Certifications
We have it in writing.
Certifications aren't marketing, they're documentation. Here's what we meet, when we achieved it, and where you can see it.
EU hosting
Denmark
Encryption
AES-256 · TLS 1.3
Audit trail
HMAC-signed
2FA
Mandatory
Standards
What we meet.
We clearly mark the status of each standard. Certificates are available via the Trust Center.
ISO/IEC 27001:2022
CertifiedThe international standard for managing information security.
What it covers
- Access control
- Cryptography
- Physical security
- Supplier management
- Incident management
- Business continuity
How we do it
Managed via Vanta with daily automated monitoring and an annual external audit.
Certificate available via the Trust Center.
ISO/IEC 42001
CertifiedThe world's first international standard for AI Management Systems, published in 2023.
What it covers
- AI risk assessment
- Model governance
- Data quality for AI
- Transparency
- Accountability
How we do it
Vanta-managed with a specific AI policy and Anthropic ZDR for Claude.
Where other legal-tech players have AI, we have a certified AI Management System.
GDPR
CompliantThe EU's data protection regulation. Full compliance, built in from the ground up.
What it covers
- Data storage
- Consent
- Retention
- Atomic deletion
- Client requests
How we do it
EU data stays in the EU, no transfer to third countries. GDPR requests are generated in under 30 seconds.
Standard DPA available in the Trust Center.
SOC 2 Type II
CertifiedAn AICPA audit framework. Type II assesses operational effectiveness over an audited operating period.
What it covers
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
How we do it
Audited over an operating period and managed via Vanta with continuous monitoring.
Report available via the Trust Center.
The Danish Bar and Law Society
CompliantThe quality framework and guidelines for electronic case handling.
What it covers
- Quality framework
- AML rules
- Client account rules
- Conflict checks
- Ethical walls
How we do it
Functionality built specifically for Danish lawyers. The audit trail is ready for quality inspections.
Functional specification available on request.
Industry standards
We also follow
Beyond the certifications, we work to the recognised security frameworks.
OWASP Top 10
The ten most critical web security risks, addressed in code and review.
CIS Controls
Prioritised controls for information security.
NIST Cybersecurity Framework
A framework to identify, protect, detect and respond.
Roadmap
The next milestones.
2026
Penetration testing programme
Annual tests by external security specialists.
2027
SOC 2 Type II
Operational audit across a 6 to 12 month period.
2027+
ISO 27017 + 27018
Cloud security and protection of PII in the cloud.
Need it for a tender?
Talk to our tech team.
Need the certificates for a tender or vendor review? Request them via the Trust Center, or write to the team directly.
Victor Brøgger · CTO, Levano
