LevelUpSales.Ai Data and Security

Security and Risk Focus

LevelUpSales.Ai’s primary security focus is to safeguard our customers’ data. BSW Resources Group Sdn Bhd has invested in appropriate controls to protect and serve our customers. This investment includes implementing dedicated corporate, product, and infrastructure security programs. Our legal and compliance function, in partnership with other departments, oversees the implementation of these programs.

Our Security and Compliance Objectives

We have developed our security framework using best practices for the SaaS industry. Our key objectives include customer trust and protection, delivering reliable products and services while protecting the privacy and confidentiality of data. We also focus on availability and continuity of service, ensuring the service remains available and minimizing risks to service continuity. We prioritize information and service integrity to help ensure customer information is not corrupted or altered inappropriately. We aim to comply with or exceed industry-standard best practices where applicable.

Security Controls

To protect the data entrusted to us, LevelUpSales.Ai uses layers of administrative, technical, and physical security controls across our organization. The sections below describe a subset of our most frequently asked areas of control.

Infrastructure Security

Cloud Hosting Provider

LevelUpSales.Ai does not host product systems or customer data within its physical offices. We outsource hosting of our product infrastructure to leading cloud infrastructure providers. Our product infrastructure may be hosted on services such as Google Cloud Platform and/or Amazon Web Services. Our infrastructure may reside in one or more regions, and we rely on the audited security and compliance programs of our infrastructure providers for the effectiveness of their physical, environmental, and foundational infrastructure security controls.

Network and Perimeter

Our product infrastructure enforces multiple layers of filtering and inspection on connections across the web application, logical firewalls, and security groups. Network-level access controls are implemented to help prevent unauthorized access to internal infrastructure and resources. By default, firewall configurations deny network connections that are not explicitly authorized. Changes to network and perimeter systems are controlled through change management processes, and firewall rule sets are periodically reviewed to help ensure only necessary connections are permitted.

Configuration Management

Automation supports our ability to scale with customer needs, and configuration management is incorporated into day-to-day infrastructure operations. Server configurations are defined using standard images and configuration files used when provisioning compute resources. Changes to configurations and standard images are managed through controlled deployment pipelines. Resources are controlled from provisioning through deprovisioning to detect and reduce configuration drift, and patch management is performed through automated tools and standard operational practices designed to keep production environments aligned with expected baselines.

Logging

Actions and events that occur within the LevelUpSales.Ai application are logged to support operational visibility, troubleshooting, and security response. Logs are stored in centralized logging systems within our cloud environment. Access to modify or write to log storage is restricted to authorized personnel who require access for their job functions. Log retention periods vary depending on the nature of the logs and operational, security, or compliance requirements.

Alerting and Monitoring

We invest in monitoring, alerting, and response capabilities to identify and address potential issues. Our infrastructure is instrumented to notify appropriate personnel when anomalies occur, including elevated error rates, suspected abuse scenarios, and application attacks. Where appropriate, automated protections may be triggered to reduce impact, such as throttling or other protective controls, and incidents are investigated and addressed according to internal response procedures.

Application Security

Web Application Defenses

Customer content hosted on the platform is protected by layered application security controls. Monitoring tools are designed to detect suspicious activity at the application layer and alert on malicious behavior. Detection and prevention controls are aligned to common best-practice guidelines, including recommendations from the Open Web Application Security Project (OWASP), such as the OWASP Top 10. Protections against denial-of-service style attacks may be incorporated to help maintain service availability.

Development and Release Management

We use a modern development and release process intended to reduce risk and improve reliability. Code changes are reviewed and tested prior to deployment. Automated checks, including static analysis where applicable, help identify known misconfigurations before changes are promoted. Changes are typically deployed through controlled pipelines, and releases are validated in testing environments prior to production promotion. If deployment issues occur, rollback processes may be used to restore service stability. As a SaaS application, updates may be released without customer-managed downtime, and major changes may be communicated through product updates and/or in-app notifications.

Vulnerability Management

We maintain an approach to vulnerability management using industry-recognized tools and practices. Vulnerability scanning may occur on a scheduled basis and is supported by asset discovery and updated detection signatures. Periodic security testing, which may include penetration testing, is performed to identify vulnerabilities that could present security risks. Findings are assessed and prioritized for mitigation based on risk.

Customer Data Protection

Data Classification

Per our Terms of Service, customers are responsible for ensuring they only capture appropriate information necessary to support their marketing, sales, service, content management, and operations processes. LevelUpSales.Ai should not be used to collect or store highly sensitive information such as full credit or debit card numbers, detailed financial account information, government identification numbers, or sensitive health information, except where expressly permitted by applicable law and by our written agreement.

Tenant Separation

LevelUpSales.Ai provides a multi-tenant SaaS solution where customer data is logically separated using identifiers that associate data and objects to specific accounts. Authorization rules are incorporated into the platform architecture and are designed to prevent cross-tenant access. Authentication events and access-related changes may be logged to support security oversight.

Encryption

Data transmitted between your device and LevelUpSales.Ai is encrypted in transit using TLS. We also implement encryption at rest for stored platform data using industry-standard methods. User passwords are protected using industry-standard hashing and are stored in a protected format.

Key Management

Encryption keys are managed through secure key management practices and systems. Certificates and keys may be rotated or renewed on scheduled cadences based on operational practices and security considerations. At this time, we may not support customer-supplied encryption keys unless explicitly agreed in writing.

Data Backup and Disaster Recovery

System Reliability and Recovery

We are committed to minimizing downtime. Our services are designed with redundancy, and components may be distributed across multiple availability zones within our cloud providers. Databases and systems may be configured with recovery capabilities designed to support restoration in the event of system failures.

Backup Strategy

Backups are performed on a scheduled basis with defined frequencies. Backup execution is monitored, and alerts may be generated when failures occur so issues can be investigated and resolved. Backup data may be replicated within hosting regions as part of resilience practices.

Backup Protections

Backups are protected through access control restrictions and other safeguards designed to prevent unauthorized modification or deletion. Access to backup systems is restricted to authorized personnel.

Customer Data Backup Restoration

Customers do not have direct access to underlying product infrastructure to initiate failover events. Disaster recovery and resiliency operations are managed by our engineering teams. Where available, product features may provide limited restoration functionality for certain records or content (such as restoring deleted records within a defined period, or using version history for certain assets). Customers who require additional backups may use export features and/or available APIs to synchronize data with external systems.

Identity and Access Control

Product User Management

LevelUpSales.Ai supports user management and permissions to help customers control access within their accounts. Customers are responsible for creating users, assigning privileges, and limiting access appropriately for their organization.

Product Login Protections

LevelUpSales.Ai may enforce password and authentication requirements designed to improve account security. Where available, multi-factor authentication may be supported and may be required for certain account roles or at the administrator’s discretion.

Employee Access to Customer Data

Access to production systems and internal data stores is restricted and controlled. We use role-based access principles to limit access to personnel who require it for their job functions. Administrative access is limited and governed by internal controls. Access reviews may be performed periodically to help ensure permissions remain appropriate.

Organizational and Corporate Security

Our security program includes onboarding and awareness practices intended to ensure employees understand their responsibilities in protecting company assets and customer data. We maintain internal policies and procedures that cover topics such as data handling, privacy considerations, acceptable use, and security responsibilities. Policies are reviewed periodically and updated as needed. Security awareness training may be provided upon onboarding and refreshed periodically, including training on phishing awareness.

We may use third-party vendors to support product development and operations. We evaluate vendor security and privacy controls as part of our vendor management practices and maintain contractual controls where appropriate.

Company-managed endpoints may be configured with safeguards such as full disk encryption and centralized management controls intended to protect company and customer data.

Compliance and Payment Security

While customers may pay for services by credit card, LevelUpSales.Ai does not store full credit card information on our servers. We rely on PCI-compliant payment processors to handle payment transactions securely. Please see our Privacy Policy and Terms of Service for additional information on how we process data.

Data Retention and Data Deletion

Customer data is retained for as long as you remain an active customer, subject to our operational requirements and applicable laws. Current and former customers may submit written requests to have certain data deleted, and we will fulfill requests as required by applicable privacy rules and regulations. We may retain certain data such as logs and related metadata for security, compliance, fraud prevention, and statutory requirements. We do not currently offer custom data retention policies unless explicitly agreed in writing.

Breach Response

If we become aware of a data breach that impacts your personal data, we will notify affected customers as required by applicable law.

Document Scope and Use

This document is intended to be a resource for our customers and is not intended to create a binding contractual obligation, nor to amend or revise any existing agreements. We continuously improve our protections, and our security procedures may change over time.