| Improve our services and our own AI models | Anonymised, aggregated data only | Customer content is anonymised on the customer's documented instruction (Annex D of the DPA); once effectively anonymised, it is no longer personal data and the GDPR no longer applies. For our own website and usage data: legitimate interests — Art. 6(1)(f) |
| Comply with accounting, tax and other legal duties | Transaction and account data | Legal obligation — Art. 6(1)(c) |
| Secure the service, prevent fraud, establish or defend legal claims | As necessary | Legitimate interests — Art. 6(1)(f) |
Electronic marketing to business contacts is sent in line with section 10 of the Danish Marketing Practices Act (markedsføringsloven); you can opt out at any time via the unsubscribe link or by contacting us.
4. Cookies and tracking
We use cookies and similar technologies on our website. Non-essential cookies (analytics and marketing) are set only after you give consent through our cookie banner, which lets you accept or reject each category and withdraw consent at any time. Full details — including each cookie, its provider, purpose and retention — are set out in Part 2 (Cookie Policy) below.
5. Artificial intelligence (Hivey)
Our AI features (the Hivey layer — auto-booking and HiveyChat — and AI agents over our MCP interface) run entirely within the EU/EEA, using Microsoft Azure OpenAI Service (EU) and Amazon Bedrock (EU) as our sub-processors. These platforms host the models on our behalf; the model developers (for example OpenAI and Anthropic) do not receive your data and do not use your inputs or outputs to train their models. We may use anonymised, aggregated data that does not identify anyone to improve our own service and our own AI models — see Section 7 of our Terms and Annex D of the DPA for how this works; we will never use your identifiable data to train third-party models without your consent. The AI sub-processors are listed in Annex B of the DPA.
To keep the service secure, our AI hosting sub-processors may retain prompts and outputs for a short period (up to 30 days at Microsoft) solely to detect and prevent misuse; this data is reviewed only for abuse, is kept in the EEA for EEA resources, and is never used to train models.
No solely-automated decisions. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Hivey produces suggestions (for example, a proposed bookkeeping entry); a human reviews and decides. You can ask us to provide human review of, or to contest, any automated suggestion that affects you.
6. Sharing and disclosure
We do not sell or rent your personal data. We share it only with: (i) the sub-processors that help us run the service, each bound by a data-processing contract and listed in Annex B of our DPA (ledgerbee.com/data-processing-agreement); (ii) authorities where required by law; and (iii) a successor entity in the event of a merger, acquisition or asset sale, in which case we will notify you.
7. International transfers
Our application data and AI processing are hosted within the EU/EEA. A small number of sub-processors have parent companies outside the EU/EEA (e.g. for support access); such transfers are protected by the EU-US Data Privacy Framework or, where applicable, the EU Standard Contractual Clauses with appropriate supplementary measures. The transfer basis for each sub-processor is stated in Annex B of the DPA.
8. Data security
We use industry-standard measures to protect personal data, including AES-256 encryption at rest, TLS 1.2+ in transit, role-based access control with two-factor authentication, continuous monitoring, quarterly vulnerability scans and annual penetration tests. Access is limited to authorised personnel bound by confidentiality. No method of transmission or storage is completely secure, but we regularly review our technical and organisational measures to comply with the GDPR and the Danish Data Protection Act.
9. Data retention
Where LedgerBee processes accounting and payroll data, the Danish Bookkeeping Act requires retention for five years from the end of the relevant financial year; we retain such data for this statutory period plus four weeks, after which it is securely deleted or anonymised. Account and website/marketing data is kept only as long as necessary for the purpose for which it was collected (for example, marketing data until you opt out, and support records for a reasonable period afterwards). On termination, customer data is available for export and deleted within the periods set out in the DPA and our Terms.
10. Your rights
Depending on your circumstances, you have the right to: access your data; have it corrected; have it deleted; restrict or object to processing; data portability; and withdraw consent at any time. To exercise these rights, contact info@ledgerbee.com.
Right to complain. If you believe we have not handled your personal data lawfully, you may lodge a complaint with the Danish supervisory authority: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark — dt@datatilsynet.dk, tel. +45 33 19 32 00, www.datatilsynet.dk. You may also complain to the supervisory authority in your own EU/EEA country of residence.
11. CPR numbers
Where our payroll features process Danish CPR (personal identification) numbers on a customer's behalf, this is done solely for payroll and statutory reporting, under § 11 of the Danish Data Protection Act, and is subject to the heightened security measures in our DPA. The customer (employer) is the controller for this processing.
12. Children's privacy
Our services are intended for businesses and are not directed at individuals under 16. We do not knowingly collect personal data from children. If we learn that we have, we will delete it.
13. Third-party links
Our website may link to third-party sites. We are not responsible for their privacy practices and encourage you to read their policies.
14. Changes to this policy
We may update this Privacy Policy from time to time. Changes are posted here with a new "last updated" date, and we will notify you before material changes take effect.
15. Contact us
LedgerBee Technologies A/S — Privacy Team, Edison Park 4, st., DK-6715 Esbjerg N, Denmark. Email info@ledgerbee.com · tel. +45 92 82 25 25.
Part 2 - Cookie Policy
This Cookie Policy explains how LedgerBee Technologies A/S ("LedgerBee") uses cookies and similar technologies on ledgerbee.com, and how you can control them. It supplements our Privacy Policy (ledgerbee.com/privacy-policy).
1. What cookies are
Cookies are small text files placed on your device when you visit a website. They let the site function, remember your preferences and help us understand how the site is used. Similar technologies (pixels, local storage, tags) are covered by this policy too.
2. Your consent
Under the Danish Cookie Order (implementing the ePrivacy Directive) and the GDPR, we set non-essential cookies (functional, analytics and marketing) only after you give consent. When you first visit, our consent banner lets you:
- accept or reject each category of cookies, with "Reject all" as easy to choose as "Accept all";
- change or withdraw your consent at any time via the "Cookie settings" link in the website footer; and
- see this policy before deciding.
Strictly necessary cookies do not require consent because the site cannot function without them. We log consent records so we can demonstrate compliance.
3. Categories of cookies we use
- Strictly necessary — required for the site and login to work (security, load balancing, consent storage).
- Functional — remember preferences such as language.
- Analytics — help us measure and improve site performance (set only with consent).
- Marketing — used to deliver and measure relevant advertising (set only with consent).
4. Cookies on our website
The table below is indicative. Because the live list changes, the authoritative, always-current inventory is generated by our consent-management platform and shown in the "Cookie settings" panel.
| Cookie / provider | Purpose | Category | Retention |
|---|---|---|---|
| Consent record / LedgerBee (CMP) | Stores your cookie choices | Strictly necessary | Up to 12 months |
| Container GTM-MNMBWGMP / Google Tag Manager | Loads other tags — only fires non-essential tags after consent | Strictly necessary (manager) | Session |
| _ga, ga* / Google Analytics | Distinguish users and measure traffic | Analytics | Up to 24 months |
| _gid / Google Analytics | Distinguish users | Analytics | 24 hours |
| __hstc, hubspotutk, __hssc, __hssrc / HubSpot | Visitor identification for forms, chat and visit analytics | Analytics / Marketing | Session to 13 months |
| __cf_bm / Cloudflare | Distinguish humans from bots | Strictly necessary | 30 minutes |
| li_sugr, bcookie / LinkedIn (if Insight Tag used) | Advertising conversion and retargeting | Marketing | Up to 24 months |
5. Managing cookies
You can change your choices any time via "Cookie settings" in the footer. You can also block or delete cookies in your browser settings, though some features may then not work. Browser controls alone are not a substitute for the consent choices above.
6. Changes and contact
We may update this Cookie Policy from time to time. Questions can be sent to info@ledgerbee.com. LedgerBee Technologies A/S, Edison Park 4, st., DK-6715 Esbjerg N, Denmark.