ledgr

Security & trust

Built on the same infrastructure your auditors trust.

ledgr handles policy documents that may contain confidential firm and client information. Here’s exactly how that data is stored, processed, and protected — and what we’re still working on.

At a glance

Today’s posture.

TLS 1.3 in transit

All traffic between client, app, and database uses TLS 1.3 with HSTS.

AES-256 at rest

Documents and embeddings encrypted at rest by Supabase / Postgres.

No model training on your data

OpenAI and Anthropic API inputs are not used to train their models. Verifiable in their public policies.

Single-tenant per firm

Each customer gets a dedicated Supabase project. Documents never share a database with another firm.

Admin-token gated ingestion

Document upload requires a per-firm admin token, never client-side.

SOC 2 Type II infrastructure

Vercel, Supabase, OpenAI, and Anthropic all hold current SOC 2 Type II reports.

Data flow

From document to answer.

Every piece of data your firm gives ledgr passes through these four stops, and only these four. No analytics, no third-party trackers in the answer path, no shared model training.

  1. 1.

    Upload (your laptop → ledgr admin panel)

    You submit a document over HTTPS. The admin token in your environment authorizes the upload. The browser never holds your service-role keys.

  2. 2.

    Chunk + embed (ledgr server → OpenAI)

    We split the document into ~700-word passages and call OpenAI's text-embedding-3-small to generate vector embeddings. Per OpenAI's API policy, these inputs are not retained for training.

  3. 3.

    Store (ledgr server → your Supabase)

    Chunks and embeddings are written to your firm's dedicated Supabase project. Encrypted at rest with AES-256. Only the server (using a service-role key stored in Vercel's encrypted env vars) can write.

  4. 4.

    Answer (question → retrieval → Anthropic Claude)

    When a teammate asks a question, the question is embedded, the most relevant chunks are retrieved by cosine similarity, and the answer is generated by Anthropic Claude with the source chunks as context. Anthropic does not train on API inputs.

Infrastructure

Who else touches your data.

ledgr is a thin layer over four sub-processors. We pass through their compliance, and we don’t add hops you haven’t signed up for.

Vercel

Application hosting and edge network

SOC 2 Type II, ISO 27001, GDPR, CCPA

Their docs →

Supabase

Postgres database with pgvector for storage and retrieval

SOC 2 Type II, HIPAA available on Pro

Their docs →

OpenAI (API)

Embeddings only — no chat content sent here

SOC 2 Type II, no training on API inputs

Their docs →

Anthropic (API)

Generates the cited answers from retrieved chunks

SOC 2 Type II, no training on API inputs

Their docs →

What we store

Data we keep, data we don’t.

We store

  • • Document text and metadata you upload
  • • Vector embeddings of those documents
  • • Question + answer logs (for debugging and your own audit trail)
  • • Your firm’s admin email for support

We do not store

  • • Client SSNs, account numbers, or other regulated PII unless you upload them in a document
  • • Third-party analytics on chat content (no Google Analytics, no Mixpanel inside the chat)
  • • Model training data — nothing is sent to OpenAI or Anthropic for training
  • • Anything outside your tenant’s database

Incident response

If something goes wrong.

If we detect or are notified of a security incident affecting your firm’s data, we will:

  • Contain the issue and preserve logs immediately.
  • Notify the affected firm’s primary contact within 24 hours of confirmation.
  • Provide a written incident report within 72 hours, including scope, root cause, and remediation.
  • Cooperate with your firm’s own breach-notification obligations under state and federal law.

Suspected security issue? Email security@ledgr (mnehe11@gmail.com for now).

Compliance roadmap

What’s coming.

We’re early. We won’t pretend otherwise. Here’s what we have today, and the order things ship as customer demand justifies the cost.

Today

SOC 2-aligned architecture

All sub-processors hold SOC 2 Type II reports. Single-tenant data isolation. Admin-token-gated ingestion. Documented incident response.

On request

Customer-managed encryption keys (CMEK)

If your firm requires hold-your-own-keys, we'll provision a dedicated Supabase project on Pro tier with KMS integration.

When the first customer requires it

SOC 2 Type I

We'll begin a Type I audit through Vanta or Drata. Typical timeline: 60-90 days from kickoff to attestation.

~6 months after Type I

SOC 2 Type II

Type II requires a 6-month observation window of the controls established in Type I.

If a customer with patient data signs

HIPAA BAA chain

Supabase Pro supports BAAs. Anthropic and OpenAI both offer BAAs for enterprise customers. We'll execute the chain when needed.

Documents

For your legal and IT review.

We’ll send these on request, no NDA required. If your firm has a security questionnaire, send it over — we’ll fill it out within five business days.

Privacy PolicyRequest →Data Processing Addendum (DPA)Request →Terms of ServiceRequest →Security questionnaire responseSend yours →

Last updated 26 April 2026. Material changes will be posted here and emailed to active customer contacts.