ledgerwire
Sign in
Security at Ledgerwire

Read-only by architecture,
not by promise.

Ledgerwire is a read-only wire between your bank and your AI assistant. There is no code path that moves money, opens accounts, or changes anything at your bank — the capability simply does not exist in the product. This page explains, in plain language, how the system is built, and publishes the security reviews we run against it.

Bank sign-in
You sign in at your bank, not at Ledgerwire. Your bank credentials never touch our servers — Quiltt, our regulated data aggregator, handles the connection.
No passwords
Ledgerwire itself has no passwords to steal: sign-in is by single-use, 15-minute magic link sent to your email.
Token storage
Bank access tokens are encrypted at rest with AES-256-GCM under a per-user derived key, bound to the owning user so one user’s ciphertext can never decrypt under another’s key.
Credential hashing
Every credential we mint — session cookies, MCP bearer tokens, magic links, OAuth tokens — is stored as a one-way SHA-256 hash. Combined with the AES-256-GCM-encrypted bank tokens above, no secret is stored in plaintext anywhere in our database.
Revocation
MCP tokens are minted per device or agent and are independently revocable from the dashboard, instantly.
12 tools · all read-only

This is everything an AI assistant can do through Ledgerwire. Every tool reads; none writes. There is no transfer tool, no payment tool, no account-change tool.

list_accounts
List your connected bank accounts.
get_balance
Read the balance of one account.
get_transactions
Read transaction history for an account.
search_transactions
Search transactions by keyword, date, or amount.
get_spending_by_category
Summarise spending grouped by category.
get_recurring
Detect recurring charges and subscriptions.
list_enrollments
List your bank connections and their health.
get_reconnect_link
Return a link to repair a broken bank connection.
list_investment_accounts
List brokerage and retirement accounts.
list_holdings
Read positions held in investment accounts.
get_loan_details
Read mortgage, auto, and student-loan balances, and how a payment splits into principal, interest, and escrow (where reported).
get_liabilities
Read interest rates, minimum payments, due dates, and credit limits — for the banks that report them (many don't; see the FAQ on coverage).
Webhooks
Every inbound webhook (Quiltt, Stripe) is verified with an HMAC signature and a replay window before a single byte is processed.
CSRF
State-changing browser requests require a same-origin check plus a double-submit CSRF token.
Rate limiting
Layered per-IP, per-email, and per-token rate limits on sign-in, the MCP endpoint, and every sensitive route.
Logging
Logs carry hashed identifiers only — no raw tokens, no account numbers, no transaction contents.
Analytics
Cookieless, privacy-first analytics (Plausible) on marketing pages only — no Google Analytics, no ad pixels, no analytics on your dashboard.
read them yourself

We run an adversarial security review at the end of every phase and on every major feature, and we publish the full findings — severities, file references, and what we fixed — verbatim.