Legal

Privacy Policy

Effective date: April 18, 2026  ·  Ledgix Inc.

Ledgix is a B2B platform. We do not sell or rent customer data to third parties, we do not run third-party advertising, and we do not run any behavioral analytics on the personal data you or your users submit through the platform.

1. Who we are

Ledgix Inc. (“Ledgix”, “we”, “us”) operates the Ledgix ALCV platform — an authorization and audit layer for AI agent actions. Our registered address and primary point of contact for privacy matters is contact@ledgix.dev.

This policy applies to the Ledgix platform (Vault API, customer dashboard at app.ledgix.dev, developer documentation at docs.ledgix.dev), and our published SDKs (ledgix-ts and ledgix-python). It does not apply to third-party services your organization connects to Ledgix.

2. What data we collect

Account and organization data

When you create an account or accept an invitation, we collect your email address, your organization name, and the authentication credentials required to log in (managed through our auth provider, Supabase). If your organization configures SSO, your identity provider shares the claims required to authenticate you.

Clearance request data (the ledger)

The core function of Ledgix is to authorize and record agent actions. Each clearance request your application submits is recorded in your tenant's append-only audit ledger and includes:

  • tool_name — the name of the action being requested
  • tool_args — the arguments passed to that action
  • agent_id and session_id — identifiers your application provides
  • decision, reason, confidence — the policy evaluation result
  • policy_id and the hash of the policy content applied
  • request_id, timestamps, and cryptographic proof artifacts

Important: The tool_args field may contain personal data belonging to your end-users depending on how your application is built. You are responsible for ensuring that data sent to Ledgix through tool_args is limited to what is necessary for the authorization decision and complies with your own privacy obligations.

Policy content

Documents, structured rules, or text you upload to define how your agents should behave. This content is stored in your tenant's isolated database and used by our policy evaluation engine to process clearance requests.

Notification and reporting settings

Email addresses you provide as review notification recipients, Slack webhook URLs you configure, and compliance report delivery preferences. These are stored per tenant and used only to deliver the notifications and reports you configure.

Usage and operational data

Standard server logs including IP addresses, request timestamps, HTTP methods and paths, response codes, and latencies. These are retained for operational purposes and not used for behavioral profiling.

What we do not collect

We do not run third-party behavioral analytics, advertising pixels, or session recording on any Ledgix property. We do not collect credit card numbers directly — billing is handled by our payment processor (Stripe) under their own privacy policy.

3. How we use your data

We use the data described above to:

  • Operate, maintain, and improve the Ledgix platform
  • Evaluate clearance requests against your policies and return authorization decisions
  • Produce cryptographically tamper-evident audit records on your behalf
  • Generate compliance reports you request through the dashboard
  • Deliver review notifications and alerts to the contacts you configure
  • Authenticate users and enforce access controls within your organization
  • Detect drift and anomalies in agent behavior against your established baselines
  • Respond to support requests, enforce our Terms of Service, and meet legal obligations

We do not use the content of clearance requests, policy documents, or ledger entries to train AI models without your explicit consent.

4. When we share data

Service providers

We share data with sub-processors that help us deliver the platform, including:

  • AWS — compute, Secrets Manager (credential storage), S3 (Merkle checkpoint anchoring)
  • Supabase — authentication and control-plane database hosting
  • Stripe — billing and payment processing
  • Vercel — hosting for the dashboard and documentation sites

Each sub-processor is bound by data processing agreements consistent with applicable law.

Legal requirements

We may disclose data when required by law, regulation, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Ledgix, our customers, or others.

Business transfers

If Ledgix is acquired, merged, or transfers substantially all its assets, customer data may be transferred as part of that transaction. We will provide notice before your data becomes subject to a materially different privacy policy.

What we do not do

We do not sell or rent personal data to third parties. We do not share ledger content or policy documents with other Ledgix customers. Tenant data is logically and cryptographically isolated.

5. Retention and deletion

The audit ledger is intentionally designed to be append-only and tamper-evident. Once a clearance decision is recorded and anchored, it cannot be selectively deleted without breaking the cryptographic chain — this is a core feature for SOX 404 and other regulatory frameworks that require immutable audit trails.

By default, ledger entries are retained for the lifetime of your tenant. Enterprise customers may negotiate specific retention terms in their order form, including legal hold procedures.

Account data (email addresses, organization settings, notification preferences) is deleted within 30 days of a verified account deletion request. Policy content is deleted when you remove it or upon tenant deletion.

6. Security

We apply the following technical controls:

  • All data in transit is encrypted over TLS 1.2 or higher
  • Approval tokens are signed with Ed25519; each token carries a unique one-time-use identifier that is burned on consumption
  • Ledger entries are individually hashed and Merkle-chained into a tamper-evident structure; checkpoints are signed and anchored to immutable external storage (S3 with versioning)
  • Per-tenant databases are isolated; tenant credentials are stored in AWS Secrets Manager and never written to the control-plane database
  • Multi-factor authentication is available and configurable for all tenant members
  • Administrative access follows a break-glass model with mandatory audit logging

No security system is impenetrable. If you discover a vulnerability, please contact us at contact@ledgix.dev.

7. International transfers

Ledgix infrastructure runs primarily in AWS regions in the United States. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, data may be transferred to the US. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers. Enterprise customers with data residency requirements should contact us to discuss region-specific deployment options.

8. Your rights

Depending on your location, you may have the right to:

  • Access — request a copy of personal data we hold about you
  • Correction — request correction of inaccurate personal data
  • Deletion — request deletion of personal data, subject to our retention obligations (see section 5)
  • Restriction — request that we limit processing in certain circumstances
  • Portability — receive personal data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, email contact@ledgix.dev. We will respond within 30 days. Note that some rights may be limited where the data forms part of a legally required audit record.

CCPA (California): California residents have the right to know what personal information is collected, to delete personal information, to opt out of sale (we do not sell personal information), and to non-discrimination for exercising these rights.

9. Cookies and tracking

The Ledgix dashboard uses a minimal number of first-party cookies for session management and authentication state. We do not use third-party advertising cookies, behavioral tracking pixels, or fingerprinting scripts on any Ledgix property.

10. Children

Ledgix is a B2B platform intended for use by organizations and their authorized personnel. We do not knowingly collect personal data from individuals under 18 years of age.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify tenant administrators by email at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

12. Contact

For privacy questions, requests, or concerns:

See also our Terms of Service.