This page describes the current operating posture for AccessLedger founder-led pilots, not a future-state trust center.
AccessLedger is a break-glass workflow and audit-evidence layer that sits on top of existing secret storage. The standard product flow tracks requests, approvals, expiry, rotation follow-up, and audit events without acting as the customer’s secret vault.
The current baseline includes repository-backed tenant-isolation proofs, fail-closed auth and session paths, CSRF protection, rate limiting, release verification in CI, deploy artifact verification, and worker health checks. Current product behavior should always be evaluated against the shipped code and docs rather than future roadmap items.
Production deployments use an operational backup step before deploy. Backup handling for pilot environments should be confirmed during onboarding so the customer understands where backups live and who is responsible for restoring them.
Retention is intentionally narrow and pilot-specific. AccessLedger stores workflow and audit data needed to run the service, and retention expectations should be agreed during pilot onboarding instead of inferred from generic marketing language.
Support is founder-led and coordinated directly over email. AccessLedger does not currently advertise or promise a public SLA, dedicated Slack support, or 24/7 incident coverage.
AccessLedger may help customers prepare audit evidence, but this page does not claim HIPAA readiness, BAA availability, or any broad compliance certification. Those commitments would require additional legal and operational work beyond the current pilot scope.
Send security questions or pilot review requests to support@accessledger.io.