Data secure.
Work traceable.
Two promises. One system. UNOY protects your data to the highest standards — and makes every work step transparent, rule-based and auditable. Built for organizations that not only want to automate, but are also required to.
Usable in regulated areas. Traceable for auditors. Safe for your data.
audit trail · engagement #4821
LiveData security
What we guarantee — without exceptions
Your data belongs to you.
We process it — we don’t exploit it.
No model training
Your inputs (prompts) and outputs (completions) are not used to improve or train AI models.
No data sharing
Your data is not accessible to other customers. Full tenant isolation.
EU/EEA exclusive
Your data is not accessible to entities outside the EU/EEA. No US transfers. No exceptions.
No third-party use
Your data is not used to improve any third-party products or services. No hidden purposes.
Status quo
What missing governance actually costs.
Most companies automate — without putting control on top. The risk: fines, audit findings and reputational damage.
20 Mio. €
GDPR fine ceiling
Or 4 % of annual revenue — for violations of the data-protection regulation. Automated processes without an audit trail raise the risk.
120,000 €
Average audit follow-up
External reviewers, expert opinions, corrective actions — the typical cost of a single compliance finding.
73 %
of companies without an AI policy
Deploy GenAI but have no governance framework for it. The next audit will come — and find a gap.
For your role
Governance solves different problems.
CISO / IT security
Full control over infrastructure and access
- checkSOC 2 + ISO 27001 certification
- checkEU data centres, no CLOUD Act
- checkEncryption at rest + in transit
- checkSecurity checklist available for download
Data-protection officer
Demonstrate GDPR compliance at any time
- checkData processing agreement (DPA) ready
- checkTOMs documented + auditable
- checkNo US sub-processors
- checkAudit trail for every process
Legal / Compliance
Trace and own the results
- checkRule-based + AI = traceable
- checkSign-off workflows per process
- checkVersioned knowledge base (Skills)
- checkSupervised model with legal liability
Data centre & standards
Certified. Reviewed. Ready to use.
UNOY operates dedicated infrastructure in the EU. These certifications apply to our data centre and the entire operating environment.
EU data protection
GDPR
Data minimization, purpose limitation, right to information. Fully compliant at every layer.
Information security
ISO 27001
Certified to the international standard for information security management systems.
Service Organization Controls
SOC 2 Type II
Continuously reviewed by independent auditors over multiple months.
Frankfurt · Vienna
EU sovereignty
Data does not leave the EU. Two data centres, no US sub-processors. No CLOUD Act, no Patriot Act — your data stays in Europe.
Security in everyday work
How security works in everyday operations
Operational security controls — continuously reviewed, documented, auditable.
Infrastructure security
System performance continuously monitored
Resource monitoring, adapted to current and forecasted demand.
Access clearly regulated and secured
All system components configured to company policy.
Organizational security
Business continuity & disaster recovery
Documented plans, annually tested, communication strategies for key-personnel outage.
ICT readiness
Planned, implemented and tested based on business continuity objectives.
Data storage
Backup policy, regular recovery tests.
Product security
Incident Response
Documented procedures for handling with security incidents.
Supplier contracts
Information security requirements agreed per supplier.
Incident planning
Processes, roles and responsibilities defined and communicated.
Data & Privacy
Encrypted data transfer
Secure protocols over public networks.
Encrypted remote access
Only authorized employees, only encrypted connections.
Encryption at rest
Sensitive customer data protected at rest.
Internal security procedures
Information security in project management
Integrated into every project.
Data-protection impact assessment
Conducted for high-risk activities, in line with legal requirements.
Governance
No black box. Every decision traceable.
Automation in regulated areas needs more than security. It needs the certainty that every result is explainable — who decided, on what basis, at what point in time.
3×
more measurable benefit from GenAI
According to Gartner, organizations with structured AI governance achieve three times more measurable business value from GenAI than companies without a governance framework. UNOY delivers this framework — integrated directly into the system.
Source: Gartner, “AI Governance Framework”, 2024
Traceability
What did the AI do, what did the rule set do?
Every work step in UNOY is transparently labeled: what the AI contributed, what was rule-based and executed in workflows, what a human approved. No result without traceable origin.
From the first input to the finished result: every step with timestamp, actor and decision. Reviewable, exportable and audit-ready.
Audit log · case #7823
Time
Actor
Action
Status
Routine
auto-approvedStandard rule set · 98% of cases
Important
review requiredDeviation identified · 1.5% of cases
Critical
signatureLiability · precedent setting · 0.5% of cases
Sign-offs
You decide — where it counts.
Three sign-off levels: routine runs automatically, important steps are reviewed, critical decisions need your signature. You define where automation ends — and responsibility begins.
Versioned Skills
Knowledge is documented — not just applied.
Skills — the building blocks of your workflows — are versionable and archivable. Each version documents which rules, standards and decision logic applied at a given point in time. When a standard changes, the old version is preserved. So you can trace at any time on which basis a result was produced.
Skill: GDPR disclosure review
3 versionsActive
EU AI Act integration · Art. 52 transparency obligation added
Archived
Adaptation of Art. 17 GDPR · retention deadlines updated
Archived
Initial version · GDPR as of 01/2025
Know Why · flight-rights review
menu_bookLegal basis
Regulation (EC) No 261/2004 — flight-rights regulation
Valid since
17.02.2005 · Last review: 01.03.2026
Decision logic
Art. 7(1)(c) — distance >3,500 km → €600 compensation. Exception: extraordinary circumstances under Art. 5(3).
Owner
Dr. Müller · documented on 12.01.2026
Know Why
The relevant knowledge is part of the workflow.
In every workflow’s Know-Why section the underlying expertise is documented: which standard applies, which interpretation was chosen, why exactly this decision logic. Not added retroactively — integrated from the start. That ensures that not only the result, but also the rationale, is traceable.
documentation
All documents for Your review
All relevant documents for your review — bundled and on request available.
terms of use
Select your country to review the applicable terms of use — including confidentiality provisions and the data processing agreement.
Security & Governance Paket
All relevant documents for your review — bundled in one package. Request it directly.
- check_circle Engagement letter
- check_circle NDA
- check_circle TOMs
- check_circle Order processing terms
- check_circle Security checklist
FAQ
What you should know
Is my data used to train AI models? add
No. Neither your inputs (prompts) nor your outputs (completions) flow into model training. Your data is processed exclusively for your tasks.
Where are my data stored? add
Exclusively in the EU — data centres in Frankfurt and Vienna. No US-sub-processors, no data transfers outside of the EEA.
Can I export the audit trail? add
Yes. You can export audit trails at any time as CSV, JSON or PDF. Complete, unaltered and certified for audits and compliance reviews.
Who has access to my data? add
Only you and the people you authorise. UNOY staff have no access to your production data. Everything is role-based and fully logged.
What happens in case of a data breach? add
We follow a defined incident response plan. You are notified immediately. Affected data is isolated, the incident documented and the root cause resolved.
Can I bring in external auditors? add
Yes. You can grant audit accounts, give auditors access to trails and generate audit reports directly from UNOY.
How often are penetration tests carried out? add
Twice a year by independent security auditors. The reports are available to you on request. We address findings in order of priority.
Can I define my own governance rules? add
Yes. You can configure sign-off requirements, data-access policies and workflow approvals according to your own guidelines.
Review UNOY with your own data.
30-minute demo. Live, on your use case. No pitch. Just a real result.