Security

How Ledgence protects your business data.

Ledgence is currently in PUBLIC BETA. We take security seriously and implement industry-standard protections, but we have not yet completed third-party security audits or obtained SOC 2, ISO 27001, or similar certifications. The platform is provided "as is" during the beta period.

Cloud Infrastructure

Ledgence runs entirely on Amazon Web Services (AWS) using a serverless architecture. This means there are no servers to manage or patch — AWS handles the underlying infrastructure security, including physical data center security, network isolation, and hardware maintenance. Our compute runs on AWS Lambda, API layer on AWS AppSync (GraphQL), database on Amazon RDS PostgreSQL, file storage on Amazon S3, and content delivery through Amazon CloudFront CDN. All infrastructure is deployed in the us-east-1 (N. Virginia) region.

Authentication

User sign-in is managed by Amazon Cognito, a managed authentication service. Passwords are never stored by Ledgence — Cognito handles password hashing, token issuance, and session management. Sessions use JSON Web Tokens (JWT) that expire automatically. Every API request is validated by a custom Lambda authorizer that verifies the JWT signature and extracts the user's identity and tenant context. Authorization results are cached for 5 minutes to balance security with performance.

Role-Based Access Control

Every user in a business has a role: Owner (full control), Admin (manage team and settings), or Member (day-to-day operations). Permissions are checked on every request at the resource and action level (e.g., "can this user create a journal entry in this business?"). The Owner role uses a wildcard permission that grants full access. Admins and Members have granular permissions assigned per resource. Permission changes take up to 5 minutes to propagate due to the authorization cache.

Encryption

All data in transit between your browser and Ledgence is encrypted using TLS (HTTPS), enforced by CloudFront. All data at rest in our PostgreSQL database is encrypted using AWS Key Management Service (KMS). S3 objects (uploaded files, product images) are encrypted at rest with server-side encryption (SSE-S3). Database backups are also encrypted.

Tenant Data Isolation

Ledgence is a multi-tenant platform — multiple businesses share the same database infrastructure. However, every single database query includes a tenant_id filter to ensure one business can never see another's data. This isolation is enforced at the application layer in every handler and repository. Foreign key constraints with ON DELETE CASCADE ensure that when a business is deleted, all its data is removed. There is no cross-tenant data sharing.

Payment Security

Ledgence never sees, stores, or processes credit card numbers. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified (the highest level of payment security certification). When tenants configure Stripe for their storefront, each tenant connects their own Stripe account via Stripe Connect — Ledgence acts as the platform but Stripe handles all sensitive payment data directly.

AI Features & Data

AI features (Chat Assistant, Daily Digest, Auto-Categorize) use Amazon Bedrock to access foundation models. Your business data sent to AI models is processed per-request and is not used to train or improve the models. AI interaction data (questions, responses) is stored per-tenant and never shared across businesses. The AI operates within your tenant boundary — it can only access data belonging to your business.

Audit Trail

Every significant action in Ledgence (creating a journal entry, inviting a team member, opening a POS session, sending a digest email) is recorded in an audit trail with a timestamp, the user who performed the action, and the affected resource. This audit log is immutable — entries cannot be edited or deleted. Business owners and admins can review the activity log from the dashboard.

Monitoring & Incident Response

We monitor the platform using Amazon CloudWatch with automated alarms on Lambda error rates for all services. Email delivery issues (bounces, complaints) are tracked via SES notifications and automatically pause affected features. We do not currently have a dedicated security operations team or 24/7 incident response — as a solo-founder beta product, incident response times may vary.

securityPage.betaNote

For security questions, to report a vulnerability, or for any concerns about your data, contact us at commercial@ledgence.com.

Back to home