Your data privacy is our priority

Unito is SOC 2 Type 2 certified with strict security measures in place to ensure the protection of our customers’ data.

Product Security

Unito customers entrust us with their most important work as it flows through multiple tools. We take the security of that work very seriously. Here's what we're doing to keep user data safe.

Application security and infrastructure

big icon solutions

Hosting and storage

Unito is hosted in Amazon Web Services (AWS) data centers located in the USA.

big icon solutions

Logging and monitoring

We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats. They rely on tools such as AWS Cloudwatch and AWS GuardDuty to ensure the effectiveness of our protective measures.

big icon solutions

Data encryption

Transport Level Security (TLS) version 1.2 is used to encrypt data in transit. Unito maintains an “A+” rating on Qualys SSL labs tests. Data at rest is encrypted with AES 256 algorithms or better. Find out more.

big icon solutions

Incident response

We use an on-call engineer rotation and a fast, robust escalation process to guarantee prompt reaction to any security event.

UNITO IS TRUSTED BY

Keeping our product and your data secure

Here's a breakdown of how we process tool data:

Work items

We don’t store data from work items; we compute checksums of field data which enables us to sync your tools.

Data flow

Once we’ve confirmed a change by comparing checksums, we request work item data from one side and immediately replicate it on the other. The data lives briefly in system memory and is never stored. Click here to learn how we manage personal data.

User data

We store the name and email of each user who collaborates on workflows in order to accurately sync items across your tools. These users include anyone who makes changes to synced items or who follows/watches synced items. This data is encrypted at rest and deleted upon request at the end of a contract.

Payment information

These details are forwarded to Stripe, a third party. Visit Stripe’s security page for more details.

File data

We never store file data, such as attachments. For non-streaming attachments we only sync the link, not the attachment itself. Our attachment streaming feature does require us to have access as an attachment is streamed, but that data is never stored. Here’s how we sync file attachments.

IP-Based Security

We access the APIs of applications from a set of fixed, identifiable IP addresses. This provides additional IP-based security for self-hosted Jira, GitHub or GitLab servers.

Authentication

Simplicity, without compromise on security. You can sign up with an email and password or with the OAuth2 protocol. Each tool account must go through the OAuth2 protocol before being added to a Unito workspace.

High availability

Here's what we're doing to ensure high availability:

  • Regular performance benchmarking
  • Production monitoring and alerts
  • On-call engineer rotation
  • Fast and continuous deployment
  • Industry standard cloud-based security compliance

Permissions

Unito workspaces with Company and Enterprise plans have one or more administrators. These administrators can control permissions for every other member, giving them complete control over the security of your workflows.

Compliance

Need more information?

If you have any security related questions or would like a deeper risk assessment, our security team is here to help.

Other security features

We keep in place a comprehensive software development process that puts security and privacy at the center of our work. Each team member is properly trained to protect our clients’ security and privacy.

Penetration testing

An external penetration test is performed at least once a year.

Employee training

All our employees attend an annual cybersecurity awareness training workshop.

Confidentiality

All employees and contractors sign a confidentiality agreement before working with Unito.

Background checks

We perform background and reference checks on new hires to the extent permitted by local privacy legislation.