Security
Your financial data deserves serious protection. Ledger is built with security at every layer — from infrastructure to application code.
Cloud Infrastructure
Ledger runs on Cloudflare's global network using serverless Workers — no persistent servers to compromise. Cloudflare provides built-in DDoS protection and is SOC 2 Type II certified.
Encryption
All data is encrypted in transit using TLS 1.2 or higher, enforced via HSTS (HTTP Strict Transport Security). Data at rest is encrypted using Cloudflare's storage-level encryption across D1, R2, KV, and Durable Objects.
Authentication
Passwords require a minimum of 12 characters, following NIST 800-63B guidelines. Accounts are locked after 5 failed login attempts with a 15-minute cooldown. Sessions use httpOnly, Secure, and SameSite cookies.
Data Isolation
Ledger uses a multi-tenant architecture with strict entity-scoped data access. Every database query is filtered by the authenticated user's entity, preventing cross-tenant data leakage by design.
Audit Trail
Every write operation is recorded in a hash-chained, append-only audit log. Each entry is linked to the previous entry's hash, making the log tamper-evident. Audit logs are retained for 7 years.
Security Headers
All responses include security headers: Strict-Transport-Security, X-Content-Type-Options (nosniff), X-Frame-Options (DENY), and a strict Referrer-Policy. CSRF protection validates the Origin header on all mutating requests.
Sub-Processor Security
We only work with infrastructure providers that maintain rigorous security certifications.
| Provider | Purpose | Certifications |
|---|---|---|
| Cloudflare | Hosting, compute, storage | SOC 2 Type II |
| Stripe | Payment processing | SOC 2 Type II, PCI DSS Level 1 |
| SendGrid | Transactional email | SOC 2 Type II |
Compliance
Ledger is actively working toward SOC 2 Type II and ISO 27001 certification. While we have not yet achieved these certifications, the technical controls described on this page — encryption, access controls, audit logging, and security headers — are already implemented and enforced in production.
Our infrastructure providers (Cloudflare, Stripe, SendGrid) are all SOC 2 Type II certified. We maintain documented security policies, access review processes, and an incident response plan.
Data Deletion
When you delete your account, your data is soft-deleted and retained for 90 days to allow recovery in case of accidental deletion. After 90 days, all data is permanently and irreversibly deleted. You can request immediate deletion by contacting [email protected].
Responsible Disclosure
If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within 2 business days.
We will not take legal action against good-faith security researchers who follow responsible disclosure practices.