Your Data Security is Our Priority
We implement industry-leading security practices to protect your data and ensure the integrity of our Next-Step Engine.
At Unfold It, we understand that you trust us with your tasks, projects, and ideas. We take this responsibility seriously and have built our service with security at its core. This page outlines our comprehensive security measures and practices.
Data Encryption
Encryption in Transit
All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3 protocol. This ensures that your information cannot be intercepted or read by unauthorized parties during transmission.
Encryption at Rest
Your data is encrypted when stored on our servers using AES-256 encryption, the same standard used by banks and government agencies. This protects your information even if physical storage media were compromised.
Database Encryption
All database connections are encrypted, and sensitive fields are additionally encrypted at the application level, providing multiple layers of protection for your most critical data.
Secure Key Management
Encryption keys are managed using industry best practices, rotated regularly, and stored separately from the data they protect using hardware security modules (HSMs).
Authentication & Access Control
Strong Password Requirements
We enforce strong password policies including minimum length, complexity requirements, and protection against commonly compromised passwords.
Password Hashing
Passwords are never stored in plain text. We use bcrypt with salt for password hashing, making it computationally infeasible to reverse-engineer passwords even if our database were compromised.
Multi-Factor Authentication (MFA)
Optional multi-factor authentication adds an extra layer of security to your account. We support authenticator apps and other MFA methods to verify your identity.
Session Management
Sessions are securely managed with automatic expiration, secure cookies, and protection against session hijacking and fixation attacks.
Role-Based Access Control
Our systems implement principle of least privilege, ensuring users and services only have access to the resources necessary for their function.
Account Activity Monitoring
We monitor account activity for suspicious behavior and notify you of important account events such as login from new devices or locations.
Infrastructure Security
Cloud Infrastructure
We host our services on enterprise-grade cloud infrastructure with built-in security features, DDoS protection, and 24/7 monitoring.
Network Security
Our network architecture includes firewalls, intrusion detection systems, and network segmentation to isolate sensitive components and prevent unauthorized access.
Regular Security Updates
We maintain up-to-date systems with automatic security patches and regular updates to protect against known vulnerabilities.
Redundancy & Availability
Our infrastructure is designed for high availability with redundant systems, automatic failover, and regular backups to ensure your data is always accessible.
Application Security
Secure Development
Our development team follows secure coding practices and OWASP guidelines. All code undergoes security-focused code reviews before deployment.
Input Validation
All user inputs are validated and sanitized to prevent injection attacks, XSS, and other common vulnerabilities.
API Security
Our APIs use authentication, rate limiting, and request validation to prevent abuse and unauthorized access.
Dependency Management
We regularly scan and update third-party dependencies to address known vulnerabilities and maintain a secure software supply chain.
AI Security & Privacy
Data Isolation
Your task data is processed in isolated environments, and we ensure that your information is never mixed with or exposed to other users' data.
AI Model Security
We implement safeguards to prevent prompt injection, data leakage, and other AI-specific security concerns.
No Cross-Training
Your specific task content is not used to train AI models for other users without your explicit consent. We respect the confidentiality of your data.
Secure AI Processing
All AI processing occurs in secure, encrypted environments with strict access controls and comprehensive logging.
Data Backup & Recovery
Automated Backups
We perform automated, encrypted backups of all data on a regular schedule to ensure your information can be recovered in case of system failure.
Geographic Redundancy
Backups are stored in multiple geographic locations to protect against regional disasters and ensure data availability.
Disaster Recovery
We maintain comprehensive disaster recovery procedures and regularly test our ability to restore services and data.
Data Retention
We retain backups according to our data retention policy while ensuring secure deletion of data beyond the retention period.
Employee Access & Training
Background Checks
All employees undergo background checks and sign confidentiality agreements before being granted access to systems.
Limited Access
Employee access to user data is strictly limited to what's necessary for their role and is logged and monitored.
Security Training
Our team receives regular security awareness training on topics including phishing, social engineering, and data handling best practices.
Access Revocation
Access is immediately revoked when employees leave the company or change roles, ensuring no unauthorized access persists.
Monitoring & Incident Response
24/7 Monitoring
Our systems are monitored around the clock for security events, performance issues, and anomalous behavior.
Automated Alerts
We use automated alerting systems to immediately notify our security team of potential security incidents or unusual activity.
Comprehensive Logging
All system activities, access attempts, and security events are logged and retained for analysis and compliance purposes.
Incident Response Plan
We maintain a detailed incident response plan that ensures quick identification, containment, and resolution of security incidents.
Breach Notification
In the unlikely event of a data breach affecting your information, we will notify you promptly in accordance with applicable laws.
Post-Incident Analysis
After any security incident, we conduct thorough post-mortem analysis to understand root causes and implement preventive measures.
Compliance & Certifications
GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) and respect the privacy rights of European users.
CCPA Compliance
We meet the requirements of the California Consumer Privacy Act (CCPA) and similar U.S. state privacy laws.
SOC 2 Readiness
Our security practices are designed to meet SOC 2 Type II standards for security, availability, and confidentiality.
Regular Audits
We conduct regular security audits and assessments to ensure our practices meet industry standards and regulatory requirements.
Vulnerability Management
Security Testing
We conduct regular penetration testing and vulnerability assessments by qualified security professionals.
Bug Bounty Program
We welcome responsible disclosure from security researchers and maintain a bug bounty program to identify and fix vulnerabilities.
Patch Management
Critical security vulnerabilities are prioritized and patched quickly, typically within 24-48 hours of discovery.
Continuous Improvement
We continuously review and improve our security posture based on new threats, best practices, and lessons learned.
Report a Security Issue
If you discover a security vulnerability or have security concerns, please report them responsibly. We appreciate your help in keeping Unfold It secure.
Please include detailed information about the vulnerability, steps to reproduce, and potential impact. We will acknowledge your report within 24 hours and keep you informed throughout the resolution process.
Your Role in Security
Security is a shared responsibility. Here's how you can help protect your account:
Use a Strong Password
Create a unique, complex password and consider using a password manager.
Enable MFA
Add an extra layer of security with multi-factor authentication.
Be Cautious of Phishing
We'll never ask for your password via email. Be wary of suspicious links.
Keep Software Updated
Ensure your browser, operating system, and security software are up to date.
Review Account Activity
Regularly check your account activity for any unauthorized access.
Secure Your Devices
Use device passwords and avoid accessing your account on public computers.
Last Updated: December 26, 2024
We regularly update our security practices to address emerging threats and incorporate new technologies. This page reflects our current security measures and may be updated as our practices evolve.
For questions about our security practices, contact us at security@unfoldit.ai