Everything you need to know about how Uthereal handles your data, our terms, our commitment to sustainability, and the security posture protecting your business DNA.
Your business DNA is your most valuable asset. We protect it with the same standards trusted by regulated industries — encryption, least-privilege access, and continuous compliance monitoring via Vanta.
Independent attestation of our security, availability, and confidentiality controls — monitored continuously via Vanta. Report available under NDA once issued.
International standard for information security management systems (ISMS). Certification underway with an accredited registrar.
Full alignment with the EU General Data Protection Regulation and the Swiss Federal Act on Data Protection. EU Standard Contractual Clauses available on request.
Vanta continuously monitors 100+ controls across infrastructure, identity, endpoints, and code repositories to detect drift in real time.
Continuous compliance
Our full SOC 2 Type II and ISO 27001 audits are underway. Vanta continuously evaluates 100+ controls so security posture stays current between audits — not just at point-in-time.
TLS 1.2+ in transit, AES-256 at rest, and tenant-scoped encryption keys managed through cloud-native KMS.
SSO via SAML and OIDC, enforced MFA, granular RBAC, just-in-time access for production, and quarterly access reviews.
Private VPCs, segmented environments, zero-trust service-to-service authentication, and customer-tenant data isolation.
Hosted on Google Cloud, Microsoft Azure, and AWS in EU and Swiss regions. Automated backups, multi-AZ deployments, and tested DR runbooks.
Centralized audit logs, anomaly detection, file-integrity monitoring, and 24/7 alerting on security-relevant events.
Background checks, mandatory annual security training, phishing simulations, and signed confidentiality agreements for every team member.
Mandatory code review, dependency scanning, SAST, secret scanning, IaC scanning, and pre-production penetration testing.
Continuous vulnerability scanning, severity-based SLAs, and a responsible-disclosure program for external researchers.
Documented IR plan with named on-call rotation, customer notification within 72 hours of a confirmed breach, and post-incident reviews.
We welcome reports from security researchers. Please send a detailed report to security@uthereal.ai. We commit to acknowledging your report within two business days and keeping you informed throughout remediation.
SOC 2 reports (once issued), ISO 27001 certificates, penetration test summaries, sub-processor lists, and Data Processing Agreements are available under NDA via security@uthereal.ai.
