M
MerchantLedgerSettlement Automation

Security & Data Practices

MerchantLedger uses connected-provider authorization, encrypted credential storage, and tenant-scoped controls to support settlement accounting workflows. This page explains the current public trust model in plain language without implying certification or guarantees we have not yet earned.

Current security summary

Clear, supportable trust language tied to how MerchantLedger works today.

MerchantLedger is built for Amazon sellers who want cleaner accounting outputs without sharing marketplace or accounting passwords. The product focuses on the data needed for settlement accounting workflows, keeps those workflows tenant-scoped, and gives you clear paths to disconnect access, request deletion, or review service status.

How data moves through MerchantLedger

This is the plain-language flow from connection to accounting output:

1. Connected-provider authorization

You connect Amazon and supported accounting systems through provider authorization flows such as OAuth. MerchantLedger receives scoped credentials or tokens instead of asking for your marketplace or accounting passwords.

2. Encrypted credential storage

Connected-provider credentials are encrypted before they are stored so MerchantLedger can call approved APIs without exposing raw values in the UI or ordinary logs.

3. Data retrieval for accounting workflows

MerchantLedger reads settlement reports, financial events, and related seller identifiers needed to build accounting outputs. Limited catalog metadata only applies when you enable product-cost or mapping workflows.

4. Processing and categorization

Settlement activity is categorized in MerchantLedger so fees, refunds, reimbursements, reserve activity, and related adjustments are easier to review before posting or export.

5. Accounting output and user control

You review the output in MerchantLedger, then post to a connected accounting system or export files for manual workflows. You can also disconnect integrations or request deletion when needed.

What MerchantLedger accesses — and what it does not

MerchantLedger's public trust model is intentionally narrow: the product should read the data needed to turn settlement activity into accounting outputs, not unrelated store operations.

Read for core workflows
  • Settlement reports and financial events used to classify sales, fees, refunds, reimbursements, reserve activity, and related accounting adjustments
  • Seller and marketplace identifiers needed to make approved API calls and keep the right account context
  • Limited product metadata such as SKU, ASIN, or FNSKU only when you enable product-cost or mapping features
Not part of the core trust scope
  • Amazon or accounting passwords
  • Buyer messages or unrelated customer communications
  • Order-fulfillment controls or unrelated Amazon operational tooling
  • Inventory-focused datasets unless a separate inventory feature is explicitly enabled
Controls that limit and protect access
OAuth and token-based access

MerchantLedger is designed around connected-provider authorization rather than password collection. The product works with stored credentials and provider tokens, not shared marketplace or accounting passwords.

Encrypted credential handling

Connected-provider credentials are encrypted before storage. Public pages and normal product workflows do not expose those values back to you in raw form.

Tenant-scoped controls

MerchantLedger is designed to keep each account’s data separated through tenant-scoped application and database controls, along with limited service-access patterns.

User-controlled revocation

You can disconnect MerchantLedger in the app and revoke connected-provider access from Amazon Seller Central or the relevant accounting platform when appropriate.

Data sent between your browser, MerchantLedger, and connected providers is transmitted over TLS 1.2+ connections. For credential-storage details and retention windows, see the sections below and our Privacy Policy.

Retention and user control

`/privacy` remains the detailed retention source of truth. The summary below matches that policy so visitors can understand the basics without hunting across pages.

  • While your account is active: settlement data, configurations, and connection settings are retained so the service can operate.
  • After account closure: data is deleted within 30 days.
  • Backups: retained for up to 90 days for disaster recovery purposes, with retained backup copies encrypted at rest and kept off site.
  • Logs: retained for up to 1 year for operational and security review.

You can disconnect integrations in MerchantLedger, revoke provider access from the source platform, or request deletion through privacy@merchantledgerapp.com. For step-by-step help, use the Support Center.

Standards and roadmap wording

MerchantLedger is not currently SOC 2 certified. If we reference frameworks, standards, or future assurance work, that language should be read as direction and roadmap — not as proof of an already completed certification.

Today, this page is meant to describe current public practices: connected-provider authorization, encrypted credential handling, tenant-scoped access controls, retention windows, and clear support / security contact paths. If we complete formal certifications or materially expand the trust program later, we will update this page explicitly.

Where to go next
Security questions or vulnerability reports

Email security@merchantledgerapp.com if you believe you've found a security issue or need to ask about current security practices.

Retention and deletion details

Visit the Privacy Policy for the full retention schedule, deletion process, and data-sharing details.

Service availability and incidents

Visit /status for MerchantLedger's manual public status reference and broader service-impact communication.

General product help

Use the Support Center or email support@merchantledgerapp.com for setup, workflow, or account-specific questions.

Clear trust language matters

MerchantLedger's public trust pages are meant to explain what the product does today, what it does not access, and how to reach the right team if you need help. If you have a security question, contact security@merchantledgerapp.com.