Institutional-grade security for institutional-grade forensics.
Every layer of the BlackLedger stack is built for the demands of financial data — zero trust, encrypted at rest, auditable to the paragraph.
Data Privacy
DPDP Act Compliant
Full control over your data. Self-serve export of your complete PII payload. Cryptographic soft-deletes of all user-associated records on account deletion.
Infrastructure
Zero-Trust Architecture
Zero-trust RBAC on all API endpoints. AES-256 encryption at rest. TLS 1.3 in transit. Strict CSP, HSTS, and X-Frame-Options enforced globally.
Continuous Audit
Immutable Logs
Every state-changing action cryptographically logged in immutable audit tables. Synced to secure cold storage. Full paper trail for compliance reviews.
Passwords bcrypt-hashed with unique salts
All tokens encrypted at rest
HTTPS enforced everywhere
Periodic third-party security reviews
Sentry error monitoring
API rate limiting via Upstash
No PII sent to AI providers
Agent outputs never contain card data