Built so the model never sees your credentials, and your data never trains another one.
The interesting security questions about AI martians are architectural — credentials, approvals, isolation, training. We've answered them in the runtime, not just on the policy page.
The certifications procurement teams ask for first.
Audits are real, controls are continuously monitored, the next audit cycle is on the calendar. Documentation lives one email away — security@unify.ai.
Six decisions in the runtime that do most of the work.
AI martians introduce attack surfaces traditional SaaS doesn't. These are the architectural choices that keep that surface small — implemented in code, not in policy.
Credentials live in a vault, not in context
API keys and OAuth tokens are stored encrypted and injected at execution time by a backend tool gateway. The model itself never sees them — not when planning, not when calling tools, not in logs. This isn't a policy, it's how the runtime is built.
Sensitive actions gated by default
Outbound emails, code pushes, ad-spend changes, charges, app deploys — anything with a side effect waits for explicit approval in the channel of your choice before it runs. Admins decide which categories require it. Defaults are conservative.
Per-workspace sandboxes
Each workspace runs in an isolated execution environment with no cross-tenant access at the infrastructure or application layer. Memory, skills, and integrations are scoped to your workspace. What happens in your tenant stays in your tenant.
Your data never trains a model
Conversations, files, business data, and outputs stay in your workspace. We don't train on customer data — contractually, not just as a policy. Anthropic, OpenAI, and Google operate under no-training, zero-retention agreements for Unify traffic.
Untrusted content stays as data
Emails, web pages, attachments — anything inbound — is rendered as data inside the model context, not as instructions. Combined with the approval layer, an injection that hijacks the model still can't move money, push code, or send mail without you.
Encryption everywhere it matters
TLS 1.3 in transit, AES-256 at rest, secrets in a KMS-backed vault with automatic rotation. SSO via OAuth/OIDC on every plan; SAML 2.0 (Okta, Entra ID, Google Workspace) on Enterprise. MFA enforced at the IdP.
Found something? Tell us.
Hearing it from a researcher first is always better than reading it on Twitter. Email security@unify.ai with reproduction details. Meaningful findings get acknowledged, credited if you want it, and rewarded in Unify credits. A formal bug bounty programme is on the near-term roadmap.
Questions from procurement teams.
Does the model see our API keys or tokens?
No. Credentials are encrypted at rest and injected at execution time by a backend tool gateway. The model receives the tool's response, not the secret used to call it. There is no code path where the model sees a credential — including in logs.
Is our data used to train models?
Not by us, and not by our providers. This is in our DPA, not just on a policy page. Anthropic, OpenAI, and Google operate under no-training, zero-retention agreements for Unify traffic.
Can a martian take a sensitive action without approval?
Not by default. Outbound mail, code pushes, ad-spend changes, charges, and deploys wait for an approval prompt before they execute. Admins pick which categories require it. Defaults are conservative — you can always relax them per workspace.
How is our workspace isolated from other companies?
Each workspace runs in its own sandboxed execution environment with no cross-tenant data access at the infrastructure or application layer. The boundary is technical, enforced in code, not just contractual.
Can your staff access our data?
Only with your explicit permission, only when needed for support or incident resolution, and only for the minimum time required. All staff access is logged, time-limited, and auditable.
Where is data hosted, and can we choose a region?
The hosted product runs in the European Union by default. UK-only data residency is available as a per-customer deployment configuration on Enterprise contracts. Other regions on request.
Do you support SSO and MFA?
OAuth/OIDC with Google and Microsoft Azure AD on every plan. SAML 2.0 (Okta, Entra ID, Google Workspace, OneLogin, any SAML 2.0 IdP) on Enterprise. MFA is enforced at the identity provider. Internal Unify staff access is gated on Google Workspace SSO with mandatory 2-step verification.
Which AI models does Unify use?
Anthropic Claude, OpenAI, and Google Gemini. Routed per task by cost, latency, and quality. All three are on our public sub-processor list and operate under no-training, zero-retention agreements for Unify traffic. Data-handling terms are identical across providers.
What about prompt-injection attacks?
Untrusted inbound content (emails, web pages, attachments) is isolated from instructions in the model's context. Combined with the approval gate on side-effect tools, a successful injection still cannot move money, push code, or send mail without a human in the loop.
What happens if there's a breach?
We have a documented incident response plan. The relevant supervisory authority is notified within 72 hours of awareness (UK GDPR Article 33), and affected customers receive an incident report and remediation plan under the DPA without undue delay.
Can we delete our data?
Yes. Workspace admins can delete conversations, memory, and files self-serve. Full account deletion is a single email to support@unify.ai, completed within 7 business days.
Can we get a copy of your SOC 2 report?
Once Type II is issued, the report is available to customers and prospective customers under NDA. In the meantime, our security pack and completed security questionnaires (CAIQ, SIG, HECVAT) are available on request.
Who are your sub-processors?
Our public sub-processor list is available at /sub-processors. All sub-processors are contractually bound to the same data-protection standards.
More detail for procurement?
We'll walk through the architecture, share the security pack, and complete questionnaires — CAIQ, SIG, HECVAT, bespoke. Schedule a security review or email security@unify.ai.