Unique’s security organization, led by our Chief Information Security Officer (CISO), is responsible for the implementation and management of our Information Security Management System (ISMS). The goal of the security organization is to ensure that our customers’ data is adequately protected, and risks are minimised.

Unique’s Operational Security Manager supports the CISO by heading operational security efforts across development teams, providers, and service partners. They focus on security architecture, product security, DevSecOps (integrating security into development and operations lifecycle), incidence detection and response as well as compliance.

Unique’s security organization regularly reviews risks, redefines security goals and continuously improves the ISMS adopting it to changing conditions.

The goal of Unique’s product security efforts is to prevent unauthorized access to customer data. Unique chose Microsoft Azure™ as a platform and partnered with them through co-sell agreements. All data stored by Unique service is hosted on Microsoft Azure™ cloud in Switzerland.

Unique’s product organization is working with a secure software development lifecycle (SSDLC) that integrates security efforts into all product development activities.

By implementing this SSDLC the product organization strives to identify and minimize all risk as early as possible and to catch all vulnerabilities before the product reaches production systems.

Data in transit: All data transmitted between the Unique service and Unique clients is encrypted using at least TLS 1.2 protocol.

Data at rest: All media data stored by the Unique service, in particular the recorded video and audio data, is encrypted at rest using FIPS 140-2 compliant AES256 encryption standard leveraging Microsoft Azure™ storage encryption for data at rest.

All customer data stored by Unique service in our database is encrypted at rest. Unique uses logical data separation to separate data originating from different customers.

Unique’s databases run automatic backups to ensure rapid restauration of data when needed.

Unique uses physical data separation between production and testing environments.

Public network access to Unique’s production and testing environments is restricted making only the necessary services accessible from the internet.

Unique logs and monitors all system calls and has alerting implemented for security relevant events.

Unique minimizes the risk of data exposure by adhering to the least-privilege principle using role-based access control (RBAC) for employees that need access to privileged systems or services. All access automatically expires and needs to be renewed at given intervals.

Unique enforces two factor authentication (2FA) for access to privileged systems or services and for data center operations.

Unique requires employees to use a password manager approved and provided by Unique. Employees must generate complex and unique passwords for every service and use two factor authentication integrated in the password manager wherever possible.

Unique monitors all services and has alerting implemented for security relevant events.

Unique hard deletes customer data immediately upon deletion by the user.

Unique hard deletes all customer data after termination of contract. This includes all data stored in Unique’s database and all media data stored on Unique’s media storage.

Unique’s backups of customer data are destroyed within 30 days after contract ends.

Unique’s production logs have a retention period of 90 days and any logs relating to a customer will be gone latest 90 days after contract ends.

Unique’s database and media files are distributed in our providers infrastructure across separate physical locations to protect the services from location specific failures.

Unique uses service providers to efficiently offer our service to our customers. Unique has established agreements with our service providers to adhere to the confidentiality commitments we have given to our customers. Unique regularly reviews the service providers’ controls.

Unique is continuously improving the effectiveness or our security controls. Unique has an internal audit process as well as ISO 27001 and ISO 9001 certifications, which can be downloaded from the website or requested directly.

Unique regularly schedules pen-tests against our product and infrastructure. Findings are added to Unique’s risk register, triaged, and remediated according to their severity. Customers are encouraged to perform their own security control assessments or pen-tests on Unique’s environment but must contact Unique before doing so.