Ledgit

Security

Last updated: January 15, 2025

Our Security Commitment

At Ledgit, security is not an afterthought—it's built into every layer of our platform. We understand that you're trusting us with sensitive financial data, and we take that responsibility seriously. This page outlines the measures we take to protect your information.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS). This prevents eavesdropping and tampering during transmission.

Encryption at Rest

Your data stored in our databases is encrypted using AES-256 encryption. Even if someone gained access to our storage, they couldn't read your data.

Authentication & Access Control

  • Secure Password Storage: Passwords are hashed using bcrypt with salt, making them impossible to reverse-engineer.
  • Row-Level Security: Database policies ensure users can only access their own data. Even if a bug existed, you couldn't see another user's information.
  • Session Management: Secure session tokens with automatic expiration protect against unauthorized access.
  • Role-Based Access: Team members can be assigned specific roles (Viewer, Accountant, Admin) with appropriate permissions.

Bank Connection Security

PlaidPowered by Plaid

We use Plaid, the industry-leading financial data platform used by thousands of financial institutions and apps, to securely connect to your bank accounts.

  • We never see your bank credentials. Your login information goes directly to Plaid, not our servers.
  • Read-only access. We can only view transaction data—we cannot move money or make changes to your accounts.
  • Revocable at any time. You can disconnect your bank accounts from Settings at any time.

Infrastructure Security

Supabase (Database)

SOC 2 Type II compliant, with automatic backups, point-in-time recovery, and enterprise-grade security controls.

Vercel (Hosting)

SOC 2 Type II compliant, with automatic DDoS protection, edge network security, and continuous deployment.

Stripe (Payments)

PCI DSS Level 1 certified. We never store your payment card details—they go directly to Stripe.

Anthropic (AI)

Transaction data sent for categorization is processed securely and not used to train AI models.

Incident Response

In the event of a security incident, we have procedures in place to:

  • 1Detect: Monitor systems for suspicious activity and potential breaches.
  • 2Contain: Immediately isolate affected systems to prevent further damage.
  • 3Notify: Alert affected users within 72 hours as required by applicable laws (GDPR, state breach notification laws).
  • 4Remediate: Fix vulnerabilities and implement measures to prevent recurrence.

Compliance

GDPR

EU Data Protection

CCPA

California Privacy

GLBA

Financial Privacy

Security Questions?

If you have questions about our security practices, discover a potential vulnerability, or want to report a security concern, please reach out through our support page:

Contact Support
Privacy PolicyTerms of ServiceData Processing AgreementBack to Home