# Security

> Infrastructure, encryption, access control, and AI usage.

Source: https://www.lev.com/docs/learn/security

Last updated: December 2025

---
Network architecture
  
    Our infrastructure is designed with security as a foundational principle. This diagram
    illustrates how data flows through our system, with encryption applied at every stage.
  
  
    
  

  
    
      
    
  

  Infrastructure security
  
    
      Our platform is hosted on **Amazon Web Services (AWS)**,
      a leading cloud provider that maintains rigorous compliance certifications including SOC 2,
      ISO 27001, and more. This foundation provides enterprise-grade security controls that would
      be cost-prohibitive to implement independently.
    
    
      Even if there is an interruption to one system, the rest of our services stay up and
      secure with physically separated database instances. This architecture eliminates single
      points of failure and ensures business continuity.
    
  

  
    
      AWS data centers provide comprehensive physical security controls:
    
    
  

  
    
      All network traffic is encrypted and continuously monitored:
    
    
  

  
    
      
        
          Region
        
        
          us-east-1
        
      
      
        
          Compute
        
        
          EKS (Kubernetes)
        
      
      
        
          Database
        
        
          RDS Aurora PostgreSQL
        
      
      
        
          Storage
        
        
          S3 (encrypted)
        
      
      
        
          Search
        
        
          OpenSearch (vector + full-text)
        
      
      
        
          Cache
        
        
          Redis (Sentinel HA)
        
      
      
        
          Messaging
        
        
          SQS/SNS
        
      
    
  

  Data protection & encryption
  
    All data is encrypted both at rest and in transit. We implement strict data classification
    and handling procedures with purpose limitation controls, ensuring your information is
    protected throughout its lifecycle.
  

  
    
      
        
          At Rest
        
        
          **AES-256 encryption** — All stored data is encrypted using this
          industry-standard algorithm, protecting data in our databases and file systems.
        
      
      
        
          In Transit
        
        
          **TLS 1.2+ encryption** — All data transmitted between your browser
          and our servers is encrypted. We enforce HTTPS and implement HSTS headers.
        
      
      
        
          Key Mgmt
        
        
          **AWS KMS** — Encryption keys are managed with strict rotation policies.
          Keys are never stored alongside encrypted data and access is tightly controlled.
        
      
    
  

  Access control
  
    
      We request only the minimum permissions needed to enable the functionality you want,
      with strict access controls and usage limitations. This{' '}
      **principle of least privilege**{' '}
      is fundamental to our security architecture.
    
    
      For enterprise customers, we support SAML-based Single Sign-On, allowing you to connect
      Lev with your existing identity provider for seamless and secure authentication.
    
  

  
    
      
    
  

  
    
      
        MFA
        Multi-factor authentication available for all users via Auth0
      
      
        SSO
        SAML/SSO integration with your existing identity provider
      
      
        Passwordless
        Users login via secure one-time codes sent to their email
      
      
        Sessions
        Automatic timeout and secure session handling
      
    
  

  
    
      
        RBAC
        Role-based access control with granular permissions
      
      
        Segregation
        Segregation of duties for sensitive operations
      
      
        Audit Logs
        Comprehensive audit logging for all access events
      
      
        Alerting
        Real-time alerting on suspicious activity, errors, and health issues
      
      
        Reviews
        Regular access reviews and automated deprovisioning
      
    
  

  LLM usage
  
    Lev uses Large Language Models (LLMs) to power intelligent automation features.
    Here's how we handle your data when processing with AI.
  

  Model Providers
  
    We use multiple LLM providers including OpenAI, Anthropic, and Google.
    ** Our agreements with all providers explicitly prohibit the use of your data for model training.**
    Your data is never used to train or fine-tune any AI models.
  

  
    
      
        No Training
        Your data is never used to train or fine-tune AI models. All provider agreements explicitly prohibit training on customer data.
      
      
        Minimal Context
        Only minimum necessary data is sent. Content is processed in isolation without unnecessary context or metadata.
      
      
        Encryption
        All data sent to LLM providers is encrypted in transit (TLS 1.2+).
      
    
  

  
    
      
        Sent
        Email body text (for extraction), attachment content (term sheets), names (only when needed for context)
      
      
        Never Sent
        Account credentials, other customers' data, historical deal data unrelated to the task, contact lists, payment information
      
    
  

  Internal Logging
  
    For quality assurance and debugging purposes, we maintain logs of AI interactions internally.
    These logs include prompts and completions and are stored in our secure infrastructure
    with the same protections applied to all customer data.
  

  Email integration security
  
    For detailed information about how we handle email data, see our dedicated documentation.
  
  
    Email integration documentation