Security | Lev Trust Center

Security

Network architecture

Our infrastructure is designed with security as a foundational principle. The diagram below illustrates how data flows through our system, with encryption applied at every stage.

Network Architecture

Data Flow Overview

Infrastructure security

Our platform is hosted on Amazon Web Services (AWS), a leading cloud provider that maintains rigorous compliance certifications including SOC 2, ISO 27001, and more. This foundation provides enterprise-grade security controls that would be cost-prohibitive to implement independently.

Even if there is an interruption to one system, the rest of our services stay up and secure with physically separated database instances. This architecture eliminates single points of failure and ensures business continuity.

physical_security

AWS data centers provide comprehensive physical security controls:

24/7 physical security monitoring with on-site personnel

State-of-the-art fire detection and suppression systems

Redundant utilities and backup power systems

Biometric access controls for authorized personnel only

network_security

All network traffic is encrypted and continuously monitored:

SSL/HTTPS encryption for all traffic

CloudSploit & Prowler for continuous security monitoring

Network segmentation and isolation between services

DDoS protection and Web Application Firewall (WAF)

Data protection & encryption

All data is encrypted both at rest and in transit. We implement strict data classification and handling procedures with purpose limitation controls, ensuring your information is protected throughout its lifecycle.

encryption_standards

at_rest

AES-256 encryption — All stored data is encrypted using this industry-standard algorithm, protecting data in our databases and file systems.

in_transit

TLS 1.2+ encryption — All data transmitted between your browser and our servers is encrypted. We enforce HTTPS and implement HSTS headers.

key_mgmt

AWS KMS — Encryption keys are managed with strict rotation policies. Keys are never stored alongside encrypted data and access is tightly controlled.

Access control

We request only the minimum permissions needed to enable the functionality you want, with strict access controls and usage limitations. This principle of least privilege is fundamental to our security architecture.

For enterprise customers, we support SAML-based Single Sign-On, allowing you to connect Lev with your existing identity provider for seamless and secure authentication.

Authentication Flow

authentication

Multiple layers of identity verification protect your account:

Multi-factor authentication (MFA) — Required for all users

SAML/SSO integration — Connect with your existing identity provider

Strong password requirements — Enforced complexity and length

Session management — Automatic timeout and secure session handling

authorization_monitoring

Fine-grained controls and continuous oversight:

Role-based access control (RBAC) with granular permissions

Segregation of duties for sensitive operations

Comprehensive audit logging for all access events

Real-time alerting on suspicious activity

Regular access reviews and automated deprovisioning

LLM usage

Lev uses Large Language Models (LLMs) to power intelligent automation features. Here's how we handle your data when processing with AI.

model_providers

openai

Quote extraction & note generation — Uses ZDR (Zero Data Retention) API. Prompts and completions are not stored after processing.

anthropic

Complex reasoning tasks — Does not train on customer data submitted through their API.

gemini

Google Gemini — Enterprise API with data processing agreement. No training on customer inputs.

data_protection

no_training

Your data is never used to train or fine-tune AI models. We use API endpoints with explicit opt-out from training programs.

zero_retention

We use Zero Data Retention (ZDR) API agreements. Prompts and completions are not stored by model providers after processing.

minimal_context

Only minimum necessary data is sent. Content is processed in isolation without unnecessary context or metadata.

data_scope

sent

Email body text (for extraction), attachment content (term sheets), names (only when needed for context)

✕never_sent

Account credentials, other customers' data, historical deal data, contact lists, financial information

Email integration security

Two key principles guide our email integration: no human access and deal-relevant filtering. Your contacts remain completely private and only visible to you.