Cookie Policy
Last updated: April 2026 (10 April 2026)
Template pending legal review
This document is an engineering-prepared template published for transparency. It has not yet been reviewed by external legal counsel and should not be relied on as legal advice.
1. What Are Cookies
Cookies are small text files a website stores on your device when you
visit. They let a site remember things between page loads — most
commonly, whether you are logged in. Some related technologies (such as
localStorage
and sessionStorage)
are not technically cookies but play a similar role; this policy covers
them too.
Ledger uses a minimal set of cookies and storage keys. We do not use any advertising or marketing cookies, and we do not load third-party analytics scripts on the landing site or in the application.
2. Cookies We Use
| Name | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
| ledger_session | Ledger (app) | Keeps you logged in. HttpOnly, Secure, SameSite=Lax. | Essential | Until logout, or 30 days of inactivity |
| ledger_csrf | Ledger (app) | CSRF protection token for form submissions. | Essential | Session |
| ledger_cookie_consent | Ledger (landing) |
Remembers that you dismissed the cookie banner. Stored in
localStorage,
not an HTTP cookie.
| Essential | 12 months |
| __cf_bm | Cloudflare | Bot management and DDoS protection. | Essential | 30 minutes |
| Sentry error context | Sentry | Attaches an anonymous session id to error reports so duplicates can be de-duped. | Essential | Session |
We do not currently set any non-essential cookies. If that ever changes (for example, if we add product analytics), we will gate those cookies behind the consent banner and update this table before they are set.
3. Types of Cookies
Essential cookies
These cookies are required for the Service to function. They handle authentication, CSRF protection, and bot protection. Without them you could not log in or safely submit forms. Essential cookies cannot be disabled through our consent banner, but you can still block them in your browser settings at the cost of being unable to use the Service.
Performance / analytics cookies
We do not currently use any. We do not run Google Analytics, Plausible, Mixpanel, Segment, or any other product-analytics SDK on the landing site or in the application.
Advertising / marketing cookies
We do not currently use any. We do not run ad pixels, retargeting, or any third-party tracker.
4. Third-Party Cookies
Cloudflare may set the __cf_bm
cookie for bot management and security when traffic passes through its
edge. Sentry may attach an anonymous session identifier to error reports.
Neither is used for cross-site tracking or advertising. We do not allow
any third-party advertising or tracking cookies on our website or in the
application.
5. How to Manage Cookies
Most web browsers let you manage cookies through their settings. You can typically:
- View the cookies stored on your device
- Delete individual cookies or clear all cookies
- Block cookies from specific sites
- Block all third-party cookies
You can also clear our cookie-banner preference by clearing
localStorage
for this site, which will cause the banner to reappear on your next
visit. Note that disabling essential cookies will prevent you from
logging in to the Ledger application.
6. Changes to This Policy
If we add new types of cookies or change how we use existing ones, we will update this page and revise the "Last updated" date. If we introduce non-essential cookies that require consent, we will implement a working consent gate before doing so — not after.
7. Contact
Questions about our use of cookies? Email [email protected] or, for general support, [email protected].