Built for university and laboratory procurement.
One page summarising LevelSixLabs's security posture, data protection commitments, AI transparency, and the documents your procurement team needs.
At a glance
Four pillars that underpin every line of code we ship.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Files served via short-lived signed URLs only.
EU-resident data
Hosted in EU West (London). No primary data leaves the EU.
Row-level security
Database-level isolation between organisations. Enforced regardless of application bugs.
Audit logging
Significant actions logged. 12-month retention. Admins can review their org's history.
Compliance status
We are honest about where we are. Here is what is in place today and what we are working towards.
UK GDPR aware
Lawful basis tracked, data subject rights honoured, retention defined.
Encryption in transit & at rest
TLS 1.2+ and AES-256 across the stack.
RBAC + multi-tenant isolation
4 roles, 7 modules × 6 actions, RLS-enforced.
DPA available
Template can be sent on request.
Audit logging
Significant actions captured with 12-month retention.
ICO registration in progress
LevelSixLabs Ltd Data Controller registration with UK ICO.
ISO 27001 readiness
Targeting policy framework alignment before public beta.
SOC 2 Type I
Planned for post-beta after scale-out.
External penetration test
Scheduled before general availability.
Documents
Everything your IT, compliance, and procurement teams might ask for.
Security Overview
Infrastructure, encryption, access controls, incident response.
Privacy Policy
How we collect, use and protect personal data under UK GDPR.
Terms of Service
Contractual terms, AUP, liability, governing law.
Cookie Policy
What cookies we set and how you can control them.
Subprocessor List
Every third party that processes your data.
AI Transparency
How AI label scanning works, its limits, your controls.
Privacy Request
Submit a data access, correction, or deletion request.
Frequently asked by procurement
If your question isn't here, just ask.
Where is our data stored?
All primary customer data is stored in Supabase EU West (London). Hosting runs on Vercel with EU edge regions. Backups remain in EU regions.
Do you train AI models on our data?
No. Anthropic does not use LevelSixLabs customer data to train its models, and we do not train any AI models on customer data ourselves. AI features are optional and explicit — see our AI Transparency Statement.
Can we get a DPA?
Yes. Email privacy@levelsixlabs.com and we will send a Data Processing Agreement template suitable for UK GDPR-controlled data.
Is LevelSixLabs ISO 27001 / SOC 2 certified?
Not yet — we are an early-stage platform. Our infrastructure providers (Vercel, Supabase, Stripe) are SOC 2 Type II or equivalent. We are happy to share what we have today and our roadmap for formal certification.
Can our IT team review your security setup?
Absolutely. We provide architecture diagrams, security questionnaire responses, and access to our security team on request. Email security@levelsixlabs.com.
How do you handle a data breach?
We notify affected customers without undue delay. Where required by UK GDPR, we notify the ICO within 72 hours of becoming aware of a breach.
Talk to our security team
Procurement review? Security questionnaire? Architecture diagram? Email us — we typically respond within one working day.