Leadership Ledger

Privacy Policy

Effective July 18, 2026 · Contact: s.pushpesh@gmail.com

Leadership Ledger is built so that we cannot read your reflections. This policy explains exactly what stays on your device, what leaves it, and why.

The short version

Data stored on your device

Everything you write — audits, ledger items, reviews, commitments, settings — is stored in a local database on your iPhone, protected by iOS file encryption (complete file protection). It is included in your own device backup (iCloud or local), under your Apple account, exactly like your other app data. We have no server copy and no ability to access it.

No accounts

The app has no sign-up, sign-in, email collection, or user profiles. Instead, at first launch the app generates a random, anonymous identifier and stores it in the iOS Keychain (where it survives deleting and reinstalling the app). This identifier contains no personal information and cannot be linked to your identity by us. It exists for two purposes only: managing your subscription (via RevenueCat) and counting your free analysis allowance.

AI analysis — the only time your text leaves your device

When you choose "Submit for analysis" (or generate a Pillar Review), the app sends your reflection text to our stateless analysis service, which forwards it to Anthropic's Claude API and returns the result to your phone, where it is stored locally. On our service:

If you never use AI analysis ("Save without analysis"), your reflections never leave your device at all.

Usage counters and rate limits

To provide the free analysis allowance and prevent abuse, our service keeps small records keyed to your anonymous identifier: how many free analyses you've used, request timestamps for rate limiting, and per-week usage counts. These are numbers and timestamps only — never journal content, and never anything that identifies you personally.

Purchases

Subscriptions are processed by Apple and managed through RevenueCat under your anonymous identifier. We receive purchase status (for example, "subscription active") but never your payment details, name, or Apple ID. See RevenueCat's privacy policy and Apple's privacy terms for how they handle payment data.

Notifications

The weekly reminder is a local notification scheduled on your device. There is no push notification infrastructure and no server involvement.

Analytics and tracking

None. The app contains no analytics SDKs, no advertising, and no tracking of any kind. We do not sell or share data — there is nothing to sell.

Deleting your data

Settings → Delete all data permanently erases every reflection, ledger item, and review from your phone and restarts onboarding. The anonymous Keychain identifier and free-allowance counters persist — they contain no journal content. If you want the server-side counters associated with your anonymous identifier deleted as well, email us and we will remove them.

Children

Leadership Ledger is a professional tool intended for adults and is not directed at children under 13. We do not knowingly collect information from children — the app collects no personal information from anyone.

Changes to this policy

If this policy changes materially, the updated version will be posted at this address with a new effective date. Because the app stores no contact information, we cannot email you about changes — this page is the source of truth.

Contact

Questions about privacy: s.pushpesh@gmail.com