Skip to content
Production-ready · GDPR-first

Security & compliance

Levia is not a "GDPR just in case" SaaS. Every line of the European regulation is implemented concretely, and local regulations (INPDP TN, Data Protection Act MU, CNDP MA, CNIL FR) are taken into account at the code level.

Encryption

AES-256-GCM

IBAN, ID, tax numbers and SMTP

MFA

TOTP

Mandatory HR_ADMIN, PAYROLL, ADMIN

Audit log

200+

Tracked actions, 7-year retention

Hosting

EU

Paris / Frankfurt, zero US transfer

Levia's 8 security pillars

Every pillar is implemented in code, audited by automated tests and tracked.

Hardened authentication

Multiple layers of defense against account compromise.

  • TOTP MFA (Google Authenticator, Microsoft Authenticator) mandatory for HR_ADMIN, PAYROLL_ADMIN, ORG_ADMIN and Platform Owner
  • Native Google SSO for organizations that enabled it
  • Email magic links for password recovery (never plaintext passwords)
  • HTTPOnly + Secure + SameSite=Lax cookies with short rotation (30s for session cache)
  • Failed login detection with dedicated audit log

End-to-end encryption

Your most sensitive data is encrypted BEFORE reaching the database.

  • AES-256-GCM server-side for IBAN, BIC, national ID, tax number, social security number
  • Per-organization SMTP config encrypted (email relay passwords)
  • Biometric device API tokens encrypted
  • TLS 1.3 mandatory on all connections (HSTS strict-transport-security)
  • Encryption keys rotatable via env var (LEVIA_FIELD_ENCRYPTION_KEY)

Exhaustive audit log

Every sensitive action is tracked. You can know who did what, when, from where.

  • 200+ audited actions: leave, payroll, attendance, recruitment, GDPR
  • Actor, date, organization, entity, structured payload
  • Sensitive data automatically masked in logs (IBAN shown as ****1234, salaries as delta %)
  • CSV + Excel export filtered by module / action / actor / date
  • 7-year retention (legal accounting statute of limitations)
  • Dedicated /admin/audit page with full-text search and filters

Operational GDPR (not marketing)

The European regulation is implemented concretely, not just mentioned in the ToS.

  • Article 15 (right of access): full JSON export of personal data + activity history, in 1 click
  • Article 17 (right to be forgotten): manual anonymization with mandatory reason OR automatic for inactive profiles
  • Article 5(1)(e) (storage limitation): weekly cron that anonymizes inactive POOL/UNQUALIFIED candidates > 24 months (configurable)
  • Article 9 (sensitive data): biometric fingerprints are NEVER stored by Levia. Devices keep non-reversible templates locally, we only store the reference
  • Explicit per-member consent before biometric enrollment, electronic signature of the document, possibility of withdrawal
  • Post-processing email notification to admins after every automatic GDPR operation

Multi-country compliance

Levia complies with the local regulations of each target country, not just Europe.

  • 🇫🇷 France · CNIL-compliant: DPO exports, 5-year legal archival, CNIL retention durations for candidates (2 years)
  • 🇹🇳 Tunisia · Law 2004-63 (INPDP) compliant: processing declaration available, compatible hosting
  • 🇲🇺 Mauritius · Data Protection Act 2017 (Data Protection Office) compliant: GDPR-aligned, CSG/NSF/PAYE payroll compliant with MRA
  • 🇲🇦 Morocco · Law 09-08 (CNDP) compliant: candidate exports, 2-year retention aligned
  • 🇩🇿 Algeria · Law 18-07 on data protection compliant
  • Sector-specific collective agreements integrated: SYNTEC, BANKING, BTP, TEXTILE, OFFSHORING, HOSPITALITY, INDUSTRY
  • Per-country certified payroll calculations with legal sources cited in tests

Hosting & infrastructure

Data sovereignty and operational resilience.

  • Vercel hosting (Paris/Frankfurt) + PostgreSQL Neon (Europe region)
  • Cloudflare R2 storage with SSE-S3 encryption, CDN included, no egress fees
  • No transfer to the US for client data (except for the AI assistant via Anthropic, opt-in per organization)
  • Daily encrypted backups with 30-day retention, monthly restoration testing
  • Disaster Recovery Plan (DRP): RPO 24h, RTO 4h
  • Public status page: leviahr.com/status

Multi-tenant isolation

Your data cannot be seen by another organization, even by mistake.

  • Explicit organizationId filtering on 100% of application DB queries
  • The Platform Owner concept is isolated via an isPlatformShadow flag filtered in all listings
  • Automated tests on tenant isolation (Vitest + Playwright E2E tests)
  • No cross-tenant query without explicit audit
  • IDs exposed in URLs are non-predictable CUIDs (no enumeration possible)

Granular access management

The least privilege principle is applied at every level.

  • Hierarchical roles: EMPLOYEE < MANAGER < HR_USER < HR_ADMIN < PAYROLL_ADMIN < ORG_ADMIN
  • Separation of powers in payroll: PAYROLL_ADMIN computes, ORG_ADMIN validates (impossible for the same person)
  • Step-up MFA required before every payroll run validation
  • Public API with scoped keys (READ_MEMBERS, READ_LEAVES, READ_PAYSLIPS, WRITE_LEAVES)
  • Immediate revocation possible, per-API-key usage logs

Country-by-country compliance

Levia is built for France and the Maghreb. Each market has its local regulation taken into account.

CountryRegulatorLevia status
🇫🇷FranceCNILGDPR-compliant + sectoral obligations
🇹🇳TunisiaINPDP (Law 2004-63)Compliant, processing declaration available
🇲🇺MauritiusData Protection Office (Data Protection Act 2017)Compliant, GDPR-aligned
🇲🇦MoroccoCNDP (Law 09-08)Compliant, 2-year candidate retention aligned
🇩🇿AlgeriaLaw 18-07Compliant with core principles
🇱🇾LibyaFramework under constructionTracking regulatory evolution

Does the candidate want their data or want it deleted?

3-click workflow, end-to-end tracked.

Art. 15 · Right of access

⚖️ button on the profile → structured JSON export with profile + activity history + legal metadata. Action tracked in the audit log.

Art. 17 · Anonymization

👤 button on the profile → mandatory reason prompt → PII erased (name, email, phone, CV) while keeping aggregated stats. Action tracked + legal reason saved.

Art. 5(1)(e) · Auto cleanup

Weekly cron that automatically anonymizes inactive candidates > 24 months. Per-organization configurable. Post-run notification email to the Platform Owner.

A compliance question before signing?

We respond to DPO audits, we sign DPAs, we provide compliance certificates. Response within 48h.

Made in Tunisia
Green Vitest test suite
AES-256-GCM
9 sector agreements
6 payroll countries
75 AI tools
GDPR · INPDP · CNDP · CNIL
MFA step-up mandatory
Ramadan auto-adjust
100% isolated multi-tenant
Made in Tunisia
Green Vitest test suite
AES-256-GCM
9 sector agreements
6 payroll countries
75 AI tools
GDPR · INPDP · CNDP · CNIL
MFA step-up mandatory
Ramadan auto-adjust
100% isolated multi-tenant
Next.js 15.5
Postgres 16 · Neon
Prisma 6.19
Anthropic Claude
Better-Auth 1.6
Vercel Edge · Cloudflare R2
Stripe · Inngest
TypeScript strict
@react-pdf/renderer
Vitest · Playwright
Next.js 15.5
Postgres 16 · Neon
Prisma 6.19
Anthropic Claude
Better-Auth 1.6
Vercel Edge · Cloudflare R2
Stripe · Inngest
TypeScript strict
@react-pdf/renderer
Vitest · Playwright
Security & compliance · Levia · Levia