Level365’s infrastructure has been architected with security in mind, built from the ground up following the CIS Benchmarks for infrastructure, server OS, and applications. This helps us ensure that we are delivering the best UC possible in the most secure way.
Level365 offers TLS and SRTP, enabling the highest cryptographically secure encryption in the industry. Combined with Session Border Controllers at the edge and a properly configured LAN, you can take comfort in knowing that all of your communications are secure.
Level365 also employs staff who are security trained in both offensive and defensive security. Leveraging this team, we are able to constantly evaluate our systems as threats evolve, identify threats before bad actors do, and detect and counter bad actors in real-time.
Vulnerabilities and Disclosure
Level365 has partnered with Federacy to manage our Vulnerability Disclosure Program. We take security extremely seriously, and welcome ethical research and disclosure as part of our Vulnerability Disclosure Program. More details can be found here.
Compliance and Security Standards
Certain industries require compliance under external programs, such as HIPAA, SOX, and PCI. Our product offerings can be used under these programs assuming certain features are disabled and not used. Level365 can provide guidance on these features on request.
Level365 performs regular internal audits of all systems, including security, availability, confidentiality, and privacy. We utilize a mix of controls from SOC, NIST, ISO, and CIS. These audits include applications, processes, and infrastructure.
The SOC 2 is a report for Service Organizations based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Level365 has completed this audit, and a copy is available via request here.
Communications is the core of modern business. With that in mind, Level365 engineered its UC platform from the ground up for reliability. And with an annual uptime of 99.995% (26 minutes of downtime a year) or better, we deliver. Level365 utilizes redundancy at every level, from redundant power supplies to clustered servers, spanning multiple geographically separate data centers and voice providers.
1.1. On various Level365 web pages Customer can order services, make requests, and register to receive materials or support. The types of personal information collected at these pages are name, username, contact and billing information, transaction, and credit card information. Data collected online may also be combined with information provided during ownership registration of Level365 products and services. In order to tailor subsequent communications and continuously improve products and services,
Level365 may ask Customer to voluntarily provide information regarding Customer’s personal or professional interests, demographics, product experience, and contact information.
1.2. Level365 will not sell, rent, or lease Customer’s personally identifiable information to others. Except as may be required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to a customer or others, Level365 will only share the personal data the Customer provided with business partners who are acting on Level365’s behalf to complete the
1.3. Level365 uses Customer’s information to better understand customer needs and continuously improve the level of service provided. Specifically, Customer’s information is used to help complete a transaction, to communicate back to Customer, to update Customer on service and benefits, and to personalize Level365’s web site. Credit card numbers are used only for payment processing and are not utilized for other purposes.
1.4. From time to time, Level365 may use Customer’s information to contact Customer for market research or to provide Customer with information thought to be of particular interest. At a minimum, Customer will have the opportunity to opt out of receiving such direct marketing or market research contact. Where applicable, Level365 will also follow local requirements such as allowing Customer to opt out from receiving an unsolicited contact.
1.5. Level365 strives to keep Customer’s personally identifiable information accurate. Every effort is made to provide Customer with online access to Customer’s registration data so that Customer may update or correct Customer’s information at any time. Level365 is committed to ensuring the security of Customer’s information. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, appropriate procedures are in place to safeguard and secure the information collected online. Level365 uses encryption when collecting or transferring sensitive data such as credit card information.
1.6. Level365 may also collect certain non-personally identifiable information when Customer visits Level365’s website. Level365 accomplishes this through the use of “cookies” or tracking mechanisms that collect this type of information. If Customer does not want this to happen or wants to know when it does happen, Customer’s browser should be set to warn Customer or to block cookies (although blocking cookies may affect Customer’s use of certain sites). In addition, Level365 or others may use small bits
of code called “one-pixel gifs” or “clear gifs” embedded in some web pages to make cookies more effective.
1.7. Level365 has put in place physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information Level365 collects online. However, no transmission of data over the internet is guaranteed to be completely secure. While Level365 strives to protect Customer’s information, Level365 cannot guarantee or warrant the security of any information Customer transmits to Level365. Any such transmission is done at Customer’s own risk. Neither people nor security systems are foolproof, and people can commit intentional crimes, make
mistakes or fail to follow policies. Although Level365 takes certain precautions, Level365 does not guarantee security. Additionally, it may be possible for third parties to intercept or access transmissions or private communications unlawfully. Customer assumes the risk of any failure of security and agrees to do what Customer reasonably can to promote security.
2. Notwithstanding the above policies and guidelines, there are Federal Communications Commission rules governing the access, use and disclosure of certain information that Level365 obtains from you if it provides VoIP services to you. (“Level365 Business Voice Services”
including, but not limited to, “Integrated Voice” and “Hosted Voice” are VoIP services.) This information is known as Customer Proprietary Network Information (“CPNI”). You have the right to restrict Level365 from accessing, using or disclosing CPNI in certain circumstances. If you receive VoIP services from Level365, please refer to Section 5 of the Level365 Business Voice Services addendum for additional information regarding your CPNI rights.