Learn

Security

Infrastructure, encryption, access control, and AI usage.

Updated December 2025

Network architecture

Our infrastructure is designed with security as a foundational principle. The diagram below illustrates how data flows through our system, with encryption applied at every stage.

Network Architecture

Data Flow Overview

Infrastructure security

Our platform is hosted on Amazon Web Services (AWS), a leading cloud provider that maintains rigorous compliance certifications including SOC 2, ISO 27001, and more. This foundation provides enterprise-grade security controls that would be cost-prohibitive to implement independently.

Even if there is an interruption to one system, the rest of our services stay up and secure with physically separated database instances. This architecture eliminates single points of failure and ensures business continuity.

Physical Security

AWS data centers provide comprehensive physical security controls:

    Network Security

    All network traffic is encrypted and continuously monitored:

      Infrastructure Details

      Region

      us-east-1

      Compute

      EKS (Kubernetes)

      Database

      RDS Aurora PostgreSQL

      Storage

      S3 (encrypted)

      Search

      OpenSearch (vector + full-text)

      Cache

      Redis (Sentinel HA)

      Messaging

      SQS/SNS

      Data protection & encryption

      All data is encrypted both at rest and in transit. We implement strict data classification and handling procedures with purpose limitation controls, ensuring your information is protected throughout its lifecycle.

      Encryption Standards

      At Rest

      AES-256 encryption — All stored data is encrypted using this industry-standard algorithm, protecting data in our databases and file systems.

      In Transit

      TLS 1.2+ encryption — All data transmitted between your browser and our servers is encrypted. We enforce HTTPS and implement HSTS headers.

      Key Mgmt

      AWS KMS — Encryption keys are managed with strict rotation policies. Keys are never stored alongside encrypted data and access is tightly controlled.

      Access control

      We request only the minimum permissions needed to enable the functionality you want, with strict access controls and usage limitations. This principle of least privilege is fundamental to our security architecture.

      For enterprise customers, we support SAML-based Single Sign-On, allowing you to connect Lev with your existing identity provider for seamless and secure authentication.

      Authentication Flow

      Authentication

      MFA
      Multi-factor authentication available for all users via Auth0
      SSO
      SAML/SSO integration with your existing identity provider
      Passwordless
      Users login via secure one-time codes sent to their email
      Sessions
      Automatic timeout and secure session handling

      Authorization & Monitoring

      RBAC
      Role-based access control with granular permissions
      Segregation
      Segregation of duties for sensitive operations
      Audit Logs
      Comprehensive audit logging for all access events
      Alerting
      Real-time alerting on suspicious activity, errors, and health issues
      Reviews
      Regular access reviews and automated deprovisioning

      LLM usage

      Lev uses Large Language Models (LLMs) to power intelligent automation features. Here's how we handle your data when processing with AI.

      Model Providers

      We use multiple LLM providers including OpenAI, Anthropic, and Google. Our agreements with all providers explicitly prohibit the use of your data for model training. Your data is never used to train or fine-tune any AI models.

      Data Protection Guarantees

      No Training
      Your data is never used to train or fine-tune AI models. All provider agreements explicitly prohibit training on customer data.
      Minimal Context
      Only minimum necessary data is sent. Content is processed in isolation without unnecessary context or metadata.
      Encryption
      All data sent to LLM providers is encrypted in transit (TLS 1.2+).

      What Data Is Sent

      Sent
      Email body text (for extraction), attachment content (term sheets), names (only when needed for context)
      Never Sent
      Account credentials, other customers' data, historical deal data unrelated to the task, contact lists, payment information

      Internal Logging

      For quality assurance and debugging purposes, we maintain logs of AI interactions internally. These logs include prompts and completions and are stored in our secure infrastructure with the same protections applied to all customer data.

      Email integration security

      For detailed information about how we handle email data, see our dedicated documentation.

      Email integration documentation

      More in this section
      Privacy Policy
      Lev privacy policy.
      Terms and Conditions
      Terms and conditions for using the Lev platform.
      AI & Data Handling
      How Lev uses AI, data sent to LLMs, and customer controls.
      Compliance
      SOC 2 Type II, penetration testing, and privacy regulations.