Data secure.
Work traceable.
Two promises. One system. UNOY protects your data to the highest standards and makes every work step transparent, rule-based, and auditable. Built for organizations that not only want to structure their work, but are required to do so.
Usable in regulated environments. Traceable for auditors. Secure for your data.
Audit Trail · Matter #4821
Live§ 02 · Trust Center
The most reliable platform for regulated expert work.
UNOY OS makes security a prerequisite, not an add-on. Compliance is continuously monitored, reports are accessible at any time, and audit trails run automatically.
Continuous Monitoring
24/7 continuously monitored.
Compliance is not a one-time audit. Our security controls are continuously observed, not annually, but on an ongoing basis.
Data Residency
100 % EU / EWR.
Data centers in the EU. Encryption at-rest and in-transit. No data transfers to third countries, without exception.
Certifications
ISO 27001 · SOC 2 Type II · ISO/IEC 42001.
Three independent audits, plus GDPR compliance. ISO/IEC 42001 adds the first standard for AI management systems.
Accountability
Platform plus Delivery Partner.
UNOY is responsible for platform performance. Legal or professional outputs are signed by licensed delivery partners, with professional liability insurance and confidentiality obligations.
Data Security
What we guarantee, without exceptions
Your data belongs to you.
We process it, we do not exploit it.
No Model Training
Your inputs (prompts) and outputs (completions) are not used to improve or train AI models.
No Data Sharing
Your data is not accessible to other clients. Complete tenant separation.
EU/EEA-exclusive
Your data is not accessible to entities outside the EU/EEA. No US transfers. No exceptions.
No Third-Party Use
Your data is not used to improve third-party products or services. No hidden purposes.
Status Quo
What missing governance really costs.
Most organizations structure their work without control over it. The risk: fines, audit findings, and reputational damage.
20 Mio. €
GDPR Maximum Fine
Or 4 % of annual revenue, for violations of the General Data Protection Regulation. Automated processes without an audit trail increase the risk.
120.000 €
Average Audit Remediation Cost
External auditors, expert opinions, corrective measures: the typical cost of a single compliance finding.
73 %
of organizations without an AI policy
Use GenAI but have no governance framework for it. The next audit will come and find a gap.
For Your Role
Governance solves different problems.
CISO / IT-Security
Full control over infrastructure and access
- checkGDPR · ISO 27001 · SOC 2 Type II · ISO/IEC 42001 (AI Management)
- checkEU data centers, no CLOUD Act
- checkEncryption at rest + in transit
- checkSecurity checklist available for download
Data Protection Officer
Demonstrate GDPR compliance at any time
- checkData Processing Agreement (DPA) ready
- checkTOMs documented + auditable
- checkNo US sub-processors
- checkAudit trail for every matter
Legal / Compliance
Trace and take responsibility for results
- checkRule-based + AI = traceable
- checkApproval workflows per matter
- checkVersioned knowledge base (Skills)
- checkSupervised model with legal liability
Data Center & Standards
Certified. Audited. Ready to deploy.
UNOY operates dedicated infrastructure in the EU. These certifications apply to our data center and the entire operating environment.
EU Data Protection
GDPR
Data minimization, purpose limitation, right of access. Fully compliant at every layer.
Information Security · Data Centers
ISO 27001
The EU data centers where UNOY runs are ISO 27001 certified, the international standard for information security management systems.
Service Organization Controls · Data Centers
SOC 2 Type II
Ongoing audit by independent auditors over multiple months.
AI Management · Data Centers
ISO/IEC 42001
The data center providers are ISO/IEC 42001 (AI Management) certified, the standard for governance, risk management, and accountability in AI use within infrastructure operations.
Frankfurt · Vienna
EU Sovereignty
Data does not leave the EU. Two data centers, no US sub-processors. No CLOUD Act, no Patriot Act. Your data stays in Europe.
Security in Daily Operations
How security works in everyday operations
Operational security controls, continuously reviewed, documented, and auditable.
Infrastructure Security
System performance is continuously monitored
Resource monitoring, adapted to current and projected requirements.
Access clearly governed and secured
All system components configured in accordance with company policy.
Organizational Security
Business Continuity & Disaster Recovery
Documented plans, annually tested, communication strategies for key-person failure.
ICT-Readiness
Planned, implemented, and tested based on business continuity objectives.
Data Backup
Backup policy, regular restoration tests.
Product Security
Incident Response
Documented procedures for handling security incidents.
Supplier Contracts
Information security requirements agreed per supplier.
Incident Planning
Processes, roles, and responsibilities defined and communicated.
Data & Privacy
Encrypted Data Transmission
Secure protocols over public networks.
Encrypted Remote Access
Authorized personnel only, encrypted connections only.
Encryption at Rest
Sensitive client data protected at rest.
Internal Security Procedures
Information Security in Project Management
Integrated into every project.
Data Protection Impact Assessment
Conducted for high-risk processing activities in accordance with legal requirements.
Governance
No black box. Every decision traceable.
Matter processing in regulated environments requires more than security. It requires the certainty that every result is explainable: who decided, on what basis, at what point in time.
3×
more measurable value from GenAI
Organizations with structured AI governance achieve three times more measurable business value from GenAI than those without a governance framework, according to Gartner. UNOY delivers this framework, integrated directly into the system.
Source: Gartner, “AI Governance Framework”, 2024
Traceability
What does the AI do, what does the rule set do?
Every work step in UNOY is transparently labeled: what the AI contributed, what was executed rule-based in workflows, what a human approved. No result without traceable origin.
From the first input to the final result: every step with timestamp, actor, and decision. Verifiable, exportable, and revision-proof.
Audit Log · Case #7823
Time
Actor
Action
Status
Routine
auto-approvedStandard rule set · 98% of cases
Wichtig
Review requiredDeviation detected · 1.5% of cases
Kritisch
Signature requiredLiability · Precedent · 0.5% of cases
Approvals
You decide where it matters.
Three approval levels: routine runs automatically, important matters are reviewed, critical ones require your signature. You define where matter processing ends and responsibility begins.
Versioned Skills
Knowledge is documented, not merely applied.
Skills, the building blocks of your workflows, are versionable and storable. Each version documents which rules, standards, and decision logic applied at a given point in time. When a standard changes, the previous version is preserved. This allows you to trace at any time on what basis a result was produced.
Skill: GDPR Access Request Check
3 VersionsActive
EU AI Act Integration · Art. 52 transparency obligation added
Archived
Amendment Art. 17 GDPR · deletion periods updated
Archived
Initial version · GDPR as of 01/2025
Know Why · Passenger Rights Check
menu_bookLegal Basis
VO (EG) Nr. 261/2004, Fluggastrechte-Verordnung
Valid since
17.02.2005 · Last review: 01.03.2026
Decision Logic
Art. 7 para. 1 lit. c, distance >3,500 km → €600 compensation. Exception: extraordinary circumstances per Art. 5 para. 3.
Responsible
Dr. Müller · Documented on 12.01.2026
Know Why
The relevant knowledge is part of the workflow.
In the Know Why section of every workflow, the underlying expert knowledge is documented: which standard applies, which interpretation was chosen, why exactly this decision logic. Not added after the fact, but integrated from the start. This ensures that not only the result, but also the rationale is traceable.
Documentation
All documents for your review
All relevant documents for your review, bundled and available on request.
Terms of Use
Select your country to view the applicable terms of use, including confidentiality provisions and data processing agreement.
Security & Governance Package
All relevant documents for your review, bundled in one package. Request it directly.
- check_circle Data Processing Agreement
- check_circle NDA
- check_circle TOMS
- check_circle Contract Terms
- check_circle SecurityChecklist
Frequently Asked Questions
What you should know
Is my data used to train AI models? add
No. Neither your inputs (prompts) nor your outputs (completions) flow into model training. Your data is processed exclusively for your tasks.
Where is my data stored? add
Exclusively in the EU, in data centers in Frankfurt and Vienna. No US sub-processors, no data transfers outside the EEA.
Can I export the audit trail? add
Yes. You can export audit trails at any time as CSV, JSON, or PDF. Complete, unaltered, and certified for audits and compliance reviews.
Who has access to my data? add
Only you and the people you authorize. UNOY staff have no access to your production data. Everything is role-based and fully logged.
What happens in the event of a data breach? add
We follow a defined incident response plan. You will be notified immediately. Affected data is isolated, the incident is documented, and the cause is remediated.
Can I involve external auditors? add
Yes. You can grant audit accounts, give auditors access to trails, and generate audit reports directly from UNOY.
How often are penetration tests conducted? add
Semi-annually by independent security firms. Reports are available to you on request. We remediate findings on a prioritized basis.
Can I define my own governance rules? add
Yes. You can configure approval requirements, data access policies, and workflow authorizations according to your guidelines.
Who needs governance
Governance is not just an IT topic.
Four perspectives, four use cases, one platform.
P2 · Legal
Governance for Legal Workflows
Playbooks, four-eyes principle, audit trail, versioning per workflow.
P3 · Chamber
Governance for Member Services
WKIS-SSO, audience targeting, versioning of advisory content.
P4 · Claims
Governance for High-volume Matters
SLA, Status-Reporting, Eskalation, KPI logs across pipeline runs.
Delivery
Governance for Delivery
Delivery partner accountability, approvals, audit trail per matter.
P5 · IT / Governance
Review the UNOY architecture against your requirements.
Test UNOY with your own data.
30-minute demo. Live with your matter. No pitch. Just a real result.