Trust Center

Security and Compliance at UN1QUELY

We protect things that matter.

Protecting personal and customer confidential information is our top priority. For the sake of our customers, our business ethics and values, we don’t compromise or cut corners when it comes to data security. As part of that commitment, we operate with the utmost transparency. The following overview provides a high-level look at the ever-evolving security
practices we have in place.

We’re compliant with the highest security and privacy standards

ISO 27001 – UN1QUELY has achieved the ISO 27001 certificate and it can be available, upon request, for review by existing customers and new prospects without a signed NDA. By being audited and certified against the ISO 27001 standard, we demonstrate our commitment to identifying risks and putting in place robust, repeatable controls, ensuring that our organization maintains a strong secure posture.

GDPR & CCPA – UN1QUELY is audited annually by external independent auditors against GDPR and CCPA privacy regulations. By complying with GDPR and CCPA we prove our commitment to protecting personal information and enforcing a consent based model to personal data processing.

HIPAA – UN1QUELY is audited annually by external independent auditors against HIPAA Privacy and Security Rules. By complying with HIPAA we show our determination towards maintaining high healthcare security and privacy standards and make no compromises with patients data for our healthcare customers.

OFFENSIVE SECURITY certifications are the most well-recognised and respected in the industry. Courses focus on real-world skills and applicability, preparing penetration testers for real-life challenges. UN1QUELY consultants have achieved OSCP and OSWP.

Our encryption protocols are national-security worthy

Powered by a multi-cloud environment, we keep all data encrypted both in rest and in motion using best-in-breed security algorithms such as RSA4096, SHA256 and AES256. Data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). At rest, all data is subject to battle-proof encryption algorithms and stored using secret management services.

With end-to-end encryption at every stage – at rest, in transit, or in cloud storage – UN1QUELY services ensure your data is always safe, secure, and private. Even the metadata communications between your system and the UN1QUELY are encrypted for total security.

Our consent-based model gives people control over their personal and protected health information

According to Europe’s General Data Protection Regulation of 2018, personal data, including protected health data, is owned by the individual it represents, and consent to process and share that data must be “freely given, specific, and informed.” We couldn’t agree more.

When a user uses UN1QUELY services, they are sending a request to an individual for permission to access their data, empowering the average person to exercise consent and data ownership.

Our security measures are ever evolving to keep pace with the changing threat landscape

Our work on security and privacy efforts does not have an end; it’s a continuous cycle of researching, revising, implementing, testing, fixing, scaling, blocking, and permissioning. We are constantly working to meet and exceed what is asked of us from regulators, investors, partners, and users, and we collectively live the security processes on a daily basis. Security and privacy are integral to our culture. After all security is one of the core services we offer.

Data retention and removal is standardized and at the discretion of our users

All permissioned user data held by UN1QUELY is available to our customers for electronic retrieval for a period of 30 days after the expiration or termination of the Master Service Agreement. All data is then completely removed from UN1QUELY’s servers. Every user can request the removal of their personal data by contacting UN1QUELY support. Read more about our privacy settings.

We establish strong defences at points of entry

UN1QUELY developed apps and backend infrastructure, the main entry points of user data, only allows client requests using strong TLS protocols. All communication between UN1QUELY maintained infrastructure and data platforms is transmitted over encrypted tunnels.

We take all necessary infrastructure precautions

All of our services run in cloud environments. We don’t host or run our own routers, load balancers, DNS servers, or physical servers. Cloud providers we use regularly undergo independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP, and many others.

Applying Secure Software Development Life Cycle (S-SDLC) which focuses on incorporating security into the development cycle

  • Applying Secure Software Development Life Cycle (S-SDLC) which focuses on incorporating security into the development cycle
  • We assess the security of our code using industry well-known security frameworks such as ATT&CK, OWASP Top 10, and SANS Top 25
  • Developers participate in regular security training to learn about common vulnerabilities, threats and secure coding best practices
  • We review our code for security vulnerabilities
  • We regularly update our backend infrastructure and software and make sure none of them have known vulnerabilities

We use static application security testing (SAST) and dynamic application security testing (DAST) to detect basic security vulnerabilities in our codebase
We conduct regular external penetration tests on our production environments

Our application security monitoring and protections solutions
allow us the visibility to:

  • Identify attacks and respond quickly to a data breach
  • Monitor exceptions and logs and detect anomalies in our applications
  • Collect and store logs to provide an audit trail of our applications activity

We also deploy a runtime protection system that identifies and blocks web attacks and business logic attacks in real time, as well as security headers to protect our users from attacks.

We practice stringent network-level security monitoring and protection

We maintain our own in-house Security Operations Center. Our network consists of multiple security zones, which we monitor and protect with trusted and next-generation firewalls, including IP address filtering, to insure against unauthorized access. We deploy an intrusion detection and/or prevention solution (IDS/IPS) that monitors and blocks potential malicious packets as well as distributed denial of service (DDoS) mitigation services powered by an industry-leading solution.

We boast an industry-leading security team

Our security team comprises security experts dedicated to constantly improving the security of our organization. Our team is trained and certified in security threat detection and incident response, security engineering, penetration testing, application security, security management&compliance and latest security best practices.

We encourage responsible disclosure.

If you discover vulnerabilities in our application or infrastructure, we ask that you alert our team by contacting please include a proof of concept in your email. We will respond as quickly as possible to your submission and won’t take legal action if you follow the responsible disclosure process:

Please avoid automated testing and only perform security tests with your own data.
Please include a proof of concept in your email.
Do not disclose any information regarding the vulnerabilities until clear approval is given.

Note that our bug bounty program is currently closed and we are not looking for new security researchers.

General Information Security Policy

Protect UN1QUELY’s informational and IT assets (including but not limited to all computers, mobile devices, networking equipment, software and sensitive data) against all internal, external, deliberate or accidental threats and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of these systems;

Ensure information will be protected against any unauthorized access. Users shall only have access to resources that they have been specifically authorized to access. The allocation of privileges shall be strictly controlled and reviewed regularly.

Protect CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties;

Ensure INTEGRITY of information. Integrity of information refers to protecting information from being modified by unauthorized parties;

Maintain AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorized parties can access the information when needed.

Comply with and, wherever possible, exceed, national legislative and regulatory requirements, standards and best practices;

Develop, Maintain and Test business continuity plans to ensure we stay on course despite all obstacles that we may come across. It is about “keeping calm and carrying on!”;

Raise awareness of information security by making information security training available for all Employees. Security awareness and targeted training shall be conducted consistently, security responsibilities reflected in job descriptions, and compliance with security requirements shall be expected and accepted as a part of our culture;

Ensure that no action will be taken against any employee who discloses an information security concern through reporting or in direct contact with Information Security Management Leader, unless such disclosure indicates, beyond any reasonable doubt, an illegal act, gross negligence, or a repetitive deliberate or willful disregard for regulations or procedures;

Report all actual or suspected information security breaches to

We’re your security advantage. We offer peace of mind.