Effective Date: December 5, 2025
Grain Ledger Company
Nashville, Tennessee

This Privacy Policy constitutes a legally binding statement issued by Grain Ledger Company (referred to herein as “Grain Ledger”, “we”, “us”, or “our”) and governs the collection, use, processing, retention, disclosure and protection of information obtained from individuals and entities (“you” or “Users”) who access or utilize our cloud based accounting software and associated services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read, understood and agreed to the practices described herein. If you do not agree to this Privacy Policy, you must immediately discontinue use of the Services.

1. Information Collected

Grain Ledger collects information solely for purposes that are reasonably necessary to provide, support, and maintain the Services, to fulfill contractual obligations and to comply with applicable legal requirements.

1.1 Information Voluntarily Provided by Users

We may collect, store and process the following categories of information that you elect to provide:

• Personal identifiers including name, business name, email address and similar contact details

• Financial and accounting data that you manually input into the Services

• Authentication information including Grain Ledger account credentials

1.2 Bank Account and Financial Connectivity Data

If you elect to link a financial account, the connection is facilitated through Plaid Inc. (“Plaid”). By initiating such connection, you authorize Plaid to receive and transmit certain limited financial data to us on your behalf. Through Plaid we may obtain:

• Tokenized or masked account identifiers and routing numbers

• Bank account balances

• Historical transaction data

All information furnished by Plaid is provided solely for read only purposes. Neither Plaid nor Grain Ledger is authorized to initiate or execute financial transactions through this integration.

1.3 Integration Data from Third Party Platforms

If you choose to connect third party services such as Planning Center or Stripe, Grain Ledger may receive limited data strictly necessary to display or reconcile financial information that you request through such integrations. We do not transmit your Grain Ledger data to these platforms except as required to facilitate the functionality expressly requested by you.

1.4 Automatically Generated Information

When you access the Services, we may automatically collect technical information including:

• Device identifiers

• Browser type, operating system and related metadata

• Diagnostic logs, usage information and security events

Such information is utilized exclusively for operational performance, system integrity and security monitoring.

2. Use of Information

Grain Ledger may use the information described herein for the following lawful purposes:

• To provide, maintain, host and operate the Services

• To generate accounting outputs and financial reporting

• To enable secure integrations with third party systems

• To enhance, refine and develop features within the Services

• To conduct risk assessment, fraud prevention and security auditing

• To respond to inquiries, support requests and administrative communications

• To satisfy legal obligations, regulatory requirements or lawful governmental requests

Grain Ledger does not sell, lease, license or rent personal information to any third party.

3. Disclosure of Information

We do not disclose information to third parties except under the following circumstances:

3.1 Service Providers and Authorized Partners

We may disclose information to trusted service providers who perform specific operational functions on our behalf, including Plaid, data hosting vendors, analytics providers and similar entities. These parties are contractually prohibited from using information for purposes other than delivering services to Grain Ledger and must follow confidentiality and security obligations consistent with this Privacy Policy.

3.2 Legal Compliance and Protection of Rights

We may disclose information if required to comply with applicable law, subpoena, lawful investigative request or court order, or if disclosure is reasonably necessary to protect the legal rights, safety or property of Grain Ledger, our Users, or the public.

We do not disclose information to advertisers, data brokers or unrelated third party entities.

4. Data Retention and Destruction

Grain Ledger retains personal information for the duration of your active account. Upon account termination, information will be retained for a period of thirty days, after which it will be deleted or irreversibly anonymized unless a longer retention period is required by law, regulation or legitimate business necessity.

5. Security Standards

We implement commercially reasonable administrative, technical and organizational security measures designed to safeguard information against unauthorized access, alteration, disclosure or destruction. These measures include:

• High strength encryption in transit and at rest

• Role based access controls and authentication protocols

• Secure data center infrastructure within the United States

• Continuous monitoring, periodic audits and security reviews

No storage or transmission method can be guaranteed as infallibly secure. Users remain responsible for maintaining secure passwords and protecting their authentication credentials.

6. User Rights and Data Requests

Subject to applicable law, you retain the following rights concerning your personal information:

• Right of Access: You may request confirmation of whether Grain Ledger processes your personal information and may obtain a copy of such information.

• Right of Correction: You may request that inaccurate or incomplete data be rectified.

• Right of Deletion: You may request deletion of your personal information, subject to lawful retention exceptions.

• Right of Data Portability: You may request provision of your data in a structured and machine readable format.

All requests must be submitted to support@grainledger.com. We may request additional information to verify your identity prior to processing any request.

7. Children’s Privacy

The Services are intended solely for individuals who are at least eighteen years of age. We do not knowingly collect or process personal information from individuals under eighteen. Any such information identified will be deleted upon discovery.

8. Amendments to This Privacy Policy

Grain Ledger reserves the right to modify, revise or update this Privacy Policy at any time. Any changes will be publicly posted with an updated effective date. Your continued use of the Services following publication of revisions constitutes acceptance of the updated policy.

9. Contact Information

For questions, concerns or requests regarding this Privacy Policy or your personal information, you may contact:

Grain Ledger Company
217 6th Ave N STE 43012
Nashville, TN 37219
Email: support@grainledger.com