Contact Us
Contact Us
© 2024 Unique AG. All rights reserved.

Trust Center

Earning our customers' trust is key to us. That's why we have implemented and keep on developing technical and organizational measures to protect your data and ensure secure processing of information.

Chat Experience (1)

Unique is at the Forefront of Enterprise Security & Compliance

Security & Compliance Standards

COMPLIANCE STANDARDS
ISO

We are certified with ISO 27001, ISO 9001 and ISO 42001, which regulate business quality, security & risks, and the responsible management of AI systems.

SOC 2

Unique has been certified by an independent audit company for SOC 2 Type 2 in February 2025. 

Data Security

Your data is safe with Unique, because we are committed to ensuring up-to-date compliance with the General Data Protection Regulation (GDPR). 

Recording Consent

Unique’s GDPR-compliant process flow guarantees consent from all meeting attendees.

COMPLIANCE STANDARDS
ISO

We are certified with ISO 27001, ISO 9001 and ISO 42001, which regulate business quality, security & risks, and the responsible management of AI systems.

SOC 2

Unique has been certified by an independent audit company for SOC 2 Type 2 in February 2025. 

Data Security

Your data is safe with Unique, because we are committed to ensuring up-to-date compliance with the General Data Protection Regulation (GDPR). 

Recording Consent

Unique’s GDPR-compliant process flow guarantees consent from all meeting attendees.

ENTERPRISE SECURITY
Microsoft Partner

Unique is a Microsoft partner and all data is stored on Microsoft Azure Cloud hosted in Switzerland.

Private Cloud

Our servers are located within Unique’s own private cloud, and we manage our APIs carefully to not allow any untrusted external connections.

Secured Access

OpenAI access is secured globally through Microsoft infrastructure, including data centres in Switzerland, Europe, the US, UK, and Asia. We explicitly opt out of data usage for training purposes, and prompt checking is disabled by default

ENTERPRISE SECURITY
Microsoft Partner

Unique is a Microsoft partner and all data is stored on Microsoft Azure Cloud hosted in Switzerland.

Private Cloud

Our servers are located within Unique’s own private cloud, and we manage our APIs carefully to not allow any untrusted external connections.

Secured Access

OpenAI access is secured globally through Microsoft infrastructure, including data centres in Switzerland, Europe, the US, UK, and Asia. We explicitly opt out of data usage for training purposes, and prompt checking is disabled by default

DATA SECURITY
Encryption

Any data and connections with Unique are secure using the latest encryption standards.

Data Access Policy

Data access and authorizations are managed on a need-to-know basis, and we apply the principle of least privilege.

Recordings

Recordings, transcripts, and analytics are encrypted in transit and at rest.

DATA SECURITY
Encryption

Any data and connections with Unique are secure using the latest encryption standards.

Data Access Policy

Data access and authorizations are managed on a need-to-know basis, and we apply the principle of least privilege.

Recordings

Recordings, transcripts, and analytics are encrypted in transit and at rest.

Controls

INFRASTRUCTURE SECURITY

  • Encryption key access restricted

  • Account authentication enforced 
  • Production application and database access restricted
  • Network and Firewall access restricted
Organizational Security
  • Anti-malware technology employed
  • Portable Devices encrypted 
  • Code of Conduct acknowledged by employees and enforced
  • NDA acknowledged by employees and contractors
Product Security
  • Bug Bounty program employed
  • Secure Development Lifecycle (SDLC)
  • Patch and Update Management
  • Incident Response 
Internal Security Procedures
  • Continuity and Disaster Recovery plans established
  • Management roles and responsibilities defined
  • Security policies established and reviewed
  • Risk management program established
Data and Privacy
  • Data retention procedures established
  • Customer data deleted upon leaving
  • Data classification policy established
  • GDPR Compliance
AI Governance
  • AI Policy defined
  • AI Governance Framework established
  • ISO 42001 certification maintained
  • AI Risk Assessment methodology implemented

Certifications

Get Our FREE Compliance Whitepaper

We share our collective experience in building secure and complaint GPT-based solutions for the financial industry.
Group 2341
Does Unique adhere to the EU AI Act?

Yes, we have performed a conformity assessment for each use case. In addition, we are in the process of obtaining a legal opinion from an external lawyer to also have an independent assessment.


Is Unique GDPR compliant?

Yes, we are both GDPR and nDSG compliant. We have implemented technical measures such as data minimization as well as organizational measures like compliance and awareness training.

Have you engaged a third party to assess your organization's privacy compliance?

Yes, ISO 27001 and also SOC 2 Type 1.

How is Customer Identifiable Data (CID) handled at Unique?

  1. CID is pseudonymized, anonymized, or encrypted through technical measures,

  2. Additional organizational measures are taken (e.g., careful password management, regulation of scope of access, etc.) and

  3. contractual measures to ensure confidentiality must be implemented (e.g., note in the contract that CID will be processed by data processors abroad, with reference to the measures you have taken to ensure confidentiality in accordance with FINMA requirements).

What certifications (e.g., audit, quality, data protection) does Unique comply with?
ISO 9001, ISO 27001, SOC 2 Type 1, ISAE 3402, FINMA outsourcing circular 2018/3 report.
 
Do you review your applications for security vulnerabilities and address any issues prior to deployment to production?

Yes, we conduct automated pentests and Bug bounty programs.

Do you have more questions?

See a comprehensive list of questions and answers regarding Security & Compliance at Unique:

Unique Public Documentation