Confidentiality & Nondisclosure Policy

Effective Date: February 26, 2026

At XPerf Inc., protecting the confidential information you store and process through our Ledgeron bookkeeping and accounting software platform is fundamental to our business operations. This Confidentiality Policy governs how we safeguard the sensitive financial and business data you input, store, and manage within our software-as-a-service platform.

Our Commitment to You

We treat your data as strictly confidential. When you utilize the Ledgeron platform for your self-managed bookkeeping and accounting operations, you maintain ownership and control of your data while we provide secure infrastructure and comprehensive confidentiality protections.

Scope of Confidential Information

Financial Data

Bank statements and financial account information
Financial statements, reports, and accounting records
Tax returns and supporting tax documentation
Payroll records and compensation data
Credit card transactions and payment processing information
Budgets, forecasts, and financial projections

Business Intelligence

Customer and vendor databases
Business plans, strategies, and operational procedures
Pricing structures and contractual arrangements
Sales data and revenue analytics
Trade secrets and proprietary business methodologies

Personal Information

Employee personal and payroll information
Customer personally identifiable information (PII)
Owner and management personal details

Data Protection and Security Measures

Technical Safeguards

Encryption: AES-256 at rest and TLS 1.2+ in transit
Multi-factor authentication and role-based access controls
SOC 2-aligned data centers with 24/7 monitoring
Periodic penetration testing and security assessments
Encrypted, geographically distributed backup systems

Administrative Controls

All personnel execute comprehensive confidentiality agreements
Mandatory annual cybersecurity and privacy protection training
Technical support access limited to specific troubleshooting requirements
Documented incident response procedures for breach detection and notification
All third-party service providers bound by equivalent confidentiality obligations

Operational Protections

Customer data segregated through secure multi-tenant architecture
Real-time anomaly detection and access logging
Controlled deployment processes with rollback capabilities
Business continuity plans with defined recovery time objectives

Permitted Disclosures

User-Authorized Disclosures

Explicit written authorization for specific information sharing
Integration with third-party applications per your configuration settings
Data export requests for business continuity or migration purposes

Legal and Regulatory Compliance

Compliance with IRS reporting requirements where applicable
Response to valid court orders, subpoenas, or government investigations
Meeting anti-money laundering (AML) and financial crimes reporting obligations
Cooperation with legitimate law enforcement requests pursuant to due process

Operational Necessities

Disclosure to hosting providers, security vendors, and infrastructure partners under strict contractual confidentiality obligations
Consultation with attorneys under attorney-client privilege
Professional audits required for SOC 2 compliance and security certifications

Excluded Information

Information is not considered confidential under this policy if it:

Constituted public knowledge prior to your disclosure
Becomes publicly available through no breach of this policy
Was independently developed by XPerf without reference to your confidential information
Was lawfully received from third parties with disclosure rights

User Rights and Data Governance

Request comprehensive data exports in standard formats
Correct inaccurate information through platform controls
Export data in machine-readable formats upon service termination
Request complete data deletion or return upon service conclusion
Receive certification of data destruction when requested

Data Retention and Destruction

Active Service Period: Confidentiality protections remain in effect throughout your subscription.
Post-Termination: Confidentiality obligations continue for five (5) years following service termination.
Legal Retention: Certain data may be retained as required by tax laws, financial regulations, or legal process.
Destruction Procedures: Data destruction follows principles aligned with NIST SP 800-88 Rev. 1, adapted for cloud environments, including cryptographic erasure where applicable.

Marketing and Publicity Restrictions

XPerf will not:

Utilize your business name or identifying information in marketing materials without express written consent
Publicly announce you as a platform user without authorization
Process your data for any purpose beyond platform operation and security

Dispute Resolution

Any dispute arising out of or relating to this Policy shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in Austin, Texas by a single neutral arbitrator. Both parties waive the right to a class, collective, or representative action. Either party may seek injunctive relief in state or federal court in Travis County, Texas to protect Confidential Information. The arbitrator's award is final and binding.

Legal Remedies

In the event of a confidentiality breach, you may seek injunctive relief and recover actual damages. Prevailing parties may recover reasonable attorney fees. Any damages shall be subject to the limitation of liability provisions in XPerf's Terms of Service.

Policy Modifications

Use of the Ledgeron platform constitutes acceptance of this Policy. Material changes will be communicated thirty (30) days prior to effective date. This policy is governed by Texas law and survives termination of the service agreement.

Contact Information

XPerf Inc.
101 E Old Settlers Blvd, Suite 120
Round Rock, TX 78664
Email: support@everbranch.ai