Credential Ledger logo Credential Ledger
Sign in
Trust

Security at Credential Ledger

Last updated June 12, 2026

This page is an honest, plain-language overview of how we protect your agency's data. We describe only what we actually do — no inflated claims and no certifications we don't hold. Credential Ledger is operated by MortonApps LLC.

No patient data — by design. The single biggest way we reduce risk is by never holding protected health information (PHI). There are no patient fields anywhere in the product, and entering PHI is prohibited by our Terms of Service. A breach here cannot expose patient information, because patient information is never here.

Encryption in transit and at rest

  • In transit: all traffic between your browser and the service is encrypted over HTTPS (TLS).
  • At rest: your data is stored on Cloudflare's managed database (D1) and storage, which encrypt data at rest. If your agency configures its own email credentials, those are additionally encrypted with AES-GCM before being stored.

Authentication and sessions

  • Passwords are hashed with PBKDF2-HMAC-SHA256 using a per-user random salt. We cannot see or recover your password.
  • Each person sets their own password from a single-use invite or reset link — admins never type or see another user's password.
  • Sessions are server-side: the session record lives in our database, and the browser only holds an HttpOnly cookie that scripts cannot read. The session token is stored hashed, so a database leak does not expose usable tokens.
  • Authentication is fully self-contained — there is no third-party identity provider holding your logins.

Access controls and isolation

  • Role-based access within each agency: admin, staff, and read-only viewer roles limit who can see and change what. An optional volunteer self-login role can only log its own hours.
  • Tenant isolation: each agency's data is isolated to its own workspace, and every database query is scoped to that agency.
  • Audit trail: each hour entry records who created or changed it.

Hosting and backups

  • The application runs on Cloudflare's global network (Cloudflare Pages and Functions), with data in Cloudflare D1.
  • The database benefits from Cloudflare's automatic platform-level backups for its managed D1 service. In addition, your agency can export all of its records to CSV at any time — we recommend exporting periodically as your own independent copy.
  • There are no third-party tracking or advertising scripts on this site or in the app.

How we handle your data

  • We collect only what the service needs to run, and we never sell data, never run ads, and never use customer data to train AI models.
  • Your agency owns its data and can export or request deletion of it at any time. See our Privacy Policy and Data Processing Addendum for the details.
  • If we ever discover a breach involving your data, we will notify affected agencies without undue delay.

What we don't claim

We want to be straight with you: Credential Ledger is a small, focused product. We are not currently SOC 2, ISO 27001, or HIPAA certified, and we don't claim to be. Our security model is built on keeping the product simple, the attack surface small, and PHI out of the system entirely. No internet service can promise perfect security, but we design conservatively and tell you the truth about what we do.

Reporting a concern

If you have a security question, or believe you've found a vulnerability, please email info@hospiceapps.com. It's a real, monitored inbox staffed by the people who build the product, and we respond to security reports promptly.

See also our Privacy Policy, Terms of Service, and Data Processing Addendum.