Trust Center
Security teams are among the most demanding buyers there are, and they should be. This page sets out how Unizo handles security and compliance, and what documentation we can share for your vendor assessment. Where a framework is not yet certified, we say so plainly rather than imply more than we can show.
Compliance and certifications
| Framework | Status | What it means |
|---|---|---|
| SOC 2 Type II | Certified | Independently audited controls for security, availability, and confidentiality. |
| ISO 27001 | Compliance-ready | Designed and operated in alignment with ISO 27001 practices. |
| PCI DSS | Compliance-ready | Architected to support PCI data security requirements where applicable. |
| GDPR & CCPA | Compliance-ready | Built to support EU and California data protection requirements. |
SOC 2 Type II reflects a completed independent audit. The other frameworks describe the practices Unizo is built to, and is preparing to certify against.
Data protection
Data is encrypted in transit using TLS and at rest using AES-256. Access to systems follows least-privilege principles, and sensitive operations are scoped and recorded.
Access control and identity
Unizo supports role-based access control (RBAC), two-factor authentication (2FA), and single sign-on through standard identity providers. Access is granted on a least-privilege basis and reviewed as part of our security practices.
Audit and accountability
Unizo keeps tamper-evident, append-only audit records of system activity, so teams can trace what happened, when, and for which tenant. Records include the timestamp, the actor identity, the action taken, and its outcome.
Incident response and breach notification
Unizo maintains a documented incident response plan. In the event of a confirmed personal data breach, we will notify affected customers within 72 hours of confirmed awareness, consistent with GDPR Article 33, with enough detail for customers to meet their own notification obligations. Report a security concern: [email protected].
How Unizo connects to your tools
Unizo connects to your security and infrastructure tools over their APIs, authenticating with credentials that you provide and control. Those credentials are encrypted and isolated per customer. You can revoke them at any time, which ends Unizo's access to the connected tool.
Where your data lives
Your Live Security Context data stays within your deployment. Whether you run Unizo on-premises, in a private cloud, or in our SaaS, the data does not leave your instance. In the SaaS model, each customer runs in a dedicated, single-tenant environment, so your data is isolated from every other customer. Unizo does not use customer data to train our models.
Deployment
Unizo supports three deployment models, so security teams can choose the one that fits their environment and data-residency requirements:
| Model | Description |
|---|---|
| On-premises | Runs inside your own infrastructure, under your operational control. |
| Private cloud | A dedicated, isolated environment separated from other customers. |
| Public SaaS | Unizo-hosted and managed, for teams that prefer a fully managed service. |
Our security, access-control, and audit practices apply consistently across all three.
Documentation for your review
The following are available on request for vendor assessments and security reviews:
- SOC 2 Type II report
- Security whitepaper
- Data Processing Agreement
- Sub-processor list
- Incident response summary
Request the security package by emailing [email protected].
Contact
Security inquiries: [email protected] · Privacy inquiries: [email protected]