Security & compliance
Levia is not a "GDPR just in case" SaaS. Every line of the European regulation is implemented concretely, and local regulations (INPDP TN, Data Protection Act MU, CNDP MA, CNIL FR) are taken into account at the code level.
Encryption
AES-256-GCM
IBAN, ID, tax numbers and SMTP
MFA
TOTP
Mandatory HR_ADMIN, PAYROLL, ADMIN
Audit log
200+
Tracked actions, 7-year retention
Hosting
EU
Paris / Frankfurt, zero US transfer
Levia's 8 security pillars
Every pillar is implemented in code, audited by automated tests and tracked.
Hardened authentication
Multiple layers of defense against account compromise.
- TOTP MFA (Google Authenticator, Microsoft Authenticator) mandatory for HR_ADMIN, PAYROLL_ADMIN, ORG_ADMIN and Platform Owner
- Native Google SSO for organizations that enabled it
- Email magic links for password recovery (never plaintext passwords)
- HTTPOnly + Secure + SameSite=Lax cookies with short rotation (30s for session cache)
- Failed login detection with dedicated audit log
End-to-end encryption
Your most sensitive data is encrypted BEFORE reaching the database.
- AES-256-GCM server-side for IBAN, BIC, national ID, tax number, social security number
- Per-organization SMTP config encrypted (email relay passwords)
- Biometric device API tokens encrypted
- TLS 1.3 mandatory on all connections (HSTS strict-transport-security)
- Encryption keys rotatable via env var (LEVIA_FIELD_ENCRYPTION_KEY)
Exhaustive audit log
Every sensitive action is tracked. You can know who did what, when, from where.
- 200+ audited actions: leave, payroll, attendance, recruitment, GDPR
- Actor, date, organization, entity, structured payload
- Sensitive data automatically masked in logs (IBAN shown as ****1234, salaries as delta %)
- CSV + Excel export filtered by module / action / actor / date
- 7-year retention (legal accounting statute of limitations)
- Dedicated /admin/audit page with full-text search and filters
Operational GDPR (not marketing)
The European regulation is implemented concretely, not just mentioned in the ToS.
- Article 15 (right of access): full JSON export of personal data + activity history, in 1 click
- Article 17 (right to be forgotten): manual anonymization with mandatory reason OR automatic for inactive profiles
- Article 5(1)(e) (storage limitation): weekly cron that anonymizes inactive POOL/UNQUALIFIED candidates > 24 months (configurable)
- Article 9 (sensitive data): biometric fingerprints are NEVER stored by Levia. Devices keep non-reversible templates locally, we only store the reference
- Explicit per-member consent before biometric enrollment, electronic signature of the document, possibility of withdrawal
- Post-processing email notification to admins after every automatic GDPR operation
Multi-country compliance
Levia complies with the local regulations of each target country, not just Europe.
- 🇫🇷 France · CNIL-compliant: DPO exports, 5-year legal archival, CNIL retention durations for candidates (2 years)
- 🇹🇳 Tunisia · Law 2004-63 (INPDP) compliant: processing declaration available, compatible hosting
- 🇲🇺 Mauritius · Data Protection Act 2017 (Data Protection Office) compliant: GDPR-aligned, CSG/NSF/PAYE payroll compliant with MRA
- 🇲🇦 Morocco · Law 09-08 (CNDP) compliant: candidate exports, 2-year retention aligned
- 🇩🇿 Algeria · Law 18-07 on data protection compliant
- Sector-specific collective agreements integrated: SYNTEC, BANKING, BTP, TEXTILE, OFFSHORING, HOSPITALITY, INDUSTRY
- Per-country certified payroll calculations with legal sources cited in tests
Hosting & infrastructure
Data sovereignty and operational resilience.
- Vercel hosting (Paris/Frankfurt) + PostgreSQL Neon (Europe region)
- Cloudflare R2 storage with SSE-S3 encryption, CDN included, no egress fees
- No transfer to the US for client data (except for the AI assistant via Anthropic, opt-in per organization)
- Daily encrypted backups with 30-day retention, monthly restoration testing
- Disaster Recovery Plan (DRP): RPO 24h, RTO 4h
- Public status page: leviahr.com/status
Multi-tenant isolation
Your data cannot be seen by another organization, even by mistake.
- Explicit organizationId filtering on 100% of application DB queries
- The Platform Owner concept is isolated via an isPlatformShadow flag filtered in all listings
- Automated tests on tenant isolation (Vitest + Playwright E2E tests)
- No cross-tenant query without explicit audit
- IDs exposed in URLs are non-predictable CUIDs (no enumeration possible)
Granular access management
The least privilege principle is applied at every level.
- Hierarchical roles: EMPLOYEE < MANAGER < HR_USER < HR_ADMIN < PAYROLL_ADMIN < ORG_ADMIN
- Separation of powers in payroll: PAYROLL_ADMIN computes, ORG_ADMIN validates (impossible for the same person)
- Step-up MFA required before every payroll run validation
- Public API with scoped keys (READ_MEMBERS, READ_LEAVES, READ_PAYSLIPS, WRITE_LEAVES)
- Immediate revocation possible, per-API-key usage logs
Country-by-country compliance
Levia is built for France and the Maghreb. Each market has its local regulation taken into account.
| Country | Regulator | Levia status |
|---|---|---|
| 🇫🇷France | CNIL | GDPR-compliant + sectoral obligations |
| 🇹🇳Tunisia | INPDP (Law 2004-63) | Compliant, processing declaration available |
| 🇲🇺Mauritius | Data Protection Office (Data Protection Act 2017) | Compliant, GDPR-aligned |
| 🇲🇦Morocco | CNDP (Law 09-08) | Compliant, 2-year candidate retention aligned |
| 🇩🇿Algeria | Law 18-07 | Compliant with core principles |
| 🇱🇾Libya | Framework under construction | Tracking regulatory evolution |
Does the candidate want their data or want it deleted?
3-click workflow, end-to-end tracked.
Art. 15 · Right of access
⚖️ button on the profile → structured JSON export with profile + activity history + legal metadata. Action tracked in the audit log.
Art. 17 · Anonymization
👤 button on the profile → mandatory reason prompt → PII erased (name, email, phone, CV) while keeping aggregated stats. Action tracked + legal reason saved.
Art. 5(1)(e) · Auto cleanup
Weekly cron that automatically anonymizes inactive candidates > 24 months. Per-organization configurable. Post-run notification email to the Platform Owner.
A compliance question before signing?
We respond to DPO audits, we sign DPAs, we provide compliance certificates. Response within 48h.