Back to homeLEVRG Corp.
Effective date: June 13, 2026
Data security summary
This summary describes security and data-handling measures for the LEVRG platform (the “Service”) for dealership customers and their authorized users. It is a high-level overview. The full Privacy Policy and Terms of Service govern use of the Service.
Contact: support@levrg.ai
Mailing address: 3101 W Drexel Ave Unit 217, Franklin, WI 53132, United States
1. What LEVRG is (and is not)
LEVRG is dealership sales coaching software: deal prep, presentation guidance, objection tactics, rep and manager feedback, and analytics derived from that workflow.
LEVRG does not record customer phone calls or deploy showroom listening devices as part of the standard product. The Service is designed for operational workflow data entered by authorized dealership users—not for collecting consumer Social Security numbers or full credit applications in normal use.
The Service is designed to block common high-risk identifier patterns (for example, Social Security number, credit card, and long account-number shapes) in free-text coaching and deal fields when detected. Users should not enter full credit applications, government IDs, or other sensitive consumer identifiers in normal workflow fields.
Mobile clients, when offered, use the same authenticated HTTPS API and platform-appropriate secure storage for session material.
2. Data ownership
Your dealership (Customer) retains ownership of data entered in the Service. LEVRG processes that data to provide, secure, and improve the Service under the Terms of Service, Privacy Policy, and any executed pilot or master agreement.
3. Security measures
We use reasonable administrative, technical, and organizational measures designed to protect information appropriate to the sensitivity of the Service. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
| Measure | Summary |
|---|---|
| Encryption in transit | TLS (HTTPS) for browser, mobile, and API traffic |
| Encryption at rest | On managed cloud infrastructure used to host the Service |
| Passwords | One-way cryptographic hashing; not stored in plain text |
| Optional two-factor authentication | Time-based one-time passwords (TOTP) and passkeys (WebAuthn) on supported accounts |
| Single sign-on (when enabled) | Enterprise OIDC for dealer groups configured by Customer; platform sign-in options as offered |
| Sensitive input controls | Heuristic blocking of common high-risk identifier patterns in free-text inputs (see §1) |
| Application-layer encryption | Selected sensitive fields (for example, 2FA secrets, certain finance-related deal fields such as manager pencil values in the database, and SSO configuration secrets where applicable) |
| Access control | Role-based access (rep, manager, admin); tenant-scoped data and dealer-group boundaries in the application |
| Audit logging | Security-relevant actions recorded in append-only audit records and operational logs; retention per Privacy Policy |
| Rate limiting and abuse controls | Production API protections on authentication, demos, and high-risk routes |
Database row-level security may be applied on production PostgreSQL connections as an additional tenant isolation control when configured for your deployment.
4. Subprocessors
We use established cloud providers to operate the Service. Typical subprocessors include:
| Provider | Role |
|---|---|
| Managed PostgreSQL hosting (for example, Supabase) | Primary database |
| Application hosting (for example, Render) | API / backend |
| Web hosting (for example, Vercel) | Website and application front end |
| OpenAI | AI inference for coaching expansion (talk tracks and presentation guidance) |
| Email provider (for example, SendGrid) | Transactional email (password reset, weekly reports, notifications) |
| SendGrid Event Webhook (when configured) | Email delivery telemetry (for example, delivery, open, click, and bounce events) returned to LEVRG for operational monitoring |
| First-party product telemetry | Coarse feature usage and reliability events collected through LEVRG’s own analytics pipeline (not third-party ad profiles) |
| Apollo.io (public marketing pages) | B2B website visitor identification and prospecting |
| Microsoft Clarity (public marketing pages) | Session analytics (for example, clicks, scrolls, replays) to improve the public marketing site |
| LiveIntent (public marketing pages, when enabled) | U.S. person-level identity resolution via Apollo.io partners; may receive browser signals and hashed email identifiers |
| Cloudflare | CDN, DNS, and reverse proxy; processes IP addresses and request metadata for all traffic to levrg.ai |
| Cloudflare Turnstile (when enabled) | Bot protection on public forms |
| Error monitoring (for example, Sentry, when enabled) | Reliability and error alerts |
We do not sell your personal information for money. We do not share dealer-identifying information with competitors for their independent commercial use. See the Privacy Policy for the full processor list and sharing rules.
5. AI processing
To deliver expanded talk tracks and presentation guidance, portions of coaching inputs may be sent to third-party AI providers. LEVRG’s Privacy Policy states that customer content is not provided to third-party AI providers for training general-purpose models for those third parties. Outputs are returned to the Service for authorized users. Reps deliver coaching on the floor—LEVRG does not replace human judgment.
6. Your choices (summary)
Depending on your location and role, you may have privacy rights described in the Privacy Policy. Highlights:
- Access / export: Authenticated users may request a copy of personal data through the Service (for example, via
/users/me/data-export) or by contacting support@levrg.ai. We may need to verify your request and route end-user requests through your Customer’s administrator where appropriate. - Deletion: Verified deletion requests (including authenticated deletion requests through the Service where enabled) are processed with direct identifiers anonymized within 30 days, subject to legal exceptions.
- Do Not Sell or Share: Where available, manage this preference in Profile settings, or contact support@levrg.ai.
7. Retention and deletion (summary)
Default retention periods are in the Privacy Policy. Highlights:
| Data | Default retention |
|---|---|
| User account identifiers | While active; anonymized within 30 days of a verified deletion request |
| Deal records | Indefinitely while needed to operate the Service (PII anonymized per deletion workflow where applicable) |
| Post-deal feedback logs | At least 5 years from write time |
| Audit events | 3 years |
| Public Demo session data | 90 days |
| Session analytics cache | 90 days |
| Onboarding invite logs | 1 year after the invited account is recorded as created |
The full retention schedule is in the Privacy Policy §8.
8. Your questions and incidents
- Security or privacy questions: support@levrg.ai
- Suspected security issue: support@levrg.ai (mark urgent)
For formal security questionnaires, data processing agreements, or compliance documentation beyond this summary, contact support@levrg.ai with your IT contact. We will confirm what documentation is available for pilot review.
9. Certifications
LEVRG will provide available security documentation upon request. Do not assume SOC 2, ISO, HIPAA, or PCI certification unless LEVRG has provided written attestation for your review.
This page summarizes LEVRG practices at a high level and does not replace the Privacy Policy, Terms of Service, or executed customer agreements.