← Back to Legal Centre
SECURITY

Security Overview

How we protect your data and maintain platform security

1. Authentication

Levqor uses a passwordless magic-link authentication system. When you sign in, we send a secure, time-limited link to your email address. This approach:

  • Eliminates the risk of password theft or weak passwords
  • Reduces the attack surface compared to traditional password systems
  • Ties account security to your email account security

Your responsibility: Keep your email account secure with a strong password and enable two-factor authentication on your email provider.

2. Data in Transit

All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2+). We enforce HTTPS on all connections and use HSTS headers to prevent downgrade attacks.

3. Data at Rest

Data stored in our databases is encrypted at rest using industry-standard encryption. Access to database systems is restricted and logged.

4. Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Levqor never sees, stores, or has access to your credit card details. We only receive transaction metadata necessary for order fulfilment.

5. Data Separation

We maintain logical separation between customer data. Each customer's workflows, configurations, and data are isolated within their account. Access controls ensure that users can only access their own data.

6. Monitoring and Incident Response

We implement monitoring and logging to detect suspicious activity:

  • Automated monitoring for unusual access patterns
  • Logging of authentication attempts and key system events
  • Regular review of security logs and alerts

In the event of a security incident, we have procedures to investigate, contain, and remediate issues. If your data is affected, we will notify you in accordance with applicable laws and our Data Processing Agreement.

7. Backups and Resilience

We maintain regular backups of platform data to ensure we can recover from data loss or system failures. Backups are encrypted and stored securely.

8. What You Should Do

Security is a shared responsibility. Here's what you can do to protect your account:

  • Secure your email: Use a strong, unique password and enable 2FA on your email account.
  • Be vigilant: Don't click on suspicious links. Verify magic-link emails come from our official domain.
  • Report issues: If you notice anything suspicious, contact us immediately.
  • Keep devices secure: Ensure your computer and devices are protected with up-to-date security software.

9. Reporting Security Issues

If you discover a security vulnerability or have concerns about platform security, please report it to us immediately through our Contact page. We take all security reports seriously and will respond promptly.

See also: Privacy Policy | Data Processing Agreement