top of page

Security and Privacy

Next Level values the trust you place in us. We serve as custodians of the data you collect and store to support your clients. Protecting that information – and the people behind it – is central to how our platform is designed and maintained.

Secure infrastructure • Role-based access • Encrypted data

Encrypted Data
Data is encrypted in transit and
at rest using industry-standard protection practices.
Role-Based Access
Staff access is limited by role
and permissions based
on responsibility.
Controlled Client Visibility
Aggregated insight by default. Client-level detail is available
only to authorized roles.
Secure Infrastructure
Hosted within enterprise-grade data environments designed
for reliability and protection.

Infrastructure and Physical Security

Next Level systems are hosted within enterprise-grade data centers that maintain advanced physical safeguards and recognized compliance standards. Facilities utilize 24×7 monitoring, video surveillance, controlled access, and strict visitor protocols to protect infrastructure and stored data.

  • ISO 27001, SOC 1, and SOC 2–aligned facilities

  • FedRAMP- and HIPAA-aligned hosting environments

  • Redundant infrastructure and environmental safeguards

Access Control

Access to Next Level systems is strictly controlled and granted only through secure connectivity and role-based permissions. Access is provided on a need-to-know basis and reviewed regularly.

  • Secure connections (VPN, SSH)

  • Multi-factor authentication

  • Strong password requirements (complexity, expiration, lockout, reuse restrictions)

  • Quarterly access reviews

  • Immediate access revocation upon employment termination

Data Protection and Encryption

Next Level applies industry-standard encryption practices to protect data at rest and in transit. Encryption safeguards stored information and secures communications between users and platform systems.

Data at Rest

AES-256 encryption within secure data center environments.

Data in Transit

RSA 2048-bit certificates via public Certificate Authority for external communications, with internal certificate encryption within the data center.

Secure Development Practices

Security is integrated throughout the development lifecycle. Development, testing, and production environments are separated, and all production changes are reviewed prior to deployment.

  • Developers trained in secure web application practices

  • Separation of development, testing, and production environments

  • Peer review required for production changes

  • Deployment logging maintained for audit and analysis

Security Governance and Personnel

Next Level maintains formal information security policies reviewed annually to support confidentiality, integrity, and availability of client data. Employees receive role-based security training and acknowledge policy requirements upon hire and annually thereafter.

​

Background screening is conducted at time of hire (as permitted by law). Security controls and administrative access are reviewed regularly to align with evolving standards.

Logging and Monitoring

Application and infrastructure systems log activity to centrally managed repositories for troubleshooting, operational analysis, and security review. Logs are retained in accordance with applicable regulatory requirements.

 

Logging supports monitoring, audit readiness, and incident investigation processes.

Incident Response & Notification

Next Level maintains incident response procedures designed to identify, evaluate, and address security events in a timely manner. Security incidents are assessed and documented according to defined response protocols.

​

If a security incident affecting customer data occurs, affected organizations will be notified and provided information necessary to support their own reporting and compliance obligations.

Business Continuity

Next Level maintains encrypted backups and structured recovery processes designed to minimize downtime and data loss. Business continuity procedures are reviewed and tested regularly to support operational resilience.

Shared Responsibility

Maintaining strong security is a shared responsibility between Next Level and the organizations we serve.

  • Use sufficiently complex passwords

  • Safeguard login credentials

  • Maintain appropriate security on local systems

HIPAA and Privacy Framework Alignment

While many pregnancy help organizations are not legally subject to HIPAA, some voluntarily use HIPAA as a guiding framework to guide confidentiality practices.

​

Next Level was designed with HIPAA considerations in mind and includes tools that support organizations seeking to align with HIPAA-related privacy and security principles. There is currently no certification program approved by the U.S. Department of Health and Human Services (HHS) through which a cloud service provider may formally demonstrate HIPAA compliance.

bottom of page