The interesting security questions about AI droids are architectural — credentials, approvals, isolation, training. We've answered them in the runtime, not just on the policy page.
Audits are real, controls are continuously monitored, the next audit cycle is on the calendar. Documentation lives one email away — security@unify.ai.
| Standard | Status | Coverage | Reference |
|---|---|---|---|
| SOC 2 Type II | In progress | Type II audit underway against the Security, Availability, and Confidentiality criteria. Type I attestation in place. | Report available under NDA on issue. |
| GDPR (UK + EU) | Aligned | Personal data processed under UK and EU GDPR. DPIAs in place for high-risk processing. | DPA available on request. |
| CCPA | Aligned | California Consumer Privacy Act requirements met. | Privacy documentation available. |
| Independent penetration testing | Certified | Application and infrastructure pen-tested by an independent assessor. Findings remediated and re-tested. | Summary report available under NDA. |
| ISO 27001 | In progress | ISMS controls implementation and evidence collection in progress. | Audit evidence shared after certification. |
AI droids introduce attack surfaces traditional SaaS doesn't. These are the architectural choices that keep that surface small — implemented in code, not in policy.
API keys and OAuth tokens are stored encrypted and injected at execution time by a backend tool gateway. The model itself never sees them — not when planning, not when calling tools, not in logs. This isn't a policy, it's how the runtime is built.
Outbound emails, code pushes, ad-spend changes, charges, app deploys — anything with a side effect waits for explicit approval in the channel of your choice before it runs. Admins decide which categories require it. Defaults are conservative.
Each workspace runs in an isolated execution environment with no cross-tenant access at the infrastructure or application layer. Memory, skills, and integrations are scoped to your workspace. What happens in your tenant stays in your tenant.
Conversations, files, business data, and outputs stay in your workspace. We don't train on customer data — contractually, not just as a policy. Anthropic, OpenAI, and Google operate under no-training, zero-retention agreements for Droid traffic.
Emails, web pages, attachments — anything inbound — is rendered as data inside the model context, not as instructions. Combined with the approval layer, an injection that hijacks the model still can't move money, push code, or send mail without you.
TLS 1.3 in transit, AES-256 at rest, secrets in a KMS-backed vault with automatic rotation. SSO via OAuth/OIDC on every plan; SAML 2.0 (Okta, Entra ID, Google Workspace) on Enterprise. MFA enforced at the IdP.
Hearing it from a researcher first is always better than reading it on Twitter. Email security@unify.ai with reproduction details. Meaningful findings get acknowledged, credited if you want it, and rewarded in Droid credits. A formal bug bounty programme is on the near-term roadmap.
No. Credentials are encrypted at rest and injected at execution time by a backend tool gateway. The model receives the tool's response, not the secret used to call it. There is no code path where the model sees a credential — including in logs.
Not by us, and not by our providers. This is in our DPA, not just on a policy page. Anthropic, OpenAI, and Google operate under no-training, zero-retention agreements for Droid traffic.
Not by default. Outbound mail, code pushes, ad-spend changes, charges, and deploys wait for an approval prompt before they execute. Admins pick which categories require it. Defaults are conservative — you can always relax them per workspace.
Each workspace runs in its own sandboxed execution environment with no cross-tenant data access at the infrastructure or application layer. The boundary is technical, enforced in code, not just contractual.
Only with your explicit permission, only when needed for support or incident resolution, and only for the minimum time required. All staff access is logged, time-limited, and auditable.
The hosted product runs in the European Union by default. UK-only data residency is available as a per-customer deployment configuration on Enterprise contracts. Other regions on request.
OAuth/OIDC with Google and Microsoft Azure AD on every plan. SAML 2.0 (Okta, Entra ID, Google Workspace, OneLogin, any SAML 2.0 IdP) on Enterprise. MFA is enforced at the identity provider. Internal Droid staff access is gated on Google Workspace SSO with mandatory 2-step verification.
Anthropic Claude, OpenAI, and Google Gemini. Routed per task by cost, latency, and quality. All three are on our public sub-processor list and operate under no-training, zero-retention agreements for Droid traffic. Data-handling terms are identical across providers.
Untrusted inbound content (emails, web pages, attachments) is isolated from instructions in the model's context. Combined with the approval gate on side-effect tools, a successful injection still cannot move money, push code, or send mail without a human in the loop.
We have a documented incident response plan. The relevant supervisory authority is notified within 72 hours of awareness (UK GDPR Article 33), and affected customers receive an incident report and remediation plan under the DPA without undue delay.
Yes. Workspace admins can delete conversations, memory, and files self-serve. Full account deletion is a single email to support@unify.ai, completed within 7 business days.
Once Type II is issued, the report is available to customers and prospective customers under NDA. In the meantime, our security pack and completed security questionnaires (CAIQ, SIG, HECVAT) are available on request.
Our public sub-processor list is available at /sub-processors. All sub-processors are contractually bound to the same data-protection standards.
We'll walk through the architecture, share the security pack, and complete questionnaires — CAIQ, SIG, HECVAT, bespoke. Schedule a security review or email security@unify.ai.