Unito is hosted in Amazon Web Services (AWS) data centers located in the USA.

We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats. They rely on tools such as AWS Cloudwatch and AWS GuardDuty to ensure the effectiveness of our protective measures.

Transport Level Security (TLS) version 1.2 is used to encrypt data in transit. Unito maintains an “A+” rating on Qualys SSL labs tests. Data at rest is encrypted with AES 256 algorithms or better. Find out more.

We use an on-call engineer rotation and a fast, robust escalation process to guarantee prompt reaction to any security event.

We don’t store data from work items; we compute checksums of field data which enables us to sync your tools.

Once we’ve confirmed a change by comparing checksums, we request work item data from one side and immediately replicate it on the other. The data lives briefly in system memory and is never stored. Click here to learn how we manage personal data.

We store the name and email of each user who collaborates on workflows in order to accurately sync items across your tools. These users include anyone who makes changes to synced items or who follows/watches synced items. This data is encrypted at rest and deleted upon request at the end of a contract.

These details are forwarded to Stripe, a third party. Visit Stripe’s security page for more details.

We never store file data, such as attachments. For non-streaming attachments we only sync the link, not the attachment itself. Our attachment streaming feature does require us to have access as an attachment is streamed, but that data is never stored. Here’s how we sync file attachments.

We access the APIs of applications from a set of fixed, identifiable IP addresses. This provides additional IP-based security for self-hosted Jira, GitHub or GitLab servers.