Privacy Policy | Transit Ledger

1. Introduction

At Eagna-Smart Solutions, Inc. (operating as "Transit Ledger"), we are committed to protecting your privacy and securing your business data. This Privacy Policy describes how the Transit Ledger Gmail & Drive Workspace Add-on and its associated serverless platform collect, process, and protect your information.

2. Data Access & Processing (Google OAuth Scopes)

Transit Ledger strictly requests the minimum necessary permissions required to process your financial documents:

Gmail Read-Only Access (gmail.readonly): Used solely to extract receipt/invoice attachments from emails you explicitly select. We do not read, cache, or store your general email contents.
Drive Access (drive.file / drive.readonly): Used to automatically save categorized PDF/image files and organize them into folders on your behalf.
Spreadsheet Access (spreadsheets): Used to write categorized receipt data (vendor, amounts, taxes, currencies) directly into your designated Google Sheet.

Transit Ledger's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. How Your Data is Used & Transmitted

All file processing is strictly serverless and transient:

When you submit an invoice or receipt, it is transmitted securely via HTTPS to our AWS API Gateway.
The file is temporarily held in a transient AWS S3 bucket with an automatic 24-hour expiration policy.
Optical Character Recognition (OCR): Document text extraction is processed securely using Amazon Textract or Google Cloud AI services entirely transiently.
AI Categorization: Tabular financial data is structured and categorized transiently utilizing Google Cloud AI services.
Data Protection Commitment: All cloud data processing is performed strictly within enterprise-grade, paid service boundaries. In compliance with AWS and Google Cloud enterprise privacy agreements, your business documents, financial records, and processing prompts are kept strictly confidential, are processed in complete isolation, are never stored beyond the transient execution window, and are never utilized to train public or proprietary machine learning models.
Strict Data Retention Boundaries: Extracted tabular financial data is written directly into your designated Google Sheet. Transit Ledger does not maintain a permanent database of your processed transaction records. Transient files are managed under strict, automated AWS lifecycle expiration rules: raw incoming email streams are automatically deleted after 7 days, and uploaded receipt/invoice documents are permanently deleted after 24 hours. We do not sell, rent, or monetize your business data under any circumstances.
System Operational Logs: Safe, high-level operational metadata (such as transaction counts, user emails, and filenames, but never the text contents or extracted totals of the financial documents themselves) are temporarily retained in secure AWS CloudWatch logs for a maximum of 60 days to support platform stability, error troubleshooting, and billing usage audits, after which they are automatically and permanently purged.

4. Security Measures

Transit Ledger utilizes enterprise-grade cloud security mechanisms:

All network requests are encrypted in transit via standard TLS 1.3.
Sensitive credentials, such as Google Refresh Tokens, are encrypted at rest using industry-standard AES-256 cryptographic keys managed through secure, hardware-isolated cloud security modules.
Multi-tenant access is validated securely on every single API request using custom federated identity and token verification services.

5. Cookies and Tracking

Transit Ledger values your privacy and keeps your browsing clean:

Our platform and dashboard do not utilize any third-party tracking cookies, advertising trackers, or user behavioral analytics.
We only use essential, first-party session tokens required strictly to maintain your secure authenticated state.

6. Contact & Support

If you have questions regarding this Privacy Policy or wish to request data erasure (which you can also execute instantly via the Dashboard Delete Account button), please visit our Support Page or contact us directly at support@jmjgroup.ca.