Your data security is our top priority. Learn how we protect your sensitive information.
Ledger L3 is built with security at its core. We understand that you're trusting us with sensitive performance data, private notes, and confidential team information. That's why we've implemented enterprise-grade security measures to ensure your data remains private and protected.
All sensitive data is encrypted before being stored in our database using industry-standard encryption.
We use AES-256-GCM (Galois/Counter Mode), a NIST-approved encryption algorithm that provides both confidentiality and authenticity. This is the same encryption standard used by governments and financial institutions.
GCM mode includes authentication tags that verify data integrity, ensuring that encrypted data hasn't been tampered with.
All notes, performance review content, and sensitive employee data are encrypted before storage.
All data transmitted between your browser and our servers is protected using modern encryption protocols.
We use the latest TLS 1.3 protocol for all connections, ensuring your data is encrypted during transmission.
All pages and API endpoints are served over HTTPS. HTTP connections are automatically redirected to HTTPS.
We only support modern, secure cipher suites and disable outdated protocols like SSL and TLS 1.0/1.1.
Secure key management is critical to maintaining data security.
Encryption keys are stored securely using environment variables and never committed to version control.
Each encrypted value uses a unique, randomly-generated initialization vector (IV) to ensure maximum security.
Our encryption system is designed to support key rotation as a security best practice.
Multiple layers of security protect your data at the database level.
Database policies ensure users can only access their own data. Even if there's a bug in our application code, users cannot access other users' data.
Our database provider (Neon) encrypts all data at rest using AES-256 encryption at the infrastructure level.
All database connections use SSL/TLS encryption and are restricted to authorized application servers only.
We've designed Ledger L3 so that we cannot access your private data, even if we wanted to.
Your notes and reviews are encrypted on our servers before being saved to the database. We never have access to the plaintext.
Your data is never used to train AI models. When you use AI features, your data is processed only for that specific request and is not retained by AI providers.
You can export or delete your data at any time. When you delete data, it's permanently removed from our systems.
We partner with industry-leading providers to ensure your data is secure and available.