Here's why ours doesn't. Money is high-stakes. Wrong numbers mean wrong tax, wrong decisions, wrong investor updates. Ledgers is built on the assumption you don't trust the AI — and earns its way through six explicit guardrails.
High-confidence entries post automatically with a logged reason. The genuinely ambiguous ones — roughly 1% — and every VAT return are surfaced to you to approve before they post. You can see every decision in your audit log, and each sign-off is recorded cryptographically with your approval and a timestamp.
Every category, every JE, every approval is logged with: who decided it (agent or human), what inputs they had, what the confidence was, what the cost was. Nothing happens silently. You can replay the reasoning for any transaction, forever.
VAT returns. CIS300. Payroll approval. Each requires you to type I confirm exactly, then we record a SHA-256 hash over (org + period + box totals + your user ID + timestamp). The hash survives any future dispute with HMRC.
Period locks are enforced at the database. Once an accountant signs off March, no transaction dated March can be edited or created — by you, by the AI, by anyone. Even the founder can't override it without an explicit reversal entry that's itself logged.
The number on your dashboard is the real reconciliation gap, the real anomaly count, the real categorisation completeness. No placeholders. If we don't know, we say so. Our scoring rules are public — read the code.
VAT, CIS300, RTI: the AI prepares; the human signs; the human submits through HMRC's own tools. We don't want to be in the chain of liability if something goes wrong. The submission reference comes back into Ledgers as a paste — that's the audit anchor.
On the first of every month, Ledgers generates a Trust Receipt: a one-page PDF summarising how many transactions were categorised, how many you approved, the reconciliation gap, the confidence score, and a cryptographic (SHA-256) signature.
Each one has a public share URL — useful for investor updates, board packs, year-end handover, or any time someone asks "how do I know your books are right?"
See an example (coming with first customer →)The boring-but-essential infrastructure.
Bank feeds via TrueLayer (Open Banking). We can read transactions and balances. We cannot move money. We cannot initiate payments. Connection can be revoked from your bank's app in one tap.
TLS 1.3 in transit. AES-256 at rest. Database row-level security on every table — your org's data is invisible even to other Ledgers customers at the database layer.
All customer data stored in UK regions (eu-west-2). LLM inference runs in EU regions. No data leaves the UK/EU perimeter for processing.
We prepare your VAT return in the MTD 9-box format — reconciled, reviewed and ready to file through your MTD-compatible software or your accountant. Direct MTD submission is on our roadmap, not a claim we make today.
Audit underway with a Big-Four accredited assessor. Targeting Type I report Q3 2026, Type II Q1 2027. Until then, see our audit-trail design for our current trust posture.
Data Processing Agreement available on request. Subprocessors listed publicly. Right to export + delete enforced — you own your data, full stop.
No AI is perfect. Some month, our agent will mis-categorise a transaction. Some quarter, the VAT estimate will be off by a few pounds. We don't hide it.
Every transaction has an "Open audit trail" button. You see what the agent thought, what you approved or changed, and what the final state is. If we're wrong, it's discoverable in seconds — not buried in a CSV export.
And if the worst happens — a VAT penalty traceable to an agent error — Growth+ customers are covered by our Penalty Pledge: we pay the HMRC penalty. Conditions are short and on the page.
Connect a bank, run the agents on your last 30 days, see exactly what they did. Free to try.
Start free →