Certifications and Trust Center
Certifications overview
Union.ai maintains the following certifications and compliance standards, validated by independent third-party auditors with continuous compliance monitoring via Vanta.
| Standard | Status |
|---|---|
| SOC 2 Type II (Security, Availability, Processing Integrity) | Certified |
| SOC 2 Type I (Security, Availability, Processing Integrity) | Certified |
| HIPAA | Compliant (designed to meet requirements) |
| CIS 1.4 AWS (restricted access benchmark) | Certified |
| CIS 3.0 | In progress |
SOC 2 Type II
The 12-week audit covers three trust service criteria: Security (protection against unauthorized access), Availability (system availability and disaster recovery), and Processing Integrity (complete, valid, accurate, and timely data processing).
The audit scope includes control plane infrastructure and operations, tenant isolation controls (org-scoped primary keys, service-layer query gating), employee security lifecycle (background checks, access provisioning, termination checklists), incident response procedures, vendor management program, and business continuity and disaster recovery plans.
Union.ai maintains 73 verified controls across 5 categories, continuously monitored via Vanta:
| Category | Controls | Examples |
|---|---|---|
| Infrastructure Security | 17 | Encryption key access, unique account auth, production access restrictions, intrusion detection, log management, network segmentation, firewall review, network hardening |
| Organizational Security | 13 | Asset disposal, production inventory, portable media encryption, anti-malware, code of conduct, confidentiality agreements, password policy, MDM, security awareness training |
| Product Security | 5 | Data encryption at rest, control self-assessments, penetration testing, data transmission encryption, vulnerability/system monitoring |
| Internal Security Procedures | 35 | BC/DR plans, cybersecurity insurance, change management, SDLC, incident response, risk assessments, vendor management, board oversight, whistleblower policy |
| Data and Privacy | 3 | Data retention, customer data deleted upon leaving, data classification policy |
The SOC 2 Type II report is available upon request.
Trust Center
Union.ai maintains a public Trust Center at trust.union.ai (powered by Vanta) with real-time transparency into security controls, compliance status, and security practices. The Trust Center provides up-to-date certification information and access to request SOC 2 reports. All 73 verified controls are visible through the Trust Center.
Verification
Certifications
Reviewer focus: Confirm that certifications are current and that the Trust Center provides real-time visibility into control status.
How to verify:
-
Visit trust.union.ai and review the current certification status.
-
Request the SOC 2 Type II report and walk through the control categories relevant to specific security questions.
This is audit-only verification. Certifications are validated by independent third-party auditors.