Security, plainly
Ledger7 holds the evidence behind your tax claim, so here is exactly how it is treated. No badges we don't have, no claims we can't back.
Read-only integrations
GitHub access is authorized through GitHub itself: a GitHub App with read-only Contents and Metadata permissions, where you choose the repositories on GitHub's own screen and can revoke access anytime from your GitHub settings. Sync uses short-lived tokens generated per run; nothing long-lived is stored. We keep commit metadata only: the SHA, the message, the author, the date, and the repository name. We never fetch, read, or store your code, diffs, or file contents.
Encryption at rest
GitHub tokens are sealed with AES-256-GCM before they touch the database. Fine-grained, single-repository, read-only tokens are all Ledger ever needs.
Immutable timestamps
Every piece of evidence carries a capture timestamp set by the server at the moment of insertion. It cannot be edited afterward, by anyone, including us. That immutability is the audit defense: it proves the record is contemporaneous.
Export anytime
Your evidence is yours. A one-click export produces everything we hold for your company - entries, experiments, transcripts, photos, allocations, commit metadata - in open formats. No lock-in.