Security Practices & Policies
Levelset Security Policies & Practices
Levelset’s 50+ person technology groups have your company’s security and safety as a top priority. Our company leverages world-class technology platforms like Amazon Web Services, Stripe, GoDaddy, and Symantec, and follows security best practices, to protect our users’ data and platform activity. Read more about our security features and practices below. We’re also happy to connect users with our engineering group to more specifically discuss the security measures in place to protect your company.
We work rigorously to ensure your information is secure.
Stripe Certified PCI Level 1
All financial data/financial transactions go through Stripe,, a Certified PCI Service Provider Level 1, the most stringent level of certification.
Synopsis Penetration Testing
We’re tested periodically by a professional security and penetration testing vendor to help ensure your data is protected from security vulnerabilities and other online threats.
The system’s production environment uses a segregated architecture that prevents unauthorized access to the users’ data even in the remote case of front-end compromise.
Insured SSL Security
All information traveling between your browser and Levelset is protected with secure communication protocol (TLS), which uses security certificates signed by Amazon’s AWS Certificate Manager, a robust cloud provider for online security certificates. This ensures the confidentiality and integrity of communication even if it was intercepted.
Sensitive information protection
Transport: Our servers use high grade Secure Socket Layer SSL 2048-bit certificate encryption for the secure transmit of sensitive user information. Also, our encryption certificates are extensively verified to assure our clients the validity of the website. Storage: We do not store sensitive information such as Credit Card Numbers or Social Security Numbers. We only relay them to trusted services and protect them within our system using strong access control.
Authorization and Access Control
The website uses a hybrid role based fine-grained access control mechanism that prevents unauthorized access to user data. Secure session management: We have a cryptographically secure industry-standard session management framework.
Network perimeter security
Our servers are protected with a robust firewall system that prevents unauthorized network access.
Our server’s are hardened to withstand the majority of common hacking mechanisms.
The website uses a special framework that defends against Cross-Site-Scripting (XSS) attacks.
The website uses tight authentication mechanism that requires users to use strong passwords and secures their password using strong one-way password storage mechanism (hashing) that makes them almost impossible to retrieve.
We take extra steps to securely configure all third-party frameworks integration with external systems to make sure that no trust boundaries have been crossed.
Periodic application and infrastructure vulnerability scanning is conducted to keep abreast of any newly introduced threats and fix them right away.
Periodic website scanning is conducted by a reputable anti-malware vendor to make sure that our website is clear from any malware.
Incident Response Readiness
Our team is fully capable of responding to security incidents with available audit trails, tools and knowledge for containment, eradication and forensic investigation.
Disaster Recovery Planning
We rely on highly availability cloud infrastructure that can withstand natural disasters. Additionally, we keep our own offsite backups that can be referred to in cases of cloud provider failure.
Frequently Asked Questions about Levelset Security Practices & Policies
Where can I find your company's data use and privacy policies?
1121 Josephine Street
New Orleans, Louisiana 70130