Trust Center

Your comprehensive resource for security, compliance, privacy, and trust information about Unify platforms.

Table of Contents

1. Security Overview

Unify implements comprehensive security measures to protect customer data throughout its lifecycle. Our security approach is built on industry best practices and zero-trust principles.

Key Security Principles

  • End-to-end data protection with encryption at rest and in transit
  • Zero-trust architecture requiring verification for every access request
  • Role-based access controls (RBAC) ensuring users only access necessary resources
  • Multi-factor authentication (MFA) for enhanced account security
  • Data segregation and multi-tenant isolation to prevent cross-tenant access
  • Threat modeling and secure software development lifecycle (SDLC) practices
  • Comprehensive vendor risk management program
  • Regular penetration testing and security assessments

[Additional content about security architecture, security team, and ongoing security initiatives should be added here.]

2. Compliance & Certifications

Unify maintains compliance with industry standards and regulations relevant to our services. Below is our current compliance status and roadmap.

SOC 2 Type II

2025 Report In Progress

Unify undergoes annual SOC 2 Type II audits to verify our security, availability, processing integrity, confidentiality, and privacy controls.

FERPA

Current

Unify complies with all Family Education Rights and Privacy Act requirements where applicable.

GDPR Compliance

Current

Unify aligns with GDPR requirements for data protection and privacy for EU residents.

CCPA Compliance

Current

Unify complies with the California Consumer Privacy Act (CCPA) requirements.

OFCCP & DOL Apprenticeship Compliance

Current

Unify.CMS and Unify.AMS support compliance with OFCCP and DOL apprenticeship program requirements.

FCC 47 CFR Part 90

Current

Unify supports compliance with FCC 47 CFR Part 90 for telecom workflow integrations.

E-Verify Participation

Current

Unify.CMS integrates with E-Verify for I-9 verification workflows.

Compliance Roadmap

FedRAMP Ready

Roadmap

Assessment in progress for state broadband operations support.

NIST 800-171

Roadmap

Readiness assessment planned for government contractor support.

ISO 27001

Roadmap

Certification process planned for international standards alignment.

HIPAA

Roadmap

Compliance assessment planned for handling protected health information (PHI) where applicable.

3. Data Protection & Privacy

Unify is committed to protecting your data and respecting your privacy rights. This section outlines our data handling practices. For more detailed information, please see our Privacy Policy.

Data Processing Policy

  • GDPR-compliant data handling procedures
  • Data minimization principles - we only collect necessary data
  • Purpose limitation - data used only for stated purposes
  • Data retention policies aligned with legal requirements

Data Storage Locations

Unify stores customer data in the following regions:

  • Primary Cloud Region: U.S East, Virginia
  • Backup/DR Region: US West, Oregon
  • Cloud Provider: Amazon Web Services

Data Retention & Deletion

Customer data is retained according to our data retention policy. Upon request, we will delete customer data in accordance with applicable laws and our contractual obligations.

To request data deletion or submit other security, trust, and data-related requests, please use the form below.

Note: Submissions can be made for security reviews, trust information requests, data deletion requests, and other related inquiries in the Request Trust Information section.

Subprocessors

We maintain a current list of subprocessors that handle customer data. See the Subprocessors section for details.

Logs & Monitoring

Unify maintains comprehensive logging and monitoring systems to detect and respond to security events. Logs are retained according to our retention policy and are used solely for security and operational purposes.

Data Processing Addendum (DPA)

Request access to our standard Data Processing Addendum for review and execution.

4. Infrastructure & Architecture

Unify's infrastructure is designed for security, reliability, and scalability. This section provides an overview of our technical architecture.

Cloud Infrastructure

  • Cloud Provider: Amazon Web Services
  • Primary Regions: US East, Virginia
  • High Availability: Multi-region deployment with automatic failover
  • Redundancy: N+1 redundancy for critical systems

Recovery Objectives

  • RTO (Recovery Time Objective): 4 hours
  • RPO (Recovery Point Objective): 1 hour

Backup Strategy

  • Automated daily backups with point-in-time recovery
  • Backups stored in geographically separate regions
  • Regular backup restoration testing
  • Encrypted backup storage

Encryption

  • Encryption in Transit: TLS 1.2+ for all data transmission
  • Encryption at Rest: AES-256 encryption for stored data
  • Key Management: AWS KMS

Authentication & Access

  • Password Hashing: Bcrypt
  • API Authentication: OAuth 2.0, JWT tokens
  • Tenancy Model: Multi-tenant with logical data separation

Note: A detailed architecture diagram can be provided upon request for enterprise customers. Contact support@myunifyai.com for more information.

5. Product Security Controls

Unify platforms include comprehensive security controls to protect your data and ensure secure operations.

Audit Logs

Comprehensive logging of system and user actions for security monitoring and compliance.

Multi-Factor Authentication (MFA)

Support for MFA to enhance account security beyond passwords.

IP Allowlisting

Restrict access to specific IP addresses or ranges for enhanced security.

SSO Integration

Support for SAML 2.0 and OIDC for single sign-on authentication.

Session Management

Configurable session timeouts and secure session handling.

SCIM Provisioning

Automated user provisioning and deprovisioning via SCIM protocol.

API Rate Limiting

Rate limiting and throttling to prevent abuse and ensure fair usage.

Secrets Management

Secure storage and management of API keys and credentials using industry-standard vaults.

API Sandbox Environments

Isolated sandbox environments for safe API testing and development.

Data Classification

Built-in data classification capabilities to identify and protect sensitive information.

Secure File Uploads

Virus scanning and MIME type validation for all file uploads.

6. AI Safety, Transparency & Governance

Unify.AI is built with security, transparency, and responsible AI practices at its core. This section outlines how we protect customer data in AI-powered features.

Data Protection in AI Features

  • No Training on Customer Data: Customer data is never used to train public AI models
  • Model Isolation: Each tenant's data is processed in isolated environments
  • Data Minimization: Only necessary data is sent to AI models for processing
  • Audit Logs: All AI agent actions are logged for security and compliance

MCP (Model Context Protocol) Security

Unify.AI uses the Model Context Protocol (MCP) to securely manage AI model interactions:

  • Secure context management and isolation
  • Controlled access to customer data
  • Audit trails for all MCP operations

Tool-Calling Sandbox Environments

AI agents operate within sandboxed environments to prevent unauthorized access:

  • Isolated execution environments for AI tool calls
  • Resource limits and access controls
  • Monitoring and alerting for suspicious activities

Security Protections

  • Prompt Injection Protections: Input validation and sanitization to prevent prompt injection attacks
  • Guardrails & Policy Enforcement: Automated policy checks to ensure AI outputs meet security and compliance requirements
  • Hallucination Mitigation: Techniques to reduce AI hallucinations and improve output accuracy

Model Transparency

Unify.AI uses the following model families (subject to change based on customer needs and availability):

  • OpenAPI, ChatGPT, Claude, and USI Internal LLM - Orion
  • Model selection is configurable per tenant
  • Customers can view which models are used for their data processing

Competitive Advantage: Unify.AI's agent store and orchestration layer provides enterprise-grade AI capabilities with built-in security and governance controls.

7. Incident Response

Unify maintains a comprehensive incident response program to quickly detect, respond to, and recover from security incidents.

24/7 Monitoring

Our security operations center (SOC) provides continuous monitoring of our systems and infrastructure to detect potential security threats.

Incident Response Process

  1. Detection: Automated monitoring and alerting systems detect potential incidents
  2. Assessment: Security team assesses the severity and impact of the incident
  3. Containment: Immediate steps taken to contain and prevent further impact
  4. Investigation: Detailed investigation to understand root cause and scope
  5. Remediation: Steps taken to resolve the incident and prevent recurrence
  6. Communication: Affected customers notified according to our notification timeline
  7. Post-Incident Review: Lessons learned and process improvements

Severity Classifications

Critical

Data breach or significant service disruption. Customer notification within 24 hours.

High

Potential data exposure or service degradation. Customer notification within 72 hours.

Medium

Limited impact or contained incident. Customer notification as appropriate.

Low

Minor issues with no customer impact. Included in regular security updates.

Incident Response Policy

Request access to our Incident Response Policy document (non-proprietary sections) for detailed information.

8. Penetration Testing

Unify conducts regular penetration testing to identify and remediate security vulnerabilities before they can be exploited.

Testing Frequency

  • External Penetration Testing: Annual assessments by third-party security firms
  • Internal Security Testing: Quarterly internal security assessments
  • Continuous Vulnerability Scanning: Automated scanning on a regular basis

Testing Partners

Unify engages with reputable third-party security firms for independent penetration testing. Testing partners include:

  • Accunetix

Testing Methodology

Our penetration testing follows industry-standard methodologies including:

  • OWASP Top 10 testing
  • Network infrastructure testing
  • Application security testing
  • Social engineering assessments (where applicable)

Request Penetration Test Report

Enterprise customers can request access to our latest penetration test reports. Please contact us to request access.

9. Reliability & Uptime

Unify is committed to providing reliable, high-availability services. Monitor our system status and uptime metrics in real-time.

System Status

View real-time system status, historical uptime, and incident history on our status page.

Current StatusAll Systems Operational
Uptime (Last 30 Days)99.9%
Average Response Time35 minutes

Uptime Commitments

Unify maintains the following uptime commitments (varies by service tier):

  • Enterprise Tier: 99.9% uptime SLA
  • Standard Tier: 99.5% uptime SLA

Maintenance Windows

Planned maintenance is scheduled during low-traffic periods and communicated in advance. Maintenance windows are typically:

  • Scheduled during off-peak hours
  • Announced at least 48 hours in advance
  • Minimized to reduce service impact

Status Notifications

Subscribe to receive automated alerts about system status, incidents, and maintenance:

  • Email notifications
  • Webhook integration for automated monitoring
  • RSS feed for status updates

11. Subprocessors

Unify uses third-party subprocessors to provide our services. This list is updated regularly and customers are notified of material changes.

SubprocessorPurposeData HandledRegionDate Added
Amazon Web ServicesCloud hosting and infrastructureAll customer dataUS East, Virginia2023
MicrosoftCloud services and productivity toolsCustomer data, email addresses, email contentUS East, Virginia2023
AirCallPhone and communication servicesPhone numbers, call dataUS East, Virginia2023
Unify.DocsDocument storage and managementUploaded files, documentsUS East, Virginia2023
CheckRBackground verification servicesCandidate informationUS East, Virginia2023
StripePayment processingPayment informationUS East, Virginia2023
OpenAIAI model servicesData sent for AI processingUS East, Virginia2023
ClaudeAI model servicesData sent for AI processingUS East, Virginia2023
USI LLM - OrionAI model services (self-hosted)Data sent for AI processingUS East, Virginia2023

Last Updated: 2023 | Notification Policy: Customers are notified of material subprocessor changes at least 30 days in advance.

12. Vulnerability Disclosure Program

Unify values the security research community and encourages responsible disclosure of security vulnerabilities.

Responsible Disclosure Policy

We ask security researchers to follow responsible disclosure practices:

  • Report vulnerabilities promptly after discovery
  • Provide detailed information about the vulnerability
  • Allow reasonable time for remediation before public disclosure
  • Do not access or modify data without authorization
  • Do not perform denial of service attacks

Safe Harbor

Unify will not pursue legal action against security researchers who:

  • Act in good faith and follow responsible disclosure practices
  • Do not access data beyond what is necessary to demonstrate the vulnerability
  • Do not violate any laws or breach any agreements

Scope

In Scope:

  • Unify web applications and APIs
  • Authentication and authorization mechanisms
  • Data encryption and storage

Out of Scope:

  • Social engineering attacks
  • Physical security issues
  • Denial of service attacks
  • Issues requiring physical access to devices

How to Report

Please report vulnerabilities to: support@myunifyai.com

Include the following information in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested remediation (if any)

Response Timeline

  • Initial Response: Within 48 hours
  • Triage: Within 5 business days
  • Status Updates: Regular updates throughout remediation process

Note: Unify may establish a formal bug bounty program in the future. Check back for updates.

13. Request Trust Information

Enterprise customers and prospects can request security documentation and complete vendor security questionnaires.

SOC 2 Report

Request access to our latest SOC 2 Type II report. Access is provided through a secure portal with NDA requirements.

Security Questionnaires

In Progress

We support standard security questionnaires to streamline your vendor assessment process.

Security Contact: For all security-related inquiries, please contact support@myunifyai.com

14. Dedicated Contact Channels

Use the appropriate contact channel for your specific needs. Our team is ready to assist with security, privacy, and trust-related inquiries.

Security

For security incidents, vulnerability reports, and security-related inquiries.

support@myunifyai.com

Privacy

For privacy requests, data subject rights, and privacy-related questions.

support@myunifyai.com

Abuse Reporting

To report abuse, violations of terms of service, or suspicious activity.

support@myunifyai.com

Incident Response Hotline

For enterprise customers - 24/7 incident response hotline (available upon request).

Contact your account manager for hotline access.

Response Times

  • Security Incidents: Response within 1 hour for critical issues
  • Privacy Requests: Response within 48 hours
  • General Inquiries: Response within 2 business days