What this article covers:

  • OAuth
  • Data
  • PCI
  • Encryption
  • Infrastructure and network
  • Security activities
  • Incident response
  • Personnel

At Unito, keeping your data & syncs secure is a top priority. Here are the steps we undertake and policies we enforce to ensure that your connections and data are fully safe.

OAuth

We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, and you can revoke access anytime, easily. We are bound by the permissions/access rights of the OAuth user you designate for your connector; thus we recommend bot users for complete control.

Data

While we sync your task data, we don't store it. The data is encrypted in transit through HTTPS. Here's a breakdown of how we process the different types of data from the tools we synchronize:

  • Task Data: To precisely detect modifications in each tool, we compute checksums of field data and store only those checksums. It is impossible to get the original task data from the checksums, which means your task data itself is never stored by us.
  • User Data: To accurately associate users in each tool (and synchronize assignees for example), we store the names and emails of active users.
  • File Data: We never access your file data (e.g. task file attachments). Attachments are (optionally) synchronized by exchanging links to the files, not by copying actual file data. Read more on how we sync file attachments.
  • Credentials: Your credentials and your OAuth access tokens are fully encrypted (see Encryption below)

Read more in our privacy policy.

PCI

Unito's payments are processed through Stripe, which is certified to PCI Service Provider Level 1. Unito never processes or stores credit card numbers. Please visit stripe.com/security for more information.

Encryption

All communications are encrypted over HTTPS/TLS. In particular, if you run Jira, GitHub or GitLab on your own servers, we require that you enable HTTPS.

Furthermore, sensitive data is encrypted at rest using the proven Advanced Encryption Standard. We leverage industry-leading key management technologies, so we never store encryption keys ourselves.

Infrastructure and network

Unito runs in Amazon's AWS data centers, where our servers are hidden away in a private network, and protected at the network edge by Application Firewall technologies. To learn more about AWS certification and security in general, refer to https://aws.amazon.com/security

We access the APIs of applications from a set of fixed, identifiable IP addresses. This lets you optionally add extra IP-based security on your self-hosted servers of Jira, GitHub or GitLab.

Security activities

Unito's software development process includes systematic design and code reviews as well as security reviews. Unit, functional and integration testing is ingrained into the process. All code is scanned several times a week for known security vulnerabilities.

Penetration testing is performed periodically by an external firm. This includes testing XSS

Incident response

Every network access is logged and monitored. In the unlikely event of a breach of our system, we have put in place a detailed response plan and we will notify any affected party in a timely fashion.

Personnel

Unito performs background checks to all its employees, and trains everyone on security matters. Access to sensitive information is granted only to the appropriate employees.

Still concerned about security? Enterprise plans include a complete risk assessment with our security team. Contact us and we can set this up!

What's next?

Other questions? Consult our FAQ.
Learn what Unito syncs between tools.
Not a Unito user? Try Unito for two weeks free!
Already a user? Sign in here!

Did this answer your question?