This policy describes how ToLedger collects, processes, and protects data.
We may collect identity information, business data, financial transactions, billing details, and technical usage data.
Processing is based on contractual necessity and compliance with applicable GCC regulations.
We implement encryption, role-based access control, monitoring, and secure infrastructure practices.
Data is retained while accounts remain active and as required by law.
Users may request access, correction, or deletion subject to legal obligations.
Enterprise customers may request Data Processing Agreements (DPA) and custom security documentation.