Privacy Policy

1. Introduction

This Privacy Policy describes how Crude Ledger ("we," "our," or "us") collects, uses, and protects your personal information when you use our oil and gas financial management platform. We are committed to protecting your privacy and ensuring the security of your data.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Name and contact information (email address, phone number)
• Company information and business details
• Billing and payment information (processed securely through Stripe)
• Account credentials and authentication data
• Professional information related to oil and gas operations

2.2 Financial and Operational Data

As a financial management platform, we collect:

• Joint Interest Billing (JIB) data and cost entries
• Mineral interest and royalty information
• Well information, operator details, and lease data
• Financial transactions and revenue tracking
• Uploaded documents and supporting files

2.3 Technical Information

• IP addresses and device information
• Browser type and operating system
• Usage patterns and application interactions
• Log files and error reports

3. How We Use Your Information

We use your information to:

• Provide our financial management and tracking services
• Process billing and manage your subscription
• Maintain data security and platform integrity
• Generate reports and analytics for your business
• Provide customer support and technical assistance
• Comply with legal and regulatory requirements
• Improve our services and develop new features

4. Data Security and Storage

4.1 Security Measures

We implement industry-standard security measures including:

• End-to-end encryption for data transmission
• Secure database storage with access controls
• Multi-tenant architecture ensuring data isolation
• Regular security audits and vulnerability assessments
• Secure authentication and authorization systems

4.2 Data Isolation

Your data is completely isolated from other users through our multi-tenant architecture. Company data is segregated and accessible only to authorized users within your organization.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

• Service Providers: With trusted third-party providers (like Stripe for payments) who assist in delivering our services
• Legal Requirements: When required by law, court order, or regulatory authorities
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice to users)
• Protection: To protect our rights, property, or safety, or that of our users

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access and review your personal information
• Correct or update inaccurate data
• Request deletion of your account and data
• Export your data in a portable format
• Restrict or object to certain data processing

6.2 Account Management

You can manage your account settings, subscription, and data preferences through your account dashboard.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account closure, we may retain certain information for:

• Legal compliance and regulatory requirements
• Fraud prevention and security purposes
• Backup and disaster recovery (up to 30 days)

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information during such transfers.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns and improve our services
• Ensure security and prevent fraud

11. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform. Your continued use of our services constitutes acceptance of any updates.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation, including the right to access, rectify, erase, restrict, port, and object to processing of your personal data.