Built for the data finance teams handle.

Authentication

Sign in with Google, Microsoft, or email and password. Passwords are bcrypt-hashed. Session cookies are HttpOnly with SameSite-Lax. CSRF tokens are validated on every mutating request.

Role-based access

Hierarchical roles for owner, financial controller, AP manager, AP clerk, approver, and read-only access. Tenant isolation is enforced on every query by organization. Column-whitelist guards prevent injection on dynamic update paths.

Encryption

TLS in transit, with HSTS. Database disk encryption at rest. Sensitive fields — bank details, ERP credentials, OAuth refresh tokens — are encrypted at the application layer with Fernet, on top of the database encryption.

Audit logging

Every state transition writes an append-only row. Database triggers reject any update or delete on the audit table. Idempotency keys prevent duplicate event recording.

Rate limiting and CSRF

Production traffic is rate-limited at the middleware layer; CSRF tokens are required on every cookie-authenticated mutation.

Incident response

Severity tiers, on-call rotation, and a 72-hour breach notification SLA aligned with GDPR. Customers receive a written RCA within one week of any incident touching their data.

Clearledgr does not yet hold a SOC2 attestation. The controls equivalent to SOC2 are implemented and documented in our security packet — controls map with file-line citations, sub-processor list, incident response plan, vulnerability disclosure policy, and a GDPR-aligned DPA. The packet is shared with prospects under NDA.

Dependabot watches dependencies weekly. Sentry surfaces errors with PII scrubbing. Sub-processors are documented and customers receive 30 days' notice before any change.

To request the full security packet for review, email security@clearledgr.com. We respond within two business days.

To report a security issue, email the same address. Our coordinated disclosure policy is in the packet.