Skip to main content
All CollectionsGeneral
How does Uniborn protect personal data?
How does Uniborn protect personal data?
Dmitry avatar
Written by Dmitry
Updated over 9 months ago
  • Uniborn is fully committed to complying with the General Data Protection Regulation (GDPR), ensuring the protection and privacy of personal data for individuals within the European Union. This includes adherence to principles of data minimization, consent, right to access, and the right to be forgotten, among other GDPR requirements:

    • GDPR Art. 5(1) – Principles relating to processing of personal data

    • GDPR Art. 7 – Conditions for consent

    • GDPR Art. 17 – Right to erasure (‘Right to be forgotten’)

  • Uniborn upholds bank-level digital security, encrypting data both at rest and in transit. This encompasses OCSP stapling and HTTP Strict Transport Security.

  • All databases are stored on encrypted-at-rest file systems employing AES-256 encryption with private keys that are also rotated at least annually. All database traffic and queries are exclusively routed through TLS 1.2+ secured connections.

  • Sensitive data fields, such as full name, birthdate, address, phone number, identity IDs, Tax IDs are encrypted with AES-256 using a separate private key.

  • Uniborn does not store user passwords and exclusively supports one-time passwords (OTP) for user authentication and authorization, significantly reducing the likelihood of user data access in the event of compromised access details.

  • Attempts to log in with incorrect usernames or one-time passwords are rate-limited to significantly decrease the chance of brute-force attacks on user accounts.

  • Our database is regularly backed up to multiple sites, all located within Europe.

  • Any alterations to customer data are automatically recorded in a separate audit database.

  • The Uniborn API web services and websites are served solely over TLS 1.2+ to ensure secure web traffic.

  • Our servers and data are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), which boasts a range of compliance certifications for their data centers, including comprehensive SSAE 18 (SOC 1, SOC 2, and SOC 3) compliance.

  • Our server instances are located within a virtual private cloud, utilizing data centers exclusively located in Europe. Access to our production environment is limited to a select group of Uniborn engineers.

  • The files are stored on the AWS or GCP storage service. These files are encrypted with AES-256 and replicated across multiple locations in Europe. We secure access to these private files through cryptographic signatures, with links that are time-limited for added security. Private keys are rotated at least annually, with access to these keys strictly limited to a subset of Uniborn engineers.

  • All Uniborn employees undergo a thorough background check as a condition of their employment.

Did this answer your question?