Features
Data and privacy
Find out how we deal with privacy when you visit our website or when you and your users interact with our platform.
Here for the first time?
Find out how we deal with privacy when you visit our website or use our applications as a visitor, and how we deal with cookies in our system.
For our customers
Read our terms and conditions, find the Data Processing Addendum, a security addendum, and other privacy resources.
General compliance
For our code of conduct and compliance controls, check out this section.
Privacy protection overview
As a quick introduction, here are some of the key concepts that we handle when dealing with privacy.
- Cookieless by default.
- By default, our system doesn't use cookies. However, for audience segmentation, personalization, and A/B testing, cookies may be required. In that case, you should connect your consent mechanism to our Consent API.
- Separation of personal data and system data.
- By default, Unless filters all Personally Identifiable Data from user input and AI training data. However, after consent or with legitimate interest, some customers may submit third-party data. We store this data in Europe only, in a protected "privacy vault".
- Privacy vault.
- Our data privacy vault technology isolates, protects, and governs sensitive customer data. Tokenization replaces sensitive data with tokens, providing an extra layer of security. Sensitive data is stored in the vault, while de-identified data is used in other cloud storage and downstream services like the AI models.
Frequently asked questions
-
Unless protects personal data and sensitive information with encryption in transit and at rest, strict access controls, and data minimization. You decide what data is processed by AI agents, and you can limit visibility and usage to specific environments and channels.
-
Unless provides tools and documentation to help you meet GDPR, DORA, and EU AI Act requirements, including logging, governance, and data residency options. The platform is designed so you can demonstrate control over training data, model behavior, and risk mitigation to auditors and regulators.
-
Data governance in Unless includes curated source selection, topic-level separation, and audience-based access rules. You can define which content can be used by which agents and restrict sensitive data from being surfaced or used in certain automations.
-
Unless uses hardened infrastructure, network protections, and secure compute environments to run AI workloads. The platform is designed for high availability and resilience, with monitoring and incident procedures that align with enterprise expectations in regulated sectors.
-
Unless controls how prompts, inputs, and outputs flow to models and ensures that customer data is not used to train public models. Any use of third-party AI services is governed by clear data processing rules and contracts so that privacy and compliance obligations are respected.
-
You can learn more about data protection, security practices, and certifications by consulting the data and privacy resources provided by Unless and speaking with the team. They can walk you through architecture, controls, and reports that support your internal and external audit needs.