Built from the ground up for security.

We built Level to be secure from the ground up. Our team is committed to providing a safe, secure, and private platform for remote device management.

Level Security

Access control

Safeguards to keep your account and stored data as secure as possible.

Easy-to-use control over who can see and update your account data with our permissions and access management. Best-in-class tools and infrastructure to keep your data safe.

Peer-to-peer

Because you connect directly to the device you’re managing, data never passes through our servers. This greatly reduces access points and attack vectors.

Passwords and multi-factor auth

Set password policies for your users to require complex passwords. Optionally, require all users to enable multi-factor authentication.

Permissions and write protections

Grant custom permissions for individual users. Restrict the changes users can make, easily add/remove permissions, and onboard new users to your team in seconds.

IP restrictions

Impose restrictions on which devices can access your data. IP allow lists and deny lists prevent connections from untrusted devices.

Audti trails and governance

Review changes to your account & devices at a glance, with an audit trail of who made edits when.

Restricted developer access

Our internal identity access and secrets management policies mean that access to production data is heavily guarded.

Encrypted networks

Protecting access to our data and infrastructure while in transit.

Infrastructure is critical to keeping your account secure. Behind the scenes, we use industry-leading cloud providers and networking best practices to make sure Level is both highly secure and highly available.

Encryption at rest

Any time data is stored in our databases or server hard drives, it’s encrypted first. Access is only possible via a long, random key phrase.

Encryption in transit

HTTPS and SSL everywhere, no exceptions. If data moves between our servers and a connected client, it’s via an encrypted channel -- always.

Firewall and intrusion prevention

Our servers & database are behind a strict firewall to only allow authorized connections. Automated network traffic monitoring to detect and prevent intrusion attempts.

Backups and data restoration

Automated backups of user data occur every hour. We can restore a backup within minutes, protecting you from data loss.

Servers on private IP addresses

We use a private cloud to host our infrastructure with private IP addresses. Outside devices will never be able to reach those private machines.

Secure external providers

When we need to use an external provider, we make sure they’re established and trusted. Our staff must use a password manager and multi-factor authentication for all external accounts.

Incident response

Planning ahead for how we’ll respond to a security event.

We’re prepared in the event of a security incident. Rapid discovery, automated escalation, and quick recovery are our priorities. Transparency and keeping users informed along the way are core values.

24/7 monitoring and logging

Tracking & logging system metrics and traffic flows at all times. We use best-in-class application and infrastructure monitoring software to drive insights.

Instant alerts and escalation

When there’s an anomaly, we want to know as soon as possible. Our engineers receive automated alerts upon detection. Alerts escalate to senior management above a threshold.

Rollbacks and backups for recovery

We can roll back both the code and the database to prior versions instantly, as needed. Minimal time to remediation for our customers.

Status updates for all users

Transparency is critical when it comes to security events. We’ll keep you up to date on system status, and you’ll have access to post-incident reports.

Bug and error reporting

Users are our most valuable source of feedback and error detection. If you notice something amiss, please don’t hesitate to contact us.

Post-incident investigation

After every incident, we’ll conduct a thorough review with our team of what happened, how, and what steps we can take in the future to prevent it.

Development practices

Mitigating bugs and vulnerabilities in our code

Internal practices, decisions, and training to make sure our developers and product designers always put security first.

Secure by design

We think first about security, before we build anything. Our code architecture enforces security by design.

Frequent, small releases

Using an agile approach with small, frequent releases means changes are easier to review, test, and rollback -- reducing overall risk.

Code reviews and testing

All code, no matter how small, must be reviewed and tested. Each release must pass a complete quality assurance checklist.

Version control and instant rollbacks

We use industry standard version control (git) and cloud repositories (GitHub) to securely host our code and trigger deployments. When a deploy goes wrong, we can instantly roll back to an earlier version of the code.

Policies and developer training

Internal policies enforce and encourage a culture of security. All our developers receive training on security best practices.

Automated testing and deployment

Code gets merged into our application only after passing our entire test suite and receiving code review approval. Continuous testing, integration, & deployment means there’s no guesswork or variability in the deploy process.