Security is not an afterthought.

LedgerDock handles financial data for accounting firms and their clients. Every design decision reflects that responsibility.

Overview

LedgerDock is built with defense-in-depth: application-layer encryption for sensitive data, server-side sessions, multi-factor authentication, role-aware access control, and a comprehensive audit log. Financial data stays in PostgreSQL on managed infrastructure with encrypted connections.

Authentication

  • Argon2id password hashing — no bcrypt, no PBKDF2.
  • MFA on every login — SMS or email OTP, user's choice. No optional MFA.
  • Server-side sessions in PostgreSQL — no JWTs, no client-side session storage.
  • Idle timeout — sessions expire after 2 hours of inactivity.
  • MFA trust cookie (optional, per-device, time-limited) reduces friction without reducing security.

Role-aware access

Access is enforced through user_assignments with three path types:

  • Firm-wide — owner and senior accountant roles see all companies in the firm.
  • Specific company within firm — staff accountants and members see only assigned companies.
  • Standalone company — direct access outside a firm context.

Every per-company route validates access. System admins have a separate, audited access path.

PII masking and reveal logging

EINs, SSNs/ITINs, and full bank account numbers are encrypted at the application layer using AES-256-GCM. The UI shows masked values by default (e.g., ***-**-1234).

Revealing the full value requires a separate OTP verification — independent of the login MFA. Every reveal event is recorded in the audit log with the user, timestamp, IP address, and which field was revealed.

Audit logs

LedgerDock maintains an append-only audit log covering:

  • Authentication events (login, MFA verification, session expiry)
  • Membership changes (invitations, role changes, removals)
  • Commit lifecycle (created, advanced, finalized, failed, recovered)
  • PII reveal events
  • Schema and configuration changes
  • Ledger edits and deletions (non-finalized lines only)

Audit rows are append-only. Existing triggers enforce immutability.

Data handling

  • Database: PostgreSQL on DigitalOcean managed database with encrypted connections (TLS).
  • Document storage: DigitalOcean Spaces with SHA-256 dedup. Documents are scoped by company.
  • Backups: Automated daily backups with point-in-time recovery.
  • No PII sent to AI: Classification requests to AI providers include transaction descriptions and amounts, never SSNs, EINs, or bank account numbers.
  • Data ownership: You own your financial data. Export anytime. Delete on request.

Responsible disclosure

If you discover a security vulnerability, please report it to security@ledgerdock.app. We take every report seriously and will respond within 48 hours.

Please do not disclose vulnerabilities publicly until we have had a chance to investigate and address them.

Contact Us Start Free