Paprel

Security & Trust

Built to be trusted with the ledger

Paprel is infrastructure teams build their financial system of record on. This page is a straight account of how we protect data, keep the ledger correct, and what our compliance posture is today — including what is in place and what is on the roadmap.

We keep this page current as our posture evolves.

SOC 2Type II roadmap
ISO 27001Targeted roadmap
AuthOAuth 2.0 / 2.1
Uptime99.9% on newledger.io
RegionsUS · EU · APAC
Audit7yr · CSV/JSON

Data protection

  • Data is encrypted in transit (TLS 1.2+) and at rest.
  • Credentials and signing secrets are isolated from application data.
  • Sandbox and production run as separate, isolated environments so evaluation never touches live data.

Ledger integrity

  • Postings are double-entry and balance-validated — unbalanced entries are rejected, not corrected silently.
  • Journal history is append-only: corrections are new entries, the original record is never overwritten.
  • Writes are idempotent via client-supplied keys, so retries cannot create duplicate entries.

Access control & auditability

  • Scoped API keys and token-based authentication, with role-based permissions per actor.
  • Requests can be signed and verified to confirm payload integrity.
  • Changes, approvals, and automation activity are captured in audit history for finance and review teams.

Availability & infrastructure

  • Cloud-native deployment with managed or self-hosted options depending on your model.
  • Regular backups of ledger data with documented recovery procedures.
  • We share environment, region, and uptime details with teams during evaluation.

Data ownership & privacy

  • Your data is yours. It is processed to provide the service, not sold or used for advertising.
  • Data can be exported in full at any time; we do not lock the ledger behind the product.
  • A Data Processing Agreement (DPA) and sub-processor list are available on request during evaluation.

Compliance posture — stated plainly

We design controls aligned with SOC 2 principles and with the double-entry standards used in GAAP and IFRS reporting. We are not making certification claims we have not earned: formal certifications are on our roadmap, and we will publish them here when they are in place. Until then, we share our current control posture, security documentation, and a DPA directly with teams during evaluation. If a specific certification or control is a gate for you, tell us early and we will be candid about where we are.

Responsible disclosure

If you believe you have found a security issue, email us and we will respond to good-faith reports. We do not pursue researchers who report responsibly and give us reasonable time to address issues.

Security contact

[email protected]

Who you are dealing with

Paprel is operated by a registered legal entity with clear company and compliance contacts for diligence.

Legal entity

NEXARA GLOBAL PTE. LTD. (operating as Paprel)

Company registration

UEN: 202516221H

Registered address

68 Circular Road, #02-01 Singapore 049422

Legal & compliance

[email protected]

Security review

Doing diligence on Paprel?

Bring your security and finance reviewers. We will walk through architecture, controls, and documentation in detail.

Book an architecture review Read the API documentation
We use cookies to improve your experience. Manage preferences or accept all.