Security at LedgerApps

We handle your clients' financial data with the same care you do.

Bank-level encryption
Zero AI Data Retention
GDPR Compliant
SOC 2 Certified Infrastructure

How We Process Your Data

1

You upload a document (bank statement or receipt)

2

Document is encrypted and sent securely to our AI for extraction

3

AI extracts the data (dates, amounts, vendors)

4

Original document is deleted — not stored

5

Only extracted data is saved for matching and reports

We never store your original bank statements or receipts. Only the extracted transaction data needed to perform matching.

AI & Third-Party Processing

We use Anthropic's Claude AI to extract data from your documents. Here's what that means for your data:

No training on your data

Anthropic's API terms explicitly exclude customer data from model training

Zero data retention

We use Anthropic's zero-retention option, meaning your documents are not stored by the AI provider

Processing only

The AI reads your document, extracts the relevant data, and that's it

Data Processing Agreement

We have a signed DPA with Anthropic ensuring GDPR-compliant processing

Encryption & Transmission

All data is encrypted:

In transit

TLS 1.3 encryption for all data transmission (the same standard used by banks)

At rest

Database encryption for stored data

API calls

Encrypted connections to our AI provider

Data Retention

We keep only what's necessary:

Data TypeRetention
Original uploaded documentsDeleted immediately after processing
Extracted transaction dataKept for your records, deletable on request
Job historyKept for your records, deletable on request
Account dataKept while account active, deleted on account closure

You can delete your data at any time from your account settings. When you delete a client or job, the associated data is permanently removed.

GDPR Compliance

For our EU customers:

Data controllerYou remain the data controller for your clients' data
Data processorLedgerApps acts as a data processor on your behalf
Sub-processorsWe use Anthropic (AI processing), Supabase (database), Vercel (hosting)
Your rightsAccess, rectification, erasure, portability — all available through your account or by contacting us
DPA availableContact us if you require a signed Data Processing Agreement

What We Don't Do

We don't sell your data
We don't use your data for advertising
We don't train AI on your documents
We don't store original documents permanently
We don't share data with third parties (except essential service providers listed above)

Infrastructure

LedgerApps is hosted on enterprise-grade infrastructure:

Hosting

Vercel

SOC 2 Type II certified

Database

Supabase

SOC 2 Type II certified

AI Processing

Anthropic

Enterprise security, zero-retention API

Payments

LemonSqueezy

PCI DSS compliant

Questions or Concerns

Have questions about our security practices? Contact us at hello@ledgerapps.ai

If you discover a security vulnerability, please report it to hello@ledgerapps.ai. We take all reports seriously.

Ready to try LedgerApps?

Start your free trial with confidence.

Start Free Trial