Skribe — Recht. ERLEDIGT. | FairPlane — Anspruch. ERLEDIGT. | UNOY — Arbeit. ERLEDIGT.
Security & Governance

Data secure.
Work traceable.

Two promises. One system. UNOY protects your data to the highest standards and makes every work step transparent, rule-based, and auditable. Built for organizations that not only want to structure their work, but are required to do so.

Usable in regulated environments. Traceable for auditors. Secure for your data.

GDPR ISO 27001 SOC 2 Type II ISO/IEC 42001 EU Residency
security.unoy.io

Audit Trail · Matter #4821

Live
14:02 System Matter recorded
14:03 AI Document analyzed
14:05 Rule Rule set checked (12/12)
14:08 AI Draft created
14:15 Human Approval granted signed
AI · Rule set · Human: every step labeled

§ 02 · Trust Center

The most reliable platform for regulated expert work.

UNOY OS makes security a prerequisite, not an add-on. Compliance is continuously monitored, reports are accessible at any time, and audit trails run automatically.

Live-Monitoring EU Data Residency Audit-ready No US Transfers

Continuous Monitoring

24/7 continuously monitored.

Compliance is not a one-time audit. Our security controls are continuously observed, not annually, but on an ongoing basis.

Status · active

Data Residency

100 % EU / EWR.

Data centers in the EU. Encryption at-rest and in-transit. No data transfers to third countries, without exception.

Region · Frankfurt + Wien

Certifications

ISO 27001 · SOC 2 Type II · ISO/IEC 42001.

Three independent audits, plus GDPR compliance. ISO/IEC 42001 adds the first standard for AI management systems.

Reports · on request

Accountability

Platform plus Delivery Partner.

UNOY is responsible for platform performance. Legal or professional outputs are signed by licensed delivery partners, with professional liability insurance and confidentiality obligations.

Founding partner · Skribe RA

Data Security

What we guarantee, without exceptions

Your data belongs to you.
We process it, we do not exploit it.

model_training

No Model Training

Your inputs (prompts) and outputs (completions) are not used to improve or train AI models.

lock

No Data Sharing

Your data is not accessible to other clients. Complete tenant separation.

public

EU/EEA-exclusive

Your data is not accessible to entities outside the EU/EEA. No US transfers. No exceptions.

block

No Third-Party Use

Your data is not used to improve third-party products or services. No hidden purposes.

Status Quo

What missing governance really costs.

Most organizations structure their work without control over it. The risk: fines, audit findings, and reputational damage.

20 Mio. €

GDPR Maximum Fine

Or 4 % of annual revenue, for violations of the General Data Protection Regulation. Automated processes without an audit trail increase the risk.

120.000 €

Average Audit Remediation Cost

External auditors, expert opinions, corrective measures: the typical cost of a single compliance finding.

73 %

of organizations without an AI policy

Use GenAI but have no governance framework for it. The next audit will come and find a gap.

For Your Role

Governance solves different problems.

shield

CISO / IT-Security

Full control over infrastructure and access

  • checkGDPR · ISO 27001 · SOC 2 Type II · ISO/IEC 42001 (AI Management)
  • checkEU data centers, no CLOUD Act
  • checkEncryption at rest + in transit
  • checkSecurity checklist available for download
policy

Data Protection Officer

Demonstrate GDPR compliance at any time

  • checkData Processing Agreement (DPA) ready
  • checkTOMs documented + auditable
  • checkNo US sub-processors
  • checkAudit trail for every matter
gavel

Legal / Compliance

Trace and take responsibility for results

  • checkRule-based + AI = traceable
  • checkApproval workflows per matter
  • checkVersioned knowledge base (Skills)
  • checkSupervised model with legal liability

Data Center & Standards

Certified. Audited. Ready to deploy.

UNOY operates dedicated infrastructure in the EU. These certifications apply to our data center and the entire operating environment.

gavel

EU Data Protection

GDPR

Data minimization, purpose limitation, right of access. Fully compliant at every layer.

verified_user

Information Security · Data Centers

ISO 27001

The EU data centers where UNOY runs are ISO 27001 certified, the international standard for information security management systems.

fact_check

Service Organization Controls · Data Centers

SOC 2 Type II

Ongoing audit by independent auditors over multiple months.

smart_toy

AI Management · Data Centers

ISO/IEC 42001

The data center providers are ISO/IEC 42001 (AI Management) certified, the standard for governance, risk management, and accountability in AI use within infrastructure operations.

public

Frankfurt · Vienna

EU Sovereignty

Data does not leave the EU. Two data centers, no US sub-processors. No CLOUD Act, no Patriot Act. Your data stays in Europe.

Security in Daily Operations

How security works in everyday operations

Operational security controls, continuously reviewed, documented, and auditable.

Infrastructure Security

check_circle

System performance is continuously monitored

Resource monitoring, adapted to current and projected requirements.

check_circle

Access clearly governed and secured

All system components configured in accordance with company policy.

Organizational Security

check_circle

Business Continuity & Disaster Recovery

Documented plans, annually tested, communication strategies for key-person failure.

check_circle

ICT-Readiness

Planned, implemented, and tested based on business continuity objectives.

check_circle

Data Backup

Backup policy, regular restoration tests.

Product Security

check_circle

Incident Response

Documented procedures for handling security incidents.

check_circle

Supplier Contracts

Information security requirements agreed per supplier.

check_circle

Incident Planning

Processes, roles, and responsibilities defined and communicated.

Data & Privacy

check_circle

Encrypted Data Transmission

Secure protocols over public networks.

check_circle

Encrypted Remote Access

Authorized personnel only, encrypted connections only.

check_circle

Encryption at Rest

Sensitive client data protected at rest.

Internal Security Procedures

check_circle

Information Security in Project Management

Integrated into every project.

check_circle

Data Protection Impact Assessment

Conducted for high-risk processing activities in accordance with legal requirements.

Governance

No black box. Every decision traceable.

Matter processing in regulated environments requires more than security. It requires the certainty that every result is explainable: who decided, on what basis, at what point in time.

more measurable value from GenAI

Organizations with structured AI governance achieve three times more measurable business value from GenAI than those without a governance framework, according to Gartner. UNOY delivers this framework, integrated directly into the system.

Source: Gartner, “AI Governance Framework”, 2024

01

Traceability

What does the AI do, what does the rule set do?

Every work step in UNOY is transparently labeled: what the AI contributed, what was executed rule-based in workflows, what a human approved. No result without traceable origin.

From the first input to the final result: every step with timestamp, actor, and decision. Verifiable, exportable, and revision-proof.

audit.unoy.io

Audit Log · Case #7823

Time

Actor

Action

Status

14:02 System Matter recorded
14:03 KI Document analyzed
14:05 Regel Rule set checked (12/12)
14:08 KI Draft created
14:15 Mensch Approval granted signed
5 entries · Export CSV · JSON · PDF Revision-proof
freigaben.unoy.io

Routine

auto-approved

Standard rule set · 98% of cases

Wichtig

Review required

Deviation detected · 1.5% of cases

Kritisch

Signature required

Liability · Precedent · 0.5% of cases

02

Approvals

You decide where it matters.

Three approval levels: routine runs automatically, important matters are reviewed, critical ones require your signature. You define where matter processing ends and responsibility begins.

03

Versioned Skills

Knowledge is documented, not merely applied.

Skills, the building blocks of your workflows, are versionable and storable. Each version documents which rules, standards, and decision logic applied at a given point in time. When a standard changes, the previous version is preserved. This allows you to trace at any time on what basis a result was produced.

skills.unoy.io

Skill: GDPR Access Request Check

3 Versions
v2.1

Active

15.03.2026

EU AI Act Integration · Art. 52 transparency obligation added

v2.0

Archived

01.01.2026

Amendment Art. 17 GDPR · deletion periods updated

v1.0

Archived

10.06.2025

Initial version · GDPR as of 01/2025

Every version accessible · diff view available Versioned
knowwhy.unoy.io

Know Why · Passenger Rights Check

menu_book

Legal Basis

VO (EG) Nr. 261/2004, Fluggastrechte-Verordnung

Valid since

17.02.2005 · Last review: 01.03.2026

Decision Logic

Art. 7 para. 1 lit. c, distance >3,500 km → €600 compensation. Exception: extraordinary circumstances per Art. 5 para. 3.

Responsible

Dr. Müller · Documented on 12.01.2026

verified Rationale integrated from the start, not added after the fact
04

Know Why

The relevant knowledge is part of the workflow.

In the Know Why section of every workflow, the underlying expert knowledge is documented: which standard applies, which interpretation was chosen, why exactly this decision logic. Not added after the fact, but integrated from the start. This ensures that not only the result, but also the rationale is traceable.

Documentation

All documents for your review

All relevant documents for your review, bundled and available on request.

description

Terms of Use

Select your country to view the applicable terms of use, including confidentiality provisions and data processing agreement.

folder_special

Security & Governance Package

All relevant documents for your review, bundled in one package. Request it directly.

  • check_circle Data Processing Agreement
  • check_circle NDA
  • check_circle TOMS
  • check_circle Contract Terms
  • check_circle SecurityChecklist
Request Security Package

Frequently Asked Questions

What you should know

Is my data used to train AI models? add

No. Neither your inputs (prompts) nor your outputs (completions) flow into model training. Your data is processed exclusively for your tasks.

Where is my data stored? add

Exclusively in the EU, in data centers in Frankfurt and Vienna. No US sub-processors, no data transfers outside the EEA.

Can I export the audit trail? add

Yes. You can export audit trails at any time as CSV, JSON, or PDF. Complete, unaltered, and certified for audits and compliance reviews.

Who has access to my data? add

Only you and the people you authorize. UNOY staff have no access to your production data. Everything is role-based and fully logged.

What happens in the event of a data breach? add

We follow a defined incident response plan. You will be notified immediately. Affected data is isolated, the incident is documented, and the cause is remediated.

Can I involve external auditors? add

Yes. You can grant audit accounts, give auditors access to trails, and generate audit reports directly from UNOY.

How often are penetration tests conducted? add

Semi-annually by independent security firms. Reports are available to you on request. We remediate findings on a prioritized basis.

Can I define my own governance rules? add

Yes. You can configure approval requirements, data access policies, and workflow authorizations according to your guidelines.

Who needs governance

Governance is not just an IT topic.

Four perspectives, four use cases, one platform.

P2 · Legal

Governance for Legal Workflows

Playbooks, four-eyes principle, audit trail, versioning per workflow.

P3 · Chamber

Governance for Member Services

WKIS-SSO, audience targeting, versioning of advisory content.

P4 · Claims

Governance for High-volume Matters

SLA, Status-Reporting, Eskalation, KPI logs across pipeline runs.

Delivery

Governance for Delivery

Delivery partner accountability, approvals, audit trail per matter.

P5 · IT / Governance

Review the UNOY architecture against your requirements.

Schedule an Architecture Review

Test UNOY with your own data.

30-minute demo. Live with your matter. No pitch. Just a real result.