Trust, privacy, and compliance
Security, access control, and transparency reporting
Security, access control, and transparency reporting are fundamental pillars of the Unless platform, designed to protect your data, ensure compliance with regulations, and maintain clear communication about data handling practices. Understanding how Unless manages these aspects will help you confidently implement and operate AI solutions while safeguarding privacy and meeting regulatory requirements.
security measures and infrastructure
Unless employs a robust, compliance-by-design architecture that integrates multiple layers of security to protect your data and AI interactions. The platform is built to meet stringent standards such as GDPR, the EU AI Act, DORA, ISO 42001, and OWASP security guidelines.
Key security features include:
- Infrastructure security: Data centers certified to ISO 27001 standards, with DDoS protection, firewalls, and intrusion protection systems that monitor and block suspicious activities.
- Encryption: All data is encrypted both in transit and at rest using strong protocols like TLS with at least 128-bit AES encryption and AES-256 for stored data.
- Patch management: Automated deployment and patching processes ensure that security vulnerabilities are addressed promptly without disrupting service.
- Backups and recovery: Continuous data backups with point-in-time recovery capabilities, encrypted and retained for 35 days, ensure data integrity and availability.
- Availability: The platform is globally distributed across 75 edge locations, providing high availability and automatic failover to maintain uninterrupted service.
These measures collectively create a secure environment that protects against unauthorized access, data breaches, and service disruptions.
access control principles and user management
Access to the Unless platform is tightly controlled to ensure that only authorized personnel can perform specific tasks. Access control is based on the principle of least privilege, with role-based permissions aligned with ISO 27001 standards.
Unless offers three main user roles:
- Admin: Full rights within a customer account, including user management.
- User: Access to all features except user management.
- Team Assistant only: Limited to authenticating the browser extension without dashboard visibility.
Access control is further strengthened by:
- Unique credentials for each engineer or user.
- SSH key-based authentication for server access.
- Monthly reviews of security access rights to ensure appropriateness.
- Support for Single Sign-On (SSO) via SAML 2.0 on enterprise plans.
- Mandatory Multi-Factor Authentication (MFA) can be enabled workspace-wide to enhance login security.
- Immediate removal of access when users leave the organization, with audit logs preserving action history.
API keys used for integrations can be rotated instantly, with a 24-hour overlap period to allow seamless updates.
transparency and reporting
Transparency is a core value at Unless, ensuring customers and users are fully informed about data privacy and security practices. The platform provides clear visibility into what data is collected, how it is used, where it is stored, and for how long.
Key transparency features include:
- A dedicated Security and privacy dashboard where you can configure PII filters, review audit trails, and manage compliance controls.
- Detailed logging of all system updates, configuration changes, and access events to maintain a comprehensive audit trail.
- Publicly available privacy policies and data processing agreements that explain data handling practices and legal obligations.
- Prompt notification procedures in the event of any personal data breach, complying with applicable laws.
- Commitment to keeping customers informed about any changes to data protection processes and policies.
- Data residency guarantees, with all personal identifiable information (PII) stored exclusively within the European Union.
- Compliance with data subject rights under GDPR, including access, rectification, restriction, and deletion of personal data.
your role in security and compliance
While Unless provides a secure and compliant platform, your organization retains responsibility for certain implementation-specific aspects:
- Controlling what data is imported into the AI system and ensuring it meets quality and sensitivity standards.
- Defining and managing user roles and permissions within your team.
- Maintaining transparency with your customers about AI interactions and data processing.
- Securing integration points and API credentials.
- Reviewing AI-generated content for accuracy and appropriateness.
- Conducting regular audits and compliance reviews aligned with your industry requirements.
conclusion
Unless combines advanced security infrastructure, strict access control, and transparent reporting to create a trustworthy environment for AI-powered customer interactions. By leveraging these built-in protections and following best practices for implementation, your organization can confidently deploy AI solutions that respect privacy, meet regulatory demands, and maintain operational integrity.