LedgerEye

Key Features

Built for analysts who need proof, not promises

Relationship Graph

D3.js force-directed visualization maps complex entity relationships in real time. Zoom, filter, and explore interconnected networks at any scale.

Risk Scoring

Automated 0-100 risk assessment powered by configurable rule engines. Transparent scoring with full audit trail on every calculation.

Natural Language Queries

Ask questions in plain English or Italian. AI translates your intent into structured queries and returns actionable intelligence.

IMMUTRACE Protocol

Every query is immutably recorded on blockchain. Multi-signature approval ensures no single actor can access sensitive data unchecked.

Evidence Packages

Court-ready proof with SHA-256 verification. Generate tamper-evident evidence bundles accepted by regulatory bodies worldwide.

Role-Based Access

Five distinct roles — Admin, Analyst, Approver, Auditor, Viewer — each with granular permissions enforced at every API endpoint.

Legal

Privacy Policy

Effective date: 15 March 2026

LedgerEye is a product of IMMUTRACE. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the LedgerEye platform and related services.

1. Data We Collect

We collect the following categories of information:

Account information: name, email address, organisation, and role when you register for the platform.
Usage data: queries executed, features accessed, timestamps, IP addresses, and browser/device metadata.
Audit trail data: all analytical queries and approvals are recorded immutably as part of the IMMUTRACE Protocol for accountability purposes.
Communication data: content of support requests and emails you send to us.

2. How We Use Your Data

To provide, maintain, and improve the LedgerEye platform.
To enforce accountability and generate cryptographic audit trails.
To send transactional notifications (e.g., approval requests, account alerts) via our email provider.
To comply with legal obligations and respond to lawful requests from authorities.
To monitor platform security and prevent abuse.

3. Third-Party Services

LedgerEye integrates with the following third-party services, each with their own privacy policies:

OpenSanctions: sanctions and PEP data used for entity screening and risk assessment.
Polygon: blockchain infrastructure for immutable audit trail recording.
Resend: transactional email delivery for notifications and alerts.

We share only the minimum data necessary for each integration to function. We do not sell your personal data to any third party.

4. Data Storage and Retention

Data location: All personal data is stored in European data centers in compliance with GDPR. No personal data is transferred outside the European Economic Area (EEA). Blockchain anchors on Polygon are public cryptographic hashes that contain no personal data.

Retention: Account and usage data is retained for as long as your account is active and for up to 24 months after account closure for legal and audit purposes. Audit trail records on the blockchain are immutable by design and cannot be deleted, as this is fundamental to the platform's accountability guarantees.

5. Right to Erasure — Article 17 GDPR

We implement cryptographic erasure to honor your right to be forgotten:

Sensitive data fields are encrypted with individual AES-256-GCM keys, each stored separately in an encryption key vault.
Upon erasure request, all per-record encryption keys are permanently destroyed (overwritten with zeros).
Without the encryption keys, the ciphertext is mathematically unrecoverable — this is equivalent to permanent deletion.
Your username is replaced with an anonymized SHA-256 hash; email and password are permanently removed.
On-chain SHA-256 hashes anchored on Polygon remain, but these are irreversible cryptographic digests that cannot reveal personal data and are permanently disconnected from any identifying information.

Every erasure is recorded in a metadata-only audit log (no personal data) containing: timestamp, anonymized user reference, and count of keys destroyed. This log is available to the Data Protection Officer for compliance demonstration via GET /api/v1/gdpr/erasure-log.

6. Your Other Rights (GDPR)

If you are located in the European Economic Area, you also have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Object to or restrict processing of your data.
Data portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at decision.acc@gmail.com. We will respond within 30 days.

6. Cookies

LedgerEye uses strictly necessary cookies for session management and authentication. We also use localStorage to remember your cookie consent preference. We do not use third-party tracking cookies or advertising pixels.

7. Security

We implement industry-standard security measures including encryption in transit (TLS), role-based access controls, and cryptographic verification of all data operations. The platform's open-source nature allows independent security audits.

8. Contact

For privacy-related inquiries, contact the data controller:
IMMUTRACE
Email: decision.acc@gmail.com

Terms of Service

Effective date: 15 March 2026

These Terms of Service ("Terms") govern your access to and use of the LedgerEye platform, operated by IMMUTRACE ("we", "us", "our"). By accessing or using LedgerEye, you agree to be bound by these Terms.

1. Acceptance of Terms

By creating an account, accessing the platform, or using any LedgerEye service, you confirm that you have read, understood, and agree to these Terms. If you are using LedgerEye on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.

2. Service Description

LedgerEye is an open-source intelligence (OSINT) analysis platform designed for financial crime investigation, sanctions screening, and regulatory compliance. The platform provides relationship graph visualization, risk scoring, natural language queries, and cryptographic audit trails via the IMMUTRACE Protocol.

3. User Accounts and Responsibilities

You must provide accurate and complete registration information.
You are responsible for maintaining the confidentiality of your account credentials.
You must not share your account or allow unauthorised access.
You agree to use the platform only for lawful purposes and in compliance with all applicable laws, including anti-money laundering regulations, sanctions laws, and data protection legislation.
You must not attempt to circumvent the IMMUTRACE Protocol's approval mechanisms or tamper with audit trail records.
You are responsible for the accuracy and legality of any data you import into the platform.

4. Intellectual Property

The LedgerEye platform source code is released under the MIT License. You may use, modify, and distribute the code in accordance with that license. The LedgerEye and IMMUTRACE names, logos, and branding are trademarks of IMMUTRACE and may not be used without prior written permission, except as required for reasonable and customary attribution.

5. Data and Privacy

Your use of LedgerEye is also governed by our Privacy Policy. By using the platform, you acknowledge that all analytical queries and approvals are recorded immutably as part of the IMMUTRACE Protocol. This is a core feature of the platform, not a side effect, and cannot be disabled.

5a. Data Erasure and On-Chain Records

Upon account deletion, we perform cryptographic erasure: per-record AES-256-GCM encryption keys are permanently destroyed, rendering encrypted personal data mathematically unrecoverable. SHA-256 hashes anchored on Polygon mainnet are immutable and cannot be removed from the blockchain. These hashes are one-way cryptographic digests that do not contain and cannot be used to derive personal data. By using this service, you acknowledge that these non-personal cryptographic proofs persist permanently on-chain after erasure.

6. Limitation of Liability

To the maximum extent permitted by applicable law:

LedgerEye is provided "as is" and "as available" without warranties of any kind, whether express or implied.
We do not guarantee that risk scores, sanctions screening results, or any analytical output will be complete, accurate, or suitable for any specific legal or regulatory purpose.
IMMUTRACE shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the platform.
Our total aggregate liability for any claims arising from these Terms or your use of LedgerEye shall not exceed the amounts paid by you, if any, in the twelve months preceding the claim.

7. Termination

We may suspend or terminate your access to LedgerEye at any time, with or without cause, and with or without notice. You may stop using the platform at any time. Upon termination, your right to access the platform ceases immediately. Provisions regarding intellectual property, limitation of liability, and governing law survive termination.

8. Modifications to Terms

We reserve the right to modify these Terms at any time. Material changes will be communicated via the platform or by email. Continued use of LedgerEye after changes become effective constitutes acceptance of the revised Terms.

9. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of Italy and applicable European Union regulations, including the General Data Protection Regulation (GDPR). Any disputes arising from these Terms or your use of LedgerEye shall be subject to the exclusive jurisdiction of the courts of Italy.

10. Contact

For questions about these Terms, contact us at:
IMMUTRACE
Email: decision.acc@gmail.com

Intelligence tools shouldn't be black boxes.

Four steps to verifiable intelligence

Import

Analyze

Approve

Prove