Privacy Policy

Last updated: December 18, 2025

1. Introduction

Ledger L3 ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we handle your data, with a specific focus on the sensitive nature of engineering management notes and performance feedback.

2. Data Encryption and Security

We apply industry-standard security measures to protect your information. For complete technical details, please visit our Security Page.

  • Encryption at Rest: All notes and review content are encrypted using AES-256-GCM encryption before being stored in our database. This is the same encryption standard used by governments and financial institutions worldwide.
  • Encryption in Transit: All data sent between your browser and our servers is protected via TLS 1.3, the latest and most secure transport layer security protocol.
  • Database Privacy: We use Row Level Security (RLS) to ensure that users can only ever access their own team's data, even in the event of an application bug.
  • Zero-Knowledge Architecture: Your sensitive data is encrypted on our servers before storage. We do not have access to your plaintext notes or reviews.
  • Secure Key Management: Encryption keys are stored securely using environment variables and never committed to version control. Each encrypted value uses a unique, randomly-generated initialization vector.

Learn more about our security practices, infrastructure, and compliance on our dedicated Security page.

3. AI Processing and Privacy

Our AI-powered review generation tool processes your notes to create performance summaries.

  • No Training: We do not use your private notes or performance reviews to train our AI models or third-party models.
  • Processing Only: Data sent to our AI sub-processors is used only for the immediate task of generating requested content and is not retained for their own purposes.

4. Sub-processors

We use the following specialized providers to offer our services:

  • Stripe: For payment processing. We never store your credit card information on our servers.
  • Supabase/Vercel: For secure database hosting and application infrastructure.
  • OpenAI/Anthropic: For AI-powered review assistance (data is never used for model training).

5. Information We Collect

  • Account Info: Name and email via NextAuth (Google/Email).
  • Operational Info: Employee names, roles, and performance notes you choose to input.
  • Usage Data: Basic technical logs to help us keep the service stable.

6. Your Rights

You have the right to access, export, or delete your data at any time. Because Ledger L3 is designed as a tool for engineering managers to maintain their own "single source of truth," you have full control over the lifecycle of the information you record.

7. Contact Us

For privacy-related questions or data export requests, contact us at:

Email: help@l3dger.com