LedgerLink

Products
The RailsThe LinkThe Engine
DocumentationTeam
Contact Us

Security Practices

LedgerLink is built to securely integrate digital assets with banking infrastructure. We combine best-in-class cloud architecture, strong cryptography, continuous monitoring, and rigorous vendor and compliance controls to protect customer funds and data.

LedgerLink Trust Center

Infrastructure & cloud

  • We deploy on major cloud providers following the Shared Responsibility Model.
  • Production workloads use multi-AZ architecture, encryption at rest, automated backups, and monitoring.
  • Multi-AZ, automated backups, snapshots retention policies and tested recovery procedures.
  • Infrastructure as Code (IaC) with peer-reviewed changes and automated policy checks.
  • Network segmentation, least-privilege security groups, and VPC flow logging.

Cryptography & key management

  • We use industry-standard algorithms and managed key storage.
  • Data at rest: AES-256 (GCM / XTS where appropriate).
  • Data in transit: TLS 1.2 minimum; TLS 1.3 preferred with ECDHE key exchange and modern ciphers.
  • Key storage & management via HSM / cloud KMS with role-based access and key rotation policies.
  • Hashing: SHA-256 / SHA-384 for integrity; deprecated algorithms are not used (no MD5, SHA-1, DES, 3DES).

Identity, access & authentication

  • Single sign-on (SAML / OIDC) with centralized identity provider (IdP).
  • Multi-factor authentication (MFA) for all privileged accounts.
  • Role-based access control (RBAC), least privilege, and regular access reviews.
  • Break-glass emergency procedures and documented step-down access control.

Secure development & vulnerability management

  • Secure SDLC: threat modeling, code reviews, and automated static analysis for all changes.
  • Third-party dependency scanning, periodic SCA reports, and patching cadence.
  • Regular internal and external penetration testing and remediation tracking.

Monitoring, logging & detection

  • Centralized logging and 24/7 alerting for critical events.
  • Endpoint detection, anomaly detection, and automated alert escalation.
  • Retention of security logs per policy (auditable and aligned with retention matrix).

People & culture

  • Security is everyone's responsibility. We apply HR best practices to minimize personnel risk.
  • Background checks for employees with privileged access where permitted by law.
  • Role-based security training and mandatory onboarding security modules.
  • Quarterly security refreshers, and secure coding training for engineers.
PRIVACY

Data protection & privacy

We minimize data collection, classify data sensitivity, and apply controls appropriate to classification levels. We comply with applicable privacy laws (CCPA, GDPR, etc.).

Data Subject Requests and DPAs are handled via our legal and compliance teams; customers can request a copy of our DPA or privacy practices via privacy@ledgerlink.ai.

OPERATIONS CONTINUITY

Business continuity & Incident response

We maintain documented BCP and DR plans, runbooks for failover, and periodic DR tests. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) defined per system.

Multi-region deployments and tested failover plans for critical services. IR playbooks (detection, containment, eradication, recovery, communication).

Customer notification procedures and regulatory reporting aligned to jurisdictional obligations. We maintain a coordinated vulnerability disclosure program. Security researchers may contact security@ledgerlink.ai.

COMPLIANCE

Compliance, audits & attestations

LedgerLink maintains a rigorous compliance program and undergoes regular third-party assessments. Attestations and detailed audit reports are available to customers under NDA.

Annual internal risk assessment and a formal risk register (aligned to SOC 2 TSC CC3.x).

Vendor risk management program: vendors are classified, assessed, and reviewed annually. Available evidence provided under NDA where necessary.