Frequently Asked Questions (FAQ)
Prompts
Can one configure custom prompts? | Yes, all prompts can be completely customized. |
|---|---|
Is there a platform available for conducting automatic tests on prompts, including comparing results, etc.? | Yes, we have a benchmarking that automatically tests hundreds of prompts against the data and models that are in the system. |
Is it possible to implement version control for prompts, such as maintaining a development version, publishing a beta version, and continuing to use a previous version? | Yes, it is possible to apply version control to all prompts within the system, allowing for the independent experimentation of new prompts without affecting those that are already operational. This facilitates the development of new prompts and Assistants. |
Can prompts be shared by user-groups? | Yes, prompts can be defined by user-groups. |
Can one get feedback for the prompts? | Yes, there is a feedback mechanism for each answer so the users can give feedback on the quality of the prompts. |
Can one call configured prompts from an API? | Yes, this is possible. |
Is it possible to configure unique disclaimers for each prompt? | Yes, disclaimers for each prompt can be configured by the system's Admin, who has the ability to set disclaimers per user-group. |
How are updates carried out? | Currently, updates are done via API, but a User Interface is expected to be launched in April. |
Is chat history, encompassing questions and answers, stored somewhere, or are only the details of the current chat session retained? If stored, where is this information kept? | The chat history is stored in two places:
Prompts will not be stored on Microsoft Azure as we opted out of abuse monitoring, preventing Microsoft from saving the prompts. |
How does Unique AI prevents CID information in user prompts? | In principle, Unique's users are strongly warned not to paste any CID or personal data when using Unique AI; In addition, technically:
|
Large Language Models (LLMs)
What are the LLMs that can be used? | Any provisioned models can be connected to the system via config. So far, the following OpenAI Models have been tested:
Other LLM’s:
|
Is the availability of Azure OpenAI models restricted to certain regions? | Yes, the availability of Azure OpenAI models is dependent on the deployment region. The specific models available in each region can be checked on the Azure website: https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models This page is regularly updated, allowing users to see when new models become available in different regions. |
Will Azure retire OpenAI models over time? | Yes, Microsoft does retire OpenAI models over time. Information about model retirements is provided on the Azure page under “Model Retirements.” https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/model-retirements This section includes a table listing the current models, their versions, and the retirement dates. Clients will be informed in advance about any model retirements, as well as new models becoming available in their region. |
What is the difference between model retirement and deprecation communicated by Azure for their provided OpenAI models? | The difference between retirement and deprecation of a model is important to understand:
|
Can models be customized/bring our own models? | Yes, we even have customers that are doing this. |
Is there a platform available for conducting automated tests and comparing results for custom models? | Yes, through benchmarking, it is possible to perform comparisons. There is a documentation for this process: https://unique-ch.atlassian.net/wiki/x/AQDJIw |
How can one train, test, and deploy a model for use with Unique’s solution? | So far, we have not directly trained a model ourselves; instead, our customers have undertaken this task. However, our Data-Science team has provided support and guidance to them throughout the process. |
Does one need to use Azure AI Studio? | There's no need to restrict yourself to Azure AI Studio exclusively. As long as the model can be provisioned, we are capable of integrating it. |
Is it possible to implement version control for models, such as maintaining a development version, publishing a beta version, and continuing to use a previous version? | Yes, within the system, each prompt allows for the selection of the model and its version at will. We practice this on a regular basis, especially with the release of new minor or preview versions from Azure OpenAI. |
Can models be shared by user-groups? | Yes, it can be scoped by user-groups. |
Can models be restricted by | Yes, it can be restricted by user-groups. |
Can token consumption be followed by model or by user-groups? | This feature is currently under development and not available yet. However, an Analytics Framework with downloadable CSV-Reports is already in place and covers these points:
Read more about this here: Analytics A report incl. consumption by assistant/model is planned for Q2 2024. |
Are there several types of prices depending on the models used? | Our pricing model remains fixed, however, the costs of the underlying models set by Microsoft are subject to change and are transparently communicated back to you. Prices may fluctuate. We offer guidance on which prompts require specific models. |
How is visibility kept on the costs related to the API usage? | We report the costs generated on the Subscription on a monthly basis. In the early days of the project, we can negotiate a faster rhythm. |
Is it possible to set token limits for each model or user group, including actions like sending alerts or shutting down the API? | This feature is not available yet and is currently under development, planned for Q3 2024. |
Is your solution offered on the MS Marketplace? | Unique is currently not offered in the MS Marketplace. |
What tests have been done to select the appropriate LLM models? | We conducted benchmarks using our documents, and our clients performed similar tests. This process helps us select the most suitable models for each prompt or use case. While we have evaluated other models, we found that they do not yet match the performance of GPT-4, especially in situations requiring RAG. |
Services
How do guardrails work? | The language model operates within a set structure, using only the data provided by the organization to ensure its responses comply with specific standards and do not include external information not given by the company. Furthermore, by including citations in each reply, the origin of the information used in the responses can be traced. |
What tooling is used for pseudonymisation? | A local model is employed, executed directly within the cluster and independent of OpenAI, to recognize names and entities. These identified elements are subsequently substituted with anonymized tokens, which are later restored to their original form. |
How is Document ingestion maintained? | We maintain multiple default ingestion pipelines for the different types of files. See the documentation here: Ingestion Customers can build their own in the context of our Co-Development Agreement if needed. We are improving continuously to get the best possible results for the RAG. |
How long is the retention period for uploaded files? | Clients can configure their retention period for uploaded files how they want. Most of our clients have set it between 2-7 days. |
Are the sources always shared with the users? | Yes, Unique adds references to each answer to indicate to the user where the information is coming from. This happens through the RAG process. |
Can automated workflows be executed? | Yes, we already have customers that use our API to execute workflows autonomously without the intervention of a user. |
How is a continuous feedback loop orchestrated? | As an admin, you can export the user feedback as CSV on demand. There will be monthly meetings with the project lead to analyze the feedback and derive improvement options. |
Can your system integrate with various Identity Providers (IDPs), and does it support seamless user provisioning and login with credentials from external systems? | The IDP can be integrated into our system. Your logins can be used, and users are automatically provisioned. We support the following list: https://zitadel.com/docs/guides/integrate/identity-providers |
What gets anonymized and how does it work? | The anonymization service processes the prompt intended for the OpenAI Endpoint by performing Named-Entity Recognition. It replaces identified entities with placeholders before sending them to the model. Once the model responds, the anonymized placeholders are replaced with the original identifying data. The user will not receive the anonymized entities in the response. Additionally, the data is stored in subscription databases, which are exclusively accessible by the client. |
What happens with client names in the recordings, are they anonymized? | Clients show up as “Participant X” in the recording transcripts until you explicitly assign a name to them. After that, they are recognized by name on other recordings in the same deal. |
How flexible can new services be developed and tested? | This can be done independently developed, and tested. Each developer can run an independent version of Unique AI on their local machine to develop without interfering with others. |
How would customized workflows be prepared and released? | If you develop your own assistants that are not coming as part of the default, these assistants need to be deployed. The deployment can be orchestrated by you or us. Below you find a drawing explaining the process. |
Can we view defined users or applications in the tenant? | Yes, this is possible. |
Is there monitoring and alerting for the network? | Yes. |
Is encryption and integrity protection in place for all external (public) network traffic that potentially carries sensitive information? | Yes. |
Do you use an automated source code analysis tool to detect security defects in code prior to production? | Yes, GH Advanced security and trivy. |
What service hosting models and deployment models are provided as part of Unique services? |
More information here: Deployment models |
Is a website supported, hosted, or maintained that has access to customer systems and data? | Yes. |
Architecture, RAG, Vectors, and more
What technologies are used in the RAG pattern? | For Vectorisation, the embedding model ADA from Azure OpenAI’s is used. To learn more about our Architecture, see here: Architecture We use Qdrant to save the vector and the metadata (self-hosted). For saving text, we use Postgres (Azure service). |
Why is vector DB Qdrant being used? | Qdrant performs very well on metadata filtering and similarity search compared to others. This is also needed for ACL |
Do you duplicate data and store a local copy of indexed documents? | Yes, we store the data locally. |
What are the existing connectors? |
|
Can a local (on-premise) vector database be used? | If Unique is deployed on-prem, yes. But in phase 1, it’s a workload we deploy on Azure fully encrypted. |
Do connectors support images, video, and sound indexation? | Currently not, though we are exploring options with GPT-4o Vision. |
Can hook be added in the dataflow to check data before indexing? | Planned for Q3 2024 in product roadmap |
Can hook be added to enrich metadata during indexing? | Planned for Q3 2024 in product roadmap |
How is the lifecycle of indexed documents managed? | The same documents are replaced with the new version. Content owners are responsible for deduplication. |
What are the supported languages? | Unique supports the languages that are listed and offered on Azure: |
Can multiple context sources, like vector databases + custom databases be used? | Yes, this is possible. |
Is there an initial limit on the documents provided? | No, but it’s useful to only index what is truly needed, this makes the quality control easier. Documents are taken in and transformed by our ingestion workers into markdown. Markdown is then broken apart into chunks preserving titles with paragraph connections. And tables with headings so that the ideal context is given to the models at retrieval time. |
Are the sources of information selected automatically? | Yes, this is fully automatic. |
What limitations on documents are there? | Images on documents are not yet included in the ingestion process. |
Can defined users or applications be viewed in the tenant? | Yes, this is possible. |
How can the chatbot in web applications be integrated? | This can be achieved by utilizing Unique's APIs or by employing Iframe-like functionalities for front-end display. |
Can the solution be integrated with Microsoft Dynamic CRM on-premise? | Yes, this is possible. |
Can Semantic Kernel with indexation, prompt, and models be used? | Yes, this is possible. |
Can LangChain be used to interact with indexation, prompts, and models? | Yes, any Python can be used with our APIs/SDK. See details about the APIs/SDK here: Software Development Kit (SDK) |
How long does a typical RAG request take? | Time to streaming the answer is around 3-5 seconds depending on the use case. |
Cloud Computing & Development
What features does the Cloud service offer? | Measured service: to control and optimize resource use by leveraging a metering capability. |
Upon the contract termination, what happens to the data? | Data is securely erased/destroyed and returned to the client in a defined time frame when requested. |
Are technical measures applied for defense-in-depth techniques (e.g., deep packet analysis, traffic throttling, and black-holing)? | No, we do not have technical measures that provide defense-in-depth for detection and timely response to network-based attacks. |
What is the strategy implemented to ensure the availability of the services providing enough processing power, storage space, and network bandwidth? | Systems are autoscaling on Azure cloud, monitoring and alerting in case of unavailabilities. |
Is the data encrypted both while in transit from/to the tenant and at rest in the cloud infrastructure? | Yes, for the Unique hosted single tenant at rest Azure generated keys are stored in its own Key Vault. These are HSM-backed (FIPS 140-2 Level 2) 4096-bit RSA keys. The disks are encrypted with FIPS 140-2 compliant AES256 encryption standard. |
What are the policies and procedures for access? | We have established policies and procedures for permissible storage and access to authorized identities based on rules of least privilege and business necessity. |
Are applications and APIs reviewed for security vulnerabilities? | Yes, this is done to address any issues prior to deployment to production. |
Is virtualization used in services provided? | Yes, and KPI/SLAs are tracked for reporting. However, we do not have a hypervisor vulnerability management in place. |
Is capacity planning conducted to prevent any redirection of contracted capacity to other tenants? | Yes, capacity planning is conducted on an ad-hoc basis when the utilization reaches a threshold limit to prevent any redirection of contracted capacity to other tenants without approval. |
For forensic analysis over any security breach of data in the cloud infrastructure, can the following be made available (logs, traces, hard disk images, etc.) | Yes, logs, traces, hard disk images, etc. will be made available for forensic analysis over any security breach of data. |
Does Unique have a formal change management process, covering all service changes? | Yes, our SDLC adheres to our formal change management process. |
Is the client or its hired third party allowed to conduct penetration testing of the cloud infrastructure hosting the data? | Yes, penetration testing is allowed. |
What tests are conducted before releasing applications to production? | We conduct tests such as penetration tests, manual code reviews, SAST scans, DAST scans, and IAST scans before releasing. |
Does Unique have a continuous assurance process during the release? | Yes during the release, operations to verify application and infrastructure-level vulnerabilities are patched in a regular manner. |
Is there a documented software development lifecycle (SDLC) process and what does it include? | Yes, our (SDLC) program includes performing threat modeling and designing, implementing, and testing application-level controls. It follows industry-recognized security standards and good practices. |
Why are JWTs stored in the browser's local storage when it is recommended to store them in cookies? | Not storing the JWT in a cookie prevents a whole class of vulnerabilities with CSRF. On the other hand, it is easier for an attacker to misuse the token in case of a successful XSS attack. To compensate for this issue we created a restrictive CSP to make it impossible for a successful XSS attack to exfiltrate the token to an external domain not already registered in our CSP. |
Do you regularly perform static and dynamic code analysis? If so, could you please provide some details on how and how often you do it? | Yes, we do for Github advanced security CodeQL, trivy, and Bug bounty programs for penetration tests. |
Does the software contain third-party-developed components? | Yes, and we have implemented controls to test and verify these components. |
Are development and production environments segregated, at least on a logical level? | Yes, we have segregated development and production environments. |
Are audit logs maintained and reviewed for all program library updates? | Yes, we review and maintain audit logs for all program library updates. In addition, we have security controls in place to secure the audit logs. |
Are developers trained in "Secure Code Developing Techniques"? | Yes, we train our developers during the onboarding. |
Is a session management methodology used with the application? | Yes. |
Is open-source or third-party software tracked specifically for security information? | Yes. |
Data Protection
How do you process the data? | All data is encrypted in transit and at rest. We minimize the data we store to only include what is needed. For more details please refer to: Your recording data at Unique | Unique AI Help Center |
Is personal information accessed, disclosed, processed, transmitted, or retained by third parties across national borders? | For financial institutions: processing only on OpenAI API in Switzerland. Possible also in Amsterdam (NL) or Paris (FR). For others: Speech-to-text (Optional, Frankfurt, DE), tracking (Optional, EU), OpenAI API (Amsterdam, NL). |
Are there documented policies and procedures for cross-border data flows or transfers of client data within the EU and Switzerland? | Yes, Standard Contractual Clauses (SSC) and DPA (Finma-rs-2008-21-20200101.pdf) for tracking providers. |
Is the voice sample of Unique biometric data? | No, because Unique voice samples cannot allow or confirm the unique identification of a natural person. |
How is my data segregated from other customers' data? | If you choose the platform as a service deployment option your data is logically separated from other customers. If you have stronger requirements regarding tenant separation the single tenant deployment option completely physically separates your data in your own Azure landing zone from other customers. |
Do you logically and physically segregate production and non-production environments? | Yes. |
Do you have procedures in place to ensure production data shall not be replicated or used in non-production environments? | Yes. |
For your SaaS or PaaS offering, do you provide tenants with separate environments for production and test processes? | Usually not, but can be added if needed. |
Is physical and logical user access to audit logs restricted to authorized personnel? | Yes. |
Will my data be used to train any models or fine-tune models? | No. No client data will be used without explicit consent in written form from the client. |
Does the Azure OpenAI Model learn from my data? | No, Azure OpenAI models never learn from data and Unique has an opt-out available from output checking with Microsoft. |
Will my data be sent to “unsafe, third countries”? | No. All data remains in Switzerland for data hosting and processing. If you chose the single tenant or customer tenant deployment option then no client data will leave your dedicated single tenant. |
Do you have a data processing agreement in place? | Yes, we do have a DPA: https://www.unique.ch/data-processing-addendum. |
Do you have Terms of Use? | Yes, we do have Terms of Use for end users. |
Does Microsoft Switzerland share data with Microsoft US (based on the so-called CLOUD Act)? | No, data is never shared between Microsoft CH and Microsoft US. |
Does the US government have access to the data on Azure CH (based on the CLOUD Act)? | Not directly. The US government can request access to any data outside the US, regardless of where it is stored, based on the CLOUD Act if a judge approves the request. |
Did you perform a Transfer Impact Assessment (TIA) for Microsoft Inc. as they are headquartered in the US and there is a risk of lawful access from the US? | Yes, we performed a TIA and the probability of lawful access is close to zero. Details can be shared upon request. |
When using Microsoft Azure OpenAI services, is any data shared/stored with OpenAI? | Unique closely partners with Microsoft to offer GenAI solutions in a secured and controlled environment: when working with Unique and using Microsoft Azure OpenAI Services, users are using an enterprise and private instance of OpenAI’s ChatGPT packaged and hosted by Microsoft Switzerland (prompts and answered are not shared with OpenAI nor Microsoft; to be precise: Microsoft processes the data but never stores the data). |
Are prompts attributable to specific users or organizations (when no identifying information is included in the prompt)? If not, can you provide evidence of the controls? | Prompts are associated with a specific user (audit logs) via login credentials. If you choose the single tenant or customer tenant deployment option this data will only be stored in the client-specific tenant. |
Do you have controls in place to ensure the foundational model was not trained with prohibited or biased content? | We rely on Microsoft public statements that they will cover costs for IP infringements in case needed (Customer Copyright Commitment Required Mitigations | Microsoft Learn). |
Is the model data de-identified, aggregated, and anonymized? | No. We will integrate your DLP to run on audit logs after user interaction. |
Have you performed any independent audits or validation of AI model outputs? | We perform regular internal tests and compare different models. This has not been part of an external validation report so far. |
Are you a data controller or data processor? | We are acting as a data processor of your data only. |
Is data protection for Azure OpenAI preview services less than for GA (General Availability Services)? |
|
Is there a documented process to reasonably authenticate or verify an individual's request prior to fulfilling their request for access to their personal information? | Yes. |
Are agreements with third parties who have access to or potential access in place? | Yes, we have a DPA that outlines confidentiality, audit, security, and privacy, including but not limited to incident response, ongoing monitoring limitations on data use, limitations on data sharing, return of data, and secure disposal of privacy data. |
Is there a policy or procedure for information handling (storing, processing, and communicating) consistent with its classification that has been approved by management, communicated to appropriate constituents, and assigned an owner to maintain and periodically review? | Yes. |
Do you support the secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data? | Yes. |
Is Scoped Data sent or received via physical media? | No. |
Is Scoped Data sent or received electronically? | Yes. |
Is all Scoped Data sent or received electronically encrypted in transit within the network? | All external channels are TLS 1.2+ encrypted. |
Will data be accessed, modified, or stored on mobile devices? | No. |
Data Storage
Where is client data hosted? | We work together with Microsoft Switzerland and our data is stored in the Azure Cloud in Switzerland. |
Are there any other locations outside Switzerland where data is stored? | Not for Swiss Financial Institutions. European Financial Institutions can choose the Netherlands, France, or the UK as their data storage and processing location. |
For recording, are there any other locations outside Switzerland where data is stored? | Only if recorded through the app or uploaded manually on the Unique Portal the recording is temporarily (1 hour) stored in Frankfurt, Germany for transcription. Otherwise, no. |
Is regulated or confidential customer data stored in a database? | Yes, we store voice profiles to identify meeting participants. The company can opt out such that the voice print is only used for diarization and not saved. |
Are voice profiles kept and used for subsequent calls? What are all other purposes where these voice profiles/prints are used? | Yes, if the company did not opt-out. Voice prints are used:
|
Where is personal data stored for audio and video recordings? | They are stored as media files in the Microsoft Azure Blob Storage. |
Where is personal data stored for transcripts and reports? | They are stored at Microsoft Azure AKS, Postgres. |
What databases store personal data? | As we use both Postgres and MongoDB, both databases store personal data. |
Where are the videos saved that you record? | On Microsoft Azure cloud hosted in Switzerland protected by enterprise security standards of Microsoft. |
Are there backups that are stored on removable media (e.g., disks, tapes, etc.)? | We do not store backups on removable media. |
How can companies safely deploy the Unique Moments App on employees' mobile phones without compromising data protection and security? | The Unique Moments App is one of the few apps that support Mobile Device Management (MDM/MAM) via Microsoft Intune. It is listed on the website for Microsoft Intune-protected apps. This means that clients can benefit from Advanced Device Management which simplifies the management of mobile devices securely and efficiently as well as improved App Management and stronger Data Protection with powerful encryption and enforced compliance checks. |
Data Retention
How long is client data stored? | Data is stored for the duration of the contract or until you delete it. Data backups are stored for an additional 30 days after removal of the data. Logs are stored for a year for compliance and security purposes. |
How long will our inputs/prompts be retained if submitted via the user interface? | Prompts are not stored. All relevant data, including prompts and output, is processed in memory in the model and never stored. Neither Unique nor Microsoft use prompts or any customer data to train the AI model. |
How long will our inputs/prompts be retained if submitted via the API? | Prompts are not stored. All relevant data, including prompts and output, is processed in memory in the model and never stored. Neither Unique nor Microsoft use prompts or any customer data to train the AI model. |
Are there different data retention policies for the user interface versus the API? | No. |
If the personal data of individuals is retained by your organization, are there processes (e.g., mail, phone, electronic) and procedures to enable individuals to view, access, correct, amend, or delete inaccurate information? | Yes, through self-service. All data can be corrected through the app by all internal participants of a call. |
Data Privacy
Has a Data Protection Impact Assessment (DPIA) been undertaken for the processing activities. | Yes. |
Have you engaged a third party to assess your organization's privacy compliance? | Yes, ISO 27001 and also SOC 2 Type 2. |
Are the services provided by you outsourced or delegated to any third party and if yes, which parts and to whom? | Yes, Microsoft cloud services. |
Do you notify your tenants when you make material changes to your privacy policy? | Yes. |
What data gets collected for a recording call? | In general, we fetch meeting events from your calendar. We only fetch deal-related data and only data of Unique users and never from the whole organization. |
Is personal data collected from the data subject or from any other sources? | No. |
How is Customer Identifiable Data (CID) handled at Unique? |
|
How do we make sure people do not upload documents they are not allowed to upload? | Uploading documents can be restricted by roles. Furthermore, we encourage you to build your own DLP to prevent ingestion of sensitive data. DLP integration can also be done with us. Refer to: https://unique-ch.atlassian.net/wiki/x/CIDmHQ. |
Which sub-processors do you work with? | All mandatory and optional subprocessors are listed in our DPA which can be found here: https://www.unique.ch/trust. |
Does Unique monitor its (sub)processors to ensure that they are in compliance with applicable privacy legislation? How often do you monitor them? | Yes, we monitor them yearly. |
Do subcontractors such as backup vendors, hosting providers, etc. have access to customer systems and data or processing facilities? | Subcontractors may have access to the cloud provider (Microsoft Azure). |
Has Unique appointed a Data Protection Officer? | Yes (voluntary appointment). |
Is there a privacy awareness training program? If yes, how often are the trainings conducted for the employees? | Yes, during onboarding and yearly. |
Is there a process in place that enables individuals to exercise their data subject rights (e.g., access, update, or correct their personal data)? | Yes. |
If you transfer personal data to a third country, are appropriate safeguards (e.g. Standard Contract Clauses, Binding Corporate Rules) in place? | No, data remains in Switzerland unless agreed otherwise. However, some OpenAI services can come from Europe if agreed. |
Is there a breach notification process in place? | Yes. |
Does Unique process client personal data as a: controller, joint-controller, or processor? | As a processor. |
Are Cookies used for performance, tracking, analytics, and personalization purposes and can contain non-identifiable/aggregated extracts of such information? | No. Unique does not use any tracking on enterprise tenants, this is only the case on our public SaaS offering. |
What security-relevant events are logged on your servers, workstations, firewalls, and switches? | Authentication events, access logs, error logs, risky sign-ins in Entra, audit logs. |
Is there a designated individual responsible for: | Yes, the CDO is responsible for all of those. |
Is there a documented privacy policy or procedures for the protection of personal information collected, transmitted, processed, or maintained on behalf of the clients? | Yes, more information can be found here: https://www.unique.ch/privacy |
Security & Risk
How do you adhere to the data security measures implemented on the data source when querying data in the vector database? | We have dedicated access controls applied to adhere to this. |
Is the client notified when unauthorized access to scoped systems and data is confirmed? | Yes, within 72h as required by GDPR (or other timelines if agreed with the client in the respective contract). |
Is there a process maintained to identify and record any detected or reported unauthorized disclosure of personal information? | Yes, we have a dedicated data breach notification process. |
Do you notify your tenants when you make material changes to your information security policies? | Yes. |
Do you review your applications for security vulnerabilities and address any issues prior to deployment to production? | Yes, we conduct automated pentests and Bug bounty programs. |
Do you retain security event logs for at least 12 months, and do you monitor them regularly? | Yes, we regularly review these logs and retain them in case we need to investigate a security incident. |
Is there a process in place to identify and report privacy incidents including notification to external authorities as required by applicable privacy or cyber security law? | Yes, this is also part of our data breach notification process. |
Session Management: what are the session timeouts for different operations? | Session management is about authentication/authorization, not about internal operations like transcription. All of the timeouts are configurable and we can adjust them to your liking regarding user sessions. |
Can we restrict access with MFA or IP filtering? | Yes, both options are possible. |
Can we have access to audit logs on resource security configuration? | Yes, audit logs be available upon request. |
How can the conversation history be extracted? | You can extract your chat history via API. |
Is there a process maintained to remove personal data based on the right to be forgotten if applicable to the services provided? | Yes, there is a process in place. |
Is full-disk encryption enabled for all systems that store or process customer data? | Yes, it is. |
© 2025 Unique AG. All rights reserved. Privacy Policy – Terms of Service