Ledger by Post AI
Ledger · Trust

Security Overview

Plain-English summary of how Ledger protects your books, your QuickBooks credentials, and the data we derive from them.

01

Encryption

TLS 1.3 in transit. AES-256 at rest. Per-tenant key isolation for OAuth tokens.

02

Least-privilege OAuth

We request only the QuickBooks scopes we need. You can review and revoke at any time.

03

Full undo log

Every agent action is recorded and reversible. One-click rollback for any change or any night.

04

Tight access controls

Production access is gated by SSO + hardware MFA. Every access is logged and reviewed weekly.

05

No model training

Your books are never used to train any AI model. Anthropic retains zero-day for our API requests.

06

Incident response

24-hour notification commitment for any incident affecting your data, with full post-mortem.

Last updated April 25, 2026

Encryption

All connections to Ledger use TLS 1.3 with modern cipher suites. HTTP Strict Transport Security is enforced site-wide; older protocol versions and weak ciphers are disabled at the load balancer.

Customer data at rest — including your categorized transactions, derived analytics, attachments, and event logs — is encrypted with AES-256-GCM. Encryption keys are managed in a hardware-backed key management service and rotated automatically every 90 days. OAuth tokens are stored in per-tenant vaults with envelope encryption, so tokens cannot be enumerated or read in bulk.

QuickBooks OAuth and scope minimization

Ledger never sees your Intuit username or password. The connection uses Intuit's OAuth 2.0 flow; you authorize a defined set of scopes, and Intuit issues a token to us that we can revoke at any time from the Intuit account-management page or from your Ledger settings.

ScopeWhat it lets us doWhy we need it
com.intuit.quickbooks.accountingRead and write accounting records.Categorize and post transactions, match payments, run reconciliations.
com.intuit.quickbooks.paymentRead payment records.Match payments to outstanding invoices for AR.
openid · profile · emailIdentify the connecting user.Bind the connection to the right Ledger account.

We do not request payroll, banking-credential, or transaction-modification scopes outside the accounting scope listed above.

The undo log

The Ledger agent runs inside an audit framework that records every action it takes — what changed, the prior value, the source data the agent used to make the call, and the prompt/response trace if the action involved AI reasoning. Three properties follow:

  • Granular reversibility. Any single change can be reverted with one click. The system writes a compensating QuickBooks operation; nothing is hard-deleted.
  • Batch rollback. If a nightly run goes sideways, you can roll back the entire run as a unit. The window for batch rollback is open for 30 days.
  • Forensic traceability. If you ask "why did the agent do this?", the answer is in the log, including the source receipt, vendor history, and rule that fired.

Access controls

Production access is restricted to a small on-call group. Authentication is gated by Google Workspace SSO with hardware-backed MFA (WebAuthn / FIDO2). Production roles are read-only by default; write access requires a second engineer's approval through our deploy tooling.

Customer data is queryable only through audit-logged service tooling. We do not run ad-hoc SQL against production. Engineering laptops are managed, full-disk encrypted, and locked to a screen-saver of 5 minutes.

AI safety

The agent uses Anthropic's Claude API. Three guardrails apply:

  • No training on your data. Anthropic does not train models on API requests, and our agreement specifies zero-day retention for prompts and responses.
  • Bounded autonomy. The agent can categorize, match, and reconcile autonomously. It cannot create new vendors above a $5k spend threshold, post journal entries above a configurable cap, or modify locked periods, without your approval.
  • Deterministic checks. Every AI-suggested change passes through deterministic validators (math, date, double-entry balance) before it can be written to QuickBooks.

Infrastructure

Ledger runs on Vercel for application hosting and edge delivery, and Supabase (PostgreSQL) for primary database, authentication, and encrypted storage. Both are hosted in U.S. regions. We perform daily encrypted backups with 35-day rolling retention and quarterly restore drills.

We use Sentry for error monitoring with PII scrubbing applied at the source. Logs are retained for 30 days for active operations and 365 days for security audit purposes.

Incident response

Our incident-response playbook follows a four-step model: contain, eradicate, recover, learn. If we determine that a security incident has affected your data, we will notify you in writing within 24 hours of confirmation, with what we know, what we are doing, and what — if anything — we need from you. A written post-mortem follows within 14 days.

Suspected vulnerabilities can be reported responsibly to security@postailedger.com. We acknowledge reports within one business day and treat them confidentially.

Audits and reports

SOC 2 Type I observation period is in progress; Type II is planned for late 2026. Customers under NDA can request our most recent vendor security questionnaire and architecture diagram by writing to security@postailedger.com.

Contact

Security & vulnerability reports: security@postailedger.com
General trust & compliance: trust@postailedger.com