Your community's data, treated like your community.
Unisoft is built on a modern, audited cloud stack with European hosting, end-to-end encryption, GDPR compliance and read-only Open Banking. We host members, donors, families and Yahrzeit dates — and we treat them with the respect that level of trust requires.
How we protect your kehila
Encryption at rest and in transit
All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Backups are encrypted with the same standard. Card data never touches our servers — Stripe, Authorize.net, GoCardless and PayGreen handle it directly.
EU-based hosting
Production servers and primary backups live in the European Union with redundancy across availability zones. No transfer of personal data outside the EU without explicit safeguards.
Two-factor authentication
2FA is available on every account, mandatory for admins on the Unlimited plan. SSO via Google, Microsoft and Apple is supported for staff. Member portals use passwordless email links.
Granular permissions and audit logs
Role-based access control with custom roles. Every sensitive action — viewing donor history, exporting data, editing financial records — is logged with user, time and IP for the full audit trail your auditors and your kehila expect.
Read-only Open Banking
Open Banking auto-reconciliation across 3,500+ banks works in read-only mode through regulated providers (Nordigen / GoCardless Bank Account Data). Unisoft can never initiate a transfer or move funds. We watch — we never touch.
GDPR compliance by design
Lawful basis documented per data category. Data Processing Agreement (DPA) available on request. Right to access, rectify and erase exposed via a one-click member portal — no manual paperwork. Data retention policies configurable per organization.
AI that never trains on your donors
Yossi (WhatsApp), Zalmi (content) and the Tourism chatbot are powered by enterprise AI providers under strict no-training agreements. Your member data, donation history and conversations are never used to train any external model.
Daily backups, full data export
Encrypted automatic daily backups with 30-day retention. You can export your full dataset (members, donations, events, history) as CSV or JSON at any time, including the day you decide to leave us. No vendor lock-in.
Standards we comply with — and the ones we're working on
GDPR (EU)
Lawful basis per data category, DPA on request, right to access / erase exposed via member portal, EU-only hosting, sub-processor list maintained.
PCI-DSS
Card data never touches Unisoft. All card processing is delegated to PCI-DSS Level 1 partners: Stripe, Authorize.net, GoCardless, PayGreen.
French CNIL
Conformité au Règlement Général sur la Protection des Données pour les associations cultuelles et organismes d'intérêt général en France.
UK GDPR + ICO
Compliant with the UK GDPR. Standard contractual clauses applied for any UK→EU data transfer. ICO registration available on request.
Israel Privacy Protection Law
Aligned with the Israeli Protection of Privacy Law for organizations processing personal data in Israel, including IL 46א donor records.
SOC 2 / ISO 27001
Formal SOC 2 Type II audit and ISO 27001 certification scheduled. Underlying infrastructure providers (cloud, AI, payments) are already certified.
Need a Data Processing Agreement, sub-processor list or vendor security questionnaire? Email security@unisoft.world and we'll send it within 48 hours.
Let's talk about your community
See how Unisoft can help your structure save time, raise more, and strengthen its community.
Free demo — no commitment.