Royalty statements, fan contacts, and signed contracts deserve serious protection. Here's how we keep yours safe.
Everything you store (royalty statements, contracts, fan lists) is encrypted while it travels to our servers and while it sits in storage. Encryption keys live in a separate, locked-down system that the app itself can't read.
TLS 1.2+ in transit, AES-256 at rest. Secrets are held in dedicated key-management infrastructure, never in application config.
Your workspace is walled off from everyone else's at the database level, not just in the app. Even if someone found a bug, they still couldn't see another artist's data.
Postgres row-level security (RLS) policies enforce tenant isolation per-query. Access rules live in the database, not only in the API layer.
When someone changes permissions, exports data, or touches anything sensitive, the system logs who did it, what they changed, and why. Workspace owners can request a full export of these logs.
Structured audit events capture actor, target, action, and reason. Events are append-only and tamper-evident.
Your data is continuously backed up. If something goes wrong, we can restore to any point within the last 7 days. We test these backups every month by actually restoring them.
Continuous WAL replication with point-in-time recovery (PITR) up to 7 days. Restore tested monthly against a sandbox environment.
We're working toward an independent security audit (SOC 2 Type II) so you don't have to take our word for it.
Our packet includes a list of subprocessors (third-party services that touch your data), data flow diagrams, and a data protection impact assessment template. Available on request.
For privacy practices, see Privacy Policy · Data Retention.
If you find a security issue, email contact@releaseledger.com. We respond within one business day and credit researchers publicly once a fix has shipped.
We use essential cookies for core functionality. Optional analytics and marketing cookies are disabled by default and only enabled with your consent.