Trust Center

U4IA is outcome-based acquisition infrastructure. We analyze conversation metadata to surface warm introductions, price the next step, and verify outcomes โ€” all with enterprise-grade security.

๐Ÿ”’ SOC 2 Aligned
๐Ÿ” Encrypted at Rest & Transit
๐Ÿ“‹ GDPR Ready
๐Ÿšซ Zero AI Training on Customer Data
Security Documents

Resources

Security documentation available to customers and prospects. Contact security@u4ia.ai for access.

Information Security Policy

Core security controls and governance

Access Control Policy

Authentication and authorization

Incident Response Plan

Security incident handling

Data Processing Agreement

GDPR-compliant DPA

Business Continuity Plan

Disaster recovery procedures

Penetration Test Summary

Third-party security assessment
22 Controls Monitored

Security Controls

Active security controls across infrastructure, organization, product, operations, and data privacy.

Unique production database authentication enforced

U4IA requires authentication to production datastores using authorized secure mechanisms.

Encryption key access restricted

Privileged access to encryption keys restricted to authorized users with a business need.

Unique account authentication enforced

Authentication to systems and applications using unique credentials or authorized SSO.

Production application access restricted

System access restricted to authorized access only via Railway's infrastructure controls.

Production database access restricted

Privileged access to databases restricted to authorized users with a business need.

Network firewalls utilized

Cloudflare firewalls configured to prevent unauthorized access.

Security policies established

Information security policies covering access control, data classification, and incident response.

Code of conduct acknowledged

Employees acknowledge and agree to the company's code of conduct and acceptable use policies.

Access revoked upon termination

Termination checklists ensure access is revoked for terminated employees within SLAs.

Data transmission encrypted

All data transmission uses TLS 1.3. API endpoints are HTTPS-only.

Data at rest encrypted

All OAuth tokens encrypted with Fernet symmetric encryption. Database encrypted via PostgreSQL native encryption.

Vulnerability scanning performed

Regular vulnerability scanning of application dependencies and infrastructure.

Penetration testing conducted

Penetration testing by qualified security professionals.

Business continuity plan established

Business continuity plan reviewed and tested periodically.

Incident response plan documented

Incident response plan with defined roles, procedures, and communication protocols.

Change management process implemented

Formal change management process for production systems.

Audit logging implemented

Every API call logged with timestamps, user, IP address, and outcome. Full audit trail for compliance.

Data retention procedures established

Email snippets retained for 90 days maximum. Clear retention policies across all data types.

Data classification policy established

Data classification policy defines sensitivity levels and handling requirements.

Customer data deleted upon request

Customer data deleted within 30 days of request with confirmation.

Internal emails never processed

Only conversations with external parties are analyzed. Internal emails filtered client-side before transmission.

No AI model training on customer data

Anthropic's Claude API with zero-retention policy. Customer data is never used for AI training.

22 controls across 5 categories ยท Last reviewed February 2026