top of page
Data protection
Go to:
SOC 2 Type 2
SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s TSC (Trust Services Criteria), in accordance with SSAE 18. Our backend platform, Xano has completed a comprehensive SOC 2 Type II audit by a reputable AICPA independent auditor.
ISO 27001:2013 Information Security Management System
ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes, and systems that manage information risks, such as cyber-attacks, hacks, data leaks or theft.
SOC 2 Type 2
SOC 2 assesses service organizations’ security, availability, processing integrity, confidentiality, and privacy controls against the AICPA’s TSC (Trust Services Criteria), in accordance with SSAE 18. Our backend platform, Xano has completed a comprehensive SOC 2 Type II audit by a reputable AICPA independent auditor.
GDPR
We use a DPA - Data Processing Agreement that meets all GDPR contractual obligations.
HIPAA
The Health Insurance Portability and Accountability Act (“HIPAA”) requires the protection and confidential handling of protected health information by covered entities. Our backend platform, Xano was recently audited and meets all the criteria required for HIPAA compliance.
DATA ENCRYPTION
All customer data is encrypted at rest with AES-256. Sensitive information like queries are encrypted before they are stored in the database.
0-day Retention
Unali has a 0-day retention agreement with OpenAI, so no data is stored on OpenAI servers after a request was completed.
Automated Backups
All customer data is backed up on a daily basis. Backups are persisted for 30 days.
Penetration testing
OWASP Web Application Pen Test - A penetration test, (aka Pen Test) is a simulated cyber attack against Unali and its providers to check for exploitable vulnerabilities. Penetration testing involved the attempted breaching of our system (e.g. APIs, frontend & backend servers, etc.) to uncover vulnerabilities.
bottom of page