Levro requires all vendors involved in the flow of funds to be ISO/IEC 27001:2013 or SOC II Type 2 compliant. Our application layer operates on Amazon Web Services, which is certified under a number of global compliance programs including PCI-DSS Level 1 Payment Card Standards, ISO 27001 Information Security Management Controls and SSAE16/SOC 1, SOC2 and SOC 3.
Levro leverages regulatory sponsorship via our network of financial institutional partners. This means that we align with all compliance, anti-money laundering, security, and KYC / KYB requirements developed and maintained by industry-leading organizations. Our partner financial institutions include members of the FDIC as well as institutions authorized by FinCEN in the United States to provide both domestic and international money transmitting services in all 50 states.
Levro holds all client funds in safeguarded bank accounts. USD funds are held in FDIC-insured institutions including Blue Ridge Bank and Community Federal Savings Bank, while multicurrency funds are held by Barclays Bank plc via CurrencyCloud, a Visa Solution. In the unlikely event that Levro ceases to exist, your money remains protected by our partner financial institutions.
All data transferred between the user’s browser and Levro’s servers is encrypted in transit. Levro uses TLS v1.2.
Data is encrypted at rest in AWS using AES-256 key encryption.
As a part of our development process, Levro uses third parties to conduct penetration tests to identify deficiencies in the system that may affect critical assets, and mitigates and re-validates patches of all high impact discoveries as soon as possible.
Levro requires all users to add an extra layer of security to your account by enabling two-step verification by default to reduce the risk of having your account accessed by anyone else.
Levro allows admin users to limit the access permissions to perform certain tasks including sending or converting funds. Levro also allows admin users to require some or all transactions to be approved.
Levro sends email alerts to users for key events such as outgoing payments, account updates, currency conversions, and approvals.