Trust

Security.

LtdRecord holds your company’s records and evidence — here is how we treat that responsibility.

Last updated: 7 July 2026

How your records are encrypted

  • In transit — all traffic between you and LtdRecord is encrypted (TLS).
  • At rest, with a key unique to your company. Every signed PDF and uploaded evidence file is sealed with AES-256-GCM under a data key that belongs to your company alone, and that key is itself stored encrypted (envelope encryption). A leak of the storage layer would yield ciphertext, not your records.
  • Deletion destroys the key. Deleting a company — or your whole account — destroys its encryption key, so even a stray copy of a stored file becomes unreadable.
  • What we don’t claim. LtdRecord generates and renders your documents on our servers, so our systems hold the keys — this is not end-to-end encryption, and we won’t pretend otherwise. What we promise is narrower and true: per-company keys, no admin screen that browses your files, and deletion that means it.

Access to your data

  • Passwordless sign-in. You log in with a short-lived one-time code sent to your email. There are no passwords to steal, and code entry is rate-limited against guessing.
  • Every request is ownership-checked. Records, files, previews, and exports are only ever served to the signed-in account that owns them — enforced on the server for every byte, not hidden in the interface.
  • Records you email can only go to your own address or the accountant saved in your settings — the send path can’t be used to relay mail elsewhere.

Where your data lives

  • All traffic is encrypted in transit (TLS).
  • Structured data (account, company, records) lives in a managed Postgres database (Neon) with automated backups.
  • Signed PDFs and uploaded evidence live in private object storage (Cloudflare R2), encrypted with your company’s key as above — objects are never publicly addressable and are only served through the ownership checks above.
  • Card details never touch our servers — payments are handled by Stripe.

Abuse resistance

  • Rate limits on sign-in, document generation, uploads, and email sending.
  • Upload limits and file-type allowlisting on evidence files.
  • Document previews are watermarked and rendered server-side; the underlying templates never ship to the browser.

Reporting a vulnerability

If you believe you’ve found a security issue, please email info@9s-labs.com with enough detail to reproduce it. We’ll acknowledge within two working days, keep you informed, and won’t take action against good-faith research.