Trust · Security

Security at LevAI

LevAI builds applied AI systems for production environments. Security and reliability are part of how we scope, ship, and operate software—not an afterthought.

How we think about risk

Every engagement starts from your data sensitivity, regulatory context, and threat model. We align architecture, access controls, and observability with those constraints—whether we host managed services or deploy inside your cloud.

Infrastructure & encryption

We rely on reputable cloud and SaaS providers for hosting and operations. Data in transit is protected using TLS where supported; data at rest uses provider-managed or application-level encryption appropriate to the deployment. Exact mechanisms can be documented in your order or security appendix.

Access control

Production access is limited by role and need. We favor least-privilege identities, short-lived credentials where possible, and separation between development, staging, and production for customer systems we operate.

AI-specific considerations

For LLM and agentic workflows we emphasize grounding, citation where applicable, prompt and tool isolation between tenants, logging for auditability, and guardrails aligned with your policies. Outputs are not a substitute for human judgment in high-risk domains.

Dependencies & subprocessors

Enterprise deployments may use third-party model APIs, vector databases, and automation platforms. We maintain an inventory of subprocessors relevant to your stack and can share details under NDA as part of procurement.

Incident response

We maintain processes to detect, contain, and recover from security issues affecting systems we manage. Customers who have an active support agreement receive notifications per the timelines and channels defined in contract.

Reporting a vulnerability

If you believe you’ve found a security issue in a LevAI-operated property, reach out through your existing LevAI commercial or support channel with a concise description and reproduction steps. We appreciate responsible disclosure and will work with you on validation and remediation.

Privacy

Personal data handling is described in our Privacy Policy. Commercial terms are in our Terms of Service and any enterprise agreement you sign.

← Back to home