Scoped access
Protected workflows resolve organization or company scope and current membership before returning or changing accounting data.
Security and controls
LedgerHQ combines signed-in access, organization and company scope, role permissions, encrypted transport, protected integration secrets, confirmation gates, and audit records across supported workflows. This page describes current controls without implying an unearned certification.
Protected workflows resolve organization or company scope and current membership before returning or changing accounting data.
Supported provider and integration secrets use authenticated encryption at rest and are not returned through normal responses.
Supported accounting and administrative changes write organization-scoped audit or activity evidence.

LedgerHQ requires authenticated access for the firm and accounting workspace. Protected REST and agent workflows resolve an authorization context that includes the organization, role, and relevant permission before proceeding.
Company access remains a separate boundary inside a firm. A firm-wide view does not mean every user or action can silently reach every company's books.
Accounting queries and writes are expected to be organization-scoped after access is resolved. LedgerHQ's API and MCP conventions require protected routes and tools to use that scope rather than relying on a record identifier alone.
Public token workflows, such as supported invitation or connection tasks, are kept outside the indexable marketing surface and return noindex signals. Their token remains a credential and should not be shared.
The hosted site enforces HTTPS transport policy through strict transport security headers, and the privacy policy states TLS protection for data in transit.
Supported stored integration and provider credentials use AES-256-GCM authenticated encryption. Responses and administrative views expose status or limited metadata rather than returning the underlying secret.
Sensitive, destructive, externally visible, billing-related, integration-changing, or unusually broad actions can require explicit confirmation or a short-lived confirmation token. Accounting services also validate conditions such as scope, posting state, warning evidence, and period locks.
LedgerHQ stores organization-scoped audit records for supported actions, and Tally work can also leave job, action, approval, or activity evidence. Retention and exact fields vary by workflow and package.
Firms remain responsible for choosing appropriate staff access, protecting sign-in methods and token links, reviewing AI authority, disconnecting stale integrations, and investigating unexpected activity.
Security questions or suspected issues should be sent through LedgerHQ support so the relevant account, company, action, and time window can be investigated without exposing private details publicly.
How the workflow moves
The exact action depends on permissions, company context, and the evidence available. The workflow stays inspectable from intake through review.
LedgerHQ uses layered application controls, but no system can promise absolute security. Firms should maintain appropriate access, device, credential, and review practices.
LedgerHQ does not claim SOC 2, ISO 27001, PCI certification, bank-grade certification, or another third-party security status on this page.
Questions
LedgerHQ states TLS protection for data in transit and sends a strict transport security policy on hosted responses.
Supported integration and AI-provider secrets use AES-256-GCM authenticated encryption and normal application responses expose only limited status metadata rather than the secret.
No such blanket claim is made. Supported workflows write organization-scoped audit, activity, job, action, approval, or accounting evidence; the exact record depends on the workflow.
LedgerHQ does not claim SOC 2 certification on this page. Ask support for the current security and compliance posture needed for your review.