Ledgentic.

Your data, protected.

We handle sensitive financial data every day. Security and European compliance aren't features — they're the foundation of everything we build.

01 — Controls

What we enforce, by default.

Encryption everywhere

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your invoices and financial data are never exposed in cleartext.

EU-only processing

All data is stored and processed in EU data centres. No cross-border transfers to non-adequate jurisdictions.

Access controls

Role-based access control (RBAC), SSO support, and detailed audit logs. You control who sees what.

Tenant isolation

Multi-tenant architecture with strict logical separation. Each customer's data is isolated — no cross-tenant access paths, even for our own engineers.

Audit trail

Every coding decision, every approval, every change — logged with the context that produced it. Audit-grade by default.

Secure integrations

OAuth 2.0 and API key authentication for all ERP and banking integrations. No passwords stored.

02 — Compliance

European compliance, by default.

Built for the rules that actually apply to European finance teams. We lead with what's true — no buzzword certifications.

GDPR

Compliant

EU data residency by default. Data Processing Agreement available on request. Documented sub-processor list with advance notification of changes. Customer rights (access, export, deletion) supported.

EU AI Act

Ready

Transparent reasoning, human-in-the-loop approval, full audit trail. The primitives the regulation expects, built into the product from day one — not bolted on in response.

03 — EU AI Act

Built for the rules already.

The EU AI Act asks for transparency, human oversight, and auditability when AI makes decisions on substantive matters. Ledgentic was designed with those primitives from the first commit — not retrofitted in response to the regulation.

Transparent reasoning

Every AI verdict ships with the reasoning trail. No silent classifications, no black-box decisions on financial data.

Human in the loop

The approval flow is part of the product, not bolted on. Routing, delegation, override — built in from day one.

Auditable trail

Every line, every coding decision, every approver — logged with the context that produced it. Auditors get their own format.

04 — Transparency

Sub-processors

Full sub-processor list available on request, including purpose, region, and data scope. We notify customers in advance of any change.

Vulnerability disclosure

Found something? We respond within one business day. Write to hello@ledgentic.com with the subject “Security disclosure”.

05 — Questions

Procurement, legal, or InfoSec questions? We answer them fast — including the DPA, sub-processor list, control mappings, and our certification roadmap.

Contact security team