top of page

Data protection

data protection

Go to:

SOC 2 Type 2

SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s TSC (Trust Services Criteria), in accordance with SSAE 18. Our backend platform, Xano has completed a comprehensive SOC 2 Type II audit by a reputable AICPA independent auditor.

SOC2 Type 2

ISO 27001:2013 Information Security Management System

ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes, and systems that manage information risks, such as cyber-attacks, hacks, data leaks or theft.

ISO 27001

SOC 2 Type 2

SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s TSC (Trust Services Criteria), in accordance with SSAE 18. Our backend platform, Xano has completed a comprehensive SOC 2 Type II audit by a reputable AICPA independent auditor.

ISO 9001:2015

GDPR

We use a DPA - Data Processing Agreement that meets all GDPR contractual obligations.

GDPR

HIPAA

The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Our backend platform, Xano was recently audited and meets all the criteria required for HIPAA compliance.

HIPAA

DATA ENCRYPTION

All customer data is encrypted at rest with AES-256. Sensitive information like queries are encrypted before they are stored in the database.

DATA ENCRYPTION

0-day Retention

Unali has a 0-day retention agreement with OpenAI, so no data is stored on OpenAI servers after a request was completed.

0-day Retention

Automated Backups

All customer data is backed up on a daily basis. Backups are persisted for 30 days.

 Automated Backups

Penetration testing

OWASP Web Application Pen Test - A penetration test, (aka Pen Test) is a simulated cyber attack against Unali and its providers to check for exploitable vulnerabilities. Penetration testing involved the attempted breaching of our system (e.g. APIs, frontend & backend servers, etc.) to uncover vulnerabilities.

 Penetration testing

Create powerful question answering experiences. Try Unali for free.

bottom of page