Security is a Core Principle, Not an Afterthought
Unthread is built with security at its core. We're SOC 2 Type II certified and trusted by Fortune 500 companies to handle their most sensitive support operations.
Certifications & compliance
Audited, attested, and continuously monitored by independent third parties.
SOC 2 Type II
Independently audited for security, availability, and confidentiality controls.
HIPAA Compliant
BAAs available for healthcare organizations handling protected health information.
SSO & SCIM
Enterprise single sign-on with SAML 2.0 and automated user provisioning via SCIM.
Role-Based Access Control
Granular permissions ensure team members only access what they need.
Data Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256) across all systems.
99.9% Uptime SLA
Enterprise-grade reliability with redundant infrastructure and automated failover.
Security practices
The operational discipline behind the certifications.
Regular Penetration Testing
Third-party security assessments conducted annually to identify and remediate vulnerabilities.
Incident Response Plan
Documented procedures for detecting, containing, and recovering from security incidents.
Employee Security Training
All team members complete security awareness training and background checks.
Vendor Risk Management
Rigorous evaluation of third-party vendors and continuous monitoring of supply chain risk.
Agreements & documentation
Every agreement, report, and control your legal and security teams need — in one place.
Data Processing Agreement
Our standard DPA covers GDPR, UK GDPR, and applicable data protection laws — pre-signed and ready to countersign.
Business Associate Agreement
HIPAA BAA available for healthcare and health-tech customers processing PHI through Unthread.
Subprocessor List
Full transparency on every vendor we use to deliver the service, with notification on any changes.
SOC 2 Type II Report
Latest audit report available under NDA through the Unthread Trust Center.
Penetration Test Summary
Executive summary of our most recent third-party penetration test available on request.
Security Whitepaper
Deep dive into our architecture, controls, data flows, and disaster recovery posture.
Your data, in your region
Choose where your data lives. Unthread offers isolated, dedicated database instances in specific countries — purpose-built for teams with strict data sovereignty and latency requirements.
Need a region you don’t see? Talk to our team — we support custom deployments for enterprise customers.