.svg)
We built Level to be secure from the ground up. Our team is committed to providing a safe, secure, and private platform for remote device management.
Compliancy
Our commitment to compliance is demonstrated through our rigorous adherence to international standards and regulations. We ensure Level not only meets, but exceeds the security and privacy requirements laid out by SOC 2 and GDPR.
We remain committed to stringent controls and procedures to protect the confidentiality, availability, and privacy of your information. Level is designed with the integrity and security needed to safeguard your operational environments.
We implement strong data protection practices and give you control over your personal information with utmost respect for privacy rights and transparency. Level is dedicated to protecting the privacy of individuals within the European Union and beyond.
Access control
Easy-to-use control over who can see and update your account data with our permissions and access management. Best-in-class tools and infrastructure to keep your data safe.
Because you connect directly to the device you’re managing, data never passes through our servers. This greatly reduces access points and attack vectors.
Set password policies for your users to require complex passwords. Optionally, require all users to enable multi-factor authentication.
Grant custom permissions for individual users. Restrict the changes users can make, easily add/remove permissions, and onboard new users to your team in seconds.
Impose restrictions on which devices can access your data. IP allow lists and deny lists prevent connections from untrusted devices.
Review changes to your account & devices at a glance, with an audit trail of who made edits when.
Our internal identity access and secrets management policies mean that access to production data is heavily guarded.
Encrypted networks
Infrastructure is critical to keeping your account secure. Behind the scenes, we use industry-leading cloud providers and networking best practices to make sure Level is both highly secure and highly available.
Any time data is stored in our databases or server hard drives, it’s encrypted first. Access is only possible via a long, random key phrase.
HTTPS and SSL everywhere, no exceptions. If data moves between our servers and a connected client, it’s via an encrypted channel -- always.
Our servers & database are behind a strict firewall to only allow authorized connections. Automated network traffic monitoring to detect and prevent intrusion attempts.
Automated backups of user data occur every hour. We can restore a backup within minutes, protecting you from data loss.
We use a private cloud to host our infrastructure with private IP addresses. Outside devices will never be able to reach those private machines.
When we need to use an external provider, we make sure they’re established and trusted. Our staff must use a password manager and multi-factor authentication for all external accounts.
Incident response
We’re prepared in the event of a security incident. Rapid discovery, automated escalation, and quick recovery are our priorities. Transparency and keeping users informed along the way are core values.
Tracking & logging system metrics and traffic flows at all times. We use best-in-class application and infrastructure monitoring software to drive insights.
When there’s an anomaly, we want to know as soon as possible. Our engineers receive automated alerts upon detection. Alerts escalate to senior management above a threshold.
We can roll back both the code and the database to prior versions instantly, as needed. Minimal time to remediation for our customers.
Transparency is critical when it comes to security events. We’ll keep you up to date on system status, and you’ll have access to post-incident reports.
Users are our most valuable source of feedback and error detection. If you notice something amiss, please don’t hesitate to contact us.
After every incident, we’ll conduct a thorough review with our team of what happened, how, and what steps we can take in the future to prevent it.
Development practices
Internal practices, decisions, and training to make sure our developers and product designers always put security first.
We think first about security, before we build anything. Our code architecture enforces security by design.
Using an agile approach with small, frequent releases means changes are easier to review, test, and rollback -- reducing overall risk.
All code, no matter how small, must be reviewed and tested. Each release must pass a complete quality assurance checklist.
We use industry standard version control (git) and cloud repositories (GitHub) to securely host our code and trigger deployments. When a deploy goes wrong, we can instantly roll back to an earlier version of the code.
Internal policies enforce and encourage a culture of security. All our developers receive training on security best practices.
Code gets merged into our application only after passing our entire test suite and receiving code review approval. Continuous testing, integration, & deployment means there’s no guesswork or variability in the deploy process.
Start your 14-day free trial today.
