Ledger Privacy Policy — Ledger

10 Total

2 High severity

6 Medium severity

2 Low severity

Summary

This is Ledger's privacy policy, which explains what personal information the company collects when you buy or use their crypto hardware wallets and Ledger Live app, and how they use and share that information. Ledger collects data like your name, email, shipping address, purchase history, and how you use their app, and may share it with marketing partners and service providers. You have the right to access, delete, or correct your data by contacting Ledger's privacy team.

Technical Summary

Ledger's privacy policy governs the collection, processing, storage, and sharing of personal data by Ledger SAS (a French company) and its subsidiaries across their hardware wallet products, Ledger Live software, e-commerce operations, and associated services. The policy establishes legal bases for processing under GDPR (contract performance, legitimate interest, consent, and legal obligation), identifies categories of data collected (identity, financial, transactional, behavioral, and device data), and outlines data subject rights including access, rectification, erasure, portability, and objection. Notably, the policy discloses sharing of personal data with third-party service providers, marketing partners, and in certain cases, blockchain transaction data that is inherently public. The policy also addresses the 2020 data breach and describes remediation measures, and sets out specific provisions for US residents under CCPA and other applicable state privacy laws.

Institutional Analysis

This policy engages primarily with the EU General Data Protection Regulation (GDPR) as Ledger SAS is a French entity, and additionally addresses the California Consumer Privacy Act (CCPA) and UK data protection law post-Brexit. Compliance teams should note that Ledger suffered a significant data br…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured April 3, 2026 05:44 UTC

Document ID CA-D-000278

Version ID CA-V-000448

Source URL https://www.ledger.com/privacy-policy

Wayback Machine View archived versions →

SHA-256 a99fd3fa1d0251255a5e6c62fa3932ac78347b0594f98831fda4516a8cc4bf2b

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

April 3, 2026 — Document updated low

Ledger made a small formatting change to their Privacy Policy on April 3, 2026. The section header 'With whom do we share your data?' now reads 'Discover With whom do we share your data?' — adding the word 'Discover' at the beginning. This appears to be a navigation or UI label change and does not alter any of the actual content about how your data is shared.

· 1 modified
View changes → View record →
a99fd3fa…
April 2, 2026 — Document updated high

Ledger updated its privacy policy on April 2, 2026, making significant structural changes — removing nearly 200 sentences and reorganizing how the policy is presented. The introduction now highlights a promotional Bitcoin bonus offer, and the policy's scope section was restructured with new headings. While some language was softened (e.g., 'If you keep using' changed to 'If you continue to use'), the core consent-through-continued-use framework remains, meaning users who keep using Ledger services are still considered to have accepted any changes.

11 added · 188 removed · 15 modified
View changes → View record →
6388bd50…
March 19, 2026 — Initial capture

First snapshot archived

1db84f29…

Analyzed Changes

2 changes analyzed since monitoring began.

Updated April 3, 2026

low

What changed Ledger updated their Ledger Privacy Policy on April 03, 2026. Change detected: 1 sentence(s) modified. Document contained 36 sentences after update.

Consumer impact Ledger updated a section header in their Privacy Policy from 'With whom do we share your data?' to 'Discover With whom do we share your data?' on April 3, 2026. This is a cosmetic or navigational change and does not alter any underlying data-sharing practices or consumer rights. No action is needed as a result of this change.

Why it matters This change is cosmetic and does not affect how Ledger shares user data or what rights consumers have. It is worth noting only for audit trail completeness.

Updated April 2, 2026

high

What changed Ledger updated their Ledger Privacy Policy on April 02, 2026. Change detected: 11 sentence(s) added, 188 sentence(s) removed, 15 sentence(s) modified. Document contained 36 sentences after update.

Consumer impact Ledger removed the vast majority of its privacy policy content — 188 sentences — in a single update on April 2, 2026, significantly reducing the transparency and detail previously available to users about how their data is collected and used. The restructuring means users have far less information to rely on when making informed decisions about their personal data. You can review the updated policy directly on Ledger's website and compare it with archived versions to identify what protections or disclosures have been removed.

Why it matters Ledger removed the overwhelming majority of its privacy policy content in a single update, leaving users with dramatically less transparency about how their personal and financial data is handled. For a hardware wallet company whose users entrust it with cryptocurrency security, this reduction in disclosure is a significant trust and compliance concern.

High Severity — 2 provisions

2020 Data Breach Disclosure
Ledger discloses that in 2020 their e-commerce database was breached, exposing over one million customer email addresses and approximately 272,000 customers' full name, phone number, and postal address.

Added March 20, 2026
Third-Party Marketing Data Sharing
Ledger shares your personal data with third-party marketing partners and advertising networks to deliver targeted advertising and measure campaign performance.

Added March 20, 2026

Medium Severity — 6 provisions

Blockchain Transaction Data Public Visibility
Ledger discloses that transactions conducted on public blockchains are inherently visible to anyone and cannot be deleted or altered, as this is a fundamental characteristic of blockchain technology.

Added March 20, 2026
GDPR Data Subject Rights
EU and UK users have the right to access, correct, delete, restrict, or port their personal data, and to object to certain types of processing including direct marketing.

Added March 20, 2026
CCPA California Resident Rights
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal data is collected and sold, the right to opt out of sale, and the right to non-discrimination for exercising their rights.

Added March 20, 2026
Legitimate Interest as Legal Basis
Ledger relies on 'legitimate interest' as a legal justification for certain data processing activities including analytics, fraud prevention, and some marketing activities, without requiring your explicit consent for these uses.

Added March 20, 2026
Cookie and Tracking Technologies
Ledger uses cookies, pixels, and similar tracking technologies on their website and in their app to collect behavioral and usage data, some of which requires your consent while others are used by default.

Added March 20, 2026
International Data Transfers
Ledger may transfer your personal data outside the European Economic Area to countries that may not have the same level of data protection, relying on mechanisms such as Standard Contractual Clauses to safeguard these transfers.

Added March 20, 2026

Low Severity — 2 provisions

Data Retention Periods
Ledger retains personal data for varying periods depending on the purpose, such as retaining customer purchase data for the duration of the legal warranty period and marketing data until you unsubscribe or object.

Added March 20, 2026
Children's Data
Ledger states that its services are not directed at children under the age of 18 and that it does not knowingly collect personal data from minors.

Added March 20, 2026