Trust & Security

Your Data Deserves
Uncompromising Protection

We've built security into every layer of Unipile. SOC 2 Type II certified, GDPR compliant, with all data hosted exclusively in the European Union. Your communications are protected by enterprise-grade encryption.

Certified

SOC 2 Type II

GDPR

EU Hosted

Security Status

All Systems Secure

256-bit

Encryption

TLS1.3

In Transit

24/7

Monitoring

Data Encryption

AES-256 at rest, TLS 1.3 in transit

Active

Real-time Monitoring

Threat detection & alerting

Active

Access Control

SSO & MFA enforcement

Active

Certified

SOC 2 Type II

GDPR

EU Hosted

.et_pb_preload:before{--wpr-bg-183ef71d-4814-43ef-8859-6b4544bc81ae: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/preloader.gif');}.et_subscribe_loader{--wpr-bg-b3ab4b1a-d886-40fc-9de4-8024b3c15f0b: url('https://cache.unipile.com/wp-content/themes/Divi/includes/builder/styles/images/subscribe-loader.gif');}.trp-language-switcher>div{--wpr-bg-ed30719f-dea9-4014-9372-d3d3e04325b6: url('https://cache.unipile.com/wp-content/plugins/translatepress-multilingual/assets/images/arrow-down-3101.svg');}#et-boc .area-outer-wrap[data-da-loader=yes] [data-da-area]{--wpr-bg-91d89892-4cc0-453f-a9fc-3ed01a23dd6e: url('https://cache.unipile.com/wp-content/plugins/popups-for-divi/images/spin.gif');}

Built-In Protection at Every Layer

From data encryption to application security, we implement industry best practices to keep your communications safe.

Data Encryption

All data encrypted at rest (AES-256-GCM) and in transit (TLS). Keys managed securely via Scaleway Key Manager.

Infrastructure Security

Hosted exclusively on Scaleway datacenters in France. Full GDPR compliance with no data transfer outside EU.

Access Control

Least privilege principle enforced. Mandatory MFA for all internal tools and restricted production access.

Application Security

Systematic code reviews, protected branches, secure secrets management, and annual third-party penetration tests.

Compliance & Certifications

Audited by independent third-party firms. Meeting the highest standards of security and data protection.

Certification

Description

SOC 2 Type II Certified

Audited by independent third-party. Covers security, availability, and confidentiality trust service criteria.

GDPR Compliant

Full compliance with EU data protection regulations. Unipile acts as Data Processor. DPA available upon request.

CASA Tier II Certified

Google Cloud Application Security Assessment. Validated security controls for applications accessing Google user data.

Data Privacy Features

Full control over your data. Choose where it's stored and maintain complete visibility on access.

Data Residency

Your Data Stays in France

All data is hosted exclusively in France on Scaleway datacenters. Full GDPR compliance with no data transfer outside the European Union.

France only – Data stored in French datacenters

Scaleway infrastructure – European cloud provider

No transfers outside EU – Full GDPR compliance

Data Location France (Scaleway)

Active

Audit & Logging

Complete Visibility & Control

Keep detailed records of all data processing activities. Full transparency for compliance audits and security monitoring.

Audit trail – Track all user actions in dashboard

Access logs – Monitor who accessed what data

Critical event journaling – Real-time monitoring

Monitoring Real-time Logs

Active

Internal Security Practices

Our team follows strict security protocols and best practices to protect your data from the inside out.

Employee Training

Regular security awareness training for all team members.

Background Checks

Security screening for all employees with data access. Immediate access revocation upon departure or role change.

Incident Response

24/7 monitoring with documented incident response procedures. Continuous supervision of metrics and logs with critical event journaling.

Physical Security

100% remote company with no on-premise servers. Physical security fully managed by Scaleway secure datacenters in France.

Unipile - Request Security Documents CTA

Need Our Security Documentation?

Get access to SOC 2 reports, DPA, security whitepaper, and penetration test summaries.

SOC 2 DPA Pentest

Security FAQ

Common questions about our security practices, compliance certifications, and data protection measures.

01 Where is my data stored?

All data is hosted exclusively in France on Scaleway datacenters, a European cloud provider. There are no on-premise servers and no data transfers outside the European Union, ensuring full GDPR compliance.

02 Is Unipile SOC 2 certified?

Yes, Unipile is SOC 2 Type II certified. This certification is audited by an independent third-party and covers security, availability, and confidentiality trust service criteria. You can request a copy of our SOC 2 report through our security documentation form.

03 How is my data encrypted?

We use enterprise-grade encryption at every level:

Data at rest: AES-256-GCM symmetric encryption via Scaleway Key Manager with built-in integrity verification (GCM tag)
Data in transit: TLS encryption for all communications
Asymmetric encryption: RSA-OAEP with 2048, 3072, or 4096-bit keys when required

04 Is Unipile GDPR compliant?

Yes, Unipile is fully GDPR compliant. We act as a Data Processor, and all customer data is hosted exclusively within the European Union (France). We provide a Data Processing Agreement (DPA) upon request. There are no data transfers outside the EU.

05 How do you handle access control?

We apply the principle of least privilege across all systems:

Multi-factor authentication (MFA) is mandatory for all internal tools
Production access is limited to a small number of authorized employees
Immediate access revocation upon employee departure or role change
All access is logged and auditable

06 Do you perform security testing?

Yes, we maintain a rigorous security testing program:

Penetration tests: Performed annually by independent third-party security firms
Security scans: Regular internal and external vulnerability scans
Continuous monitoring: Active security monitoring and supervision of metrics and logs
Code reviews: Systematic review before any deployment with protected branches

07 What about physical security?

Unipile is a 100% remote company with no physical offices or on-premise servers. All infrastructure is hosted in secure Scaleway datacenters in France, where physical security is fully managed by Scaleway with enterprise-grade controls including 24/7 surveillance, biometric access, and redundant systems.

08 Can I get a copy of your security documentation?

Yes, we provide full transparency on our security practices. The following documents are available upon request:

SOC 2 Type II Report – Full audit report
Data Processing Agreement (DPA) – GDPR compliance document
Security Whitepaper – Overview of our security architecture
Penetration Test Summary – Results from third-party security assessments

Use the form above to request any of these documents.

Still have security questions? Our team is here to help.

Your Data Deserves
Uncompromising Protection