Security & Compliance
Built on 12 years of
enterprise software.
UnitFinder is developed by Plyo, Norway's leading real estate technology company since 2014. As a European company, GDPR compliance is built into how we design and operate our platform.
Infrastructure
Google Cloud Platform
UnitFinder runs on Google Cloud Platform, one of the world's most secure and reliable cloud infrastructures. Your data is hosted in the EU (Finland) on infrastructure that meets SOC 2, ISO 27001, ISO 27017, and ISO 27018 standards.
Our platform auto-scales on Kubernetes with automated failover, targeting 99.9% availability. Scheduled maintenance happens outside business hours with advance notice.
GCP Infrastructure Standards
Architecture
Built for enterprise
Multi-tenant isolation
Complete data separation between clients using tenant context architecture
Type-safe APIs
Proto-first design with contract-driven service interfaces
Role-based access
Service-level authentication with configurable permissions
Consistent error handling
Standardized exception handling with proper status codes across all services
Service authentication
Dedicated service-to-service auth patterns for internal communication
Audit trail
Dedicated audit service tracking changes and access across the platform
Data Protection
Security by design
Encryption
Sensitive credentials encrypted with AES-256-GCM. TLS encryption at edge.
Access Control
Role-based permissions, audit logging on all access
Backups
Automated hourly backups with tested recovery procedures
Data Residency
EU-hosted (Finland); MENA regional options in development
Compliance
Regulatory framework support
| Framework | Status |
|---|---|
| GDPR (EU) | Compliant |
| Norway E-Commerce Act | Compliant |
| KSA PDPL | Q2 2026 |
| UAE Data Protection | Q2 2026 |
| SOC 2 Type II | Evaluating |
| ISO 27001 | Evaluating |
Integration Security
We only access what's needed
We integrate with your ERP for inventory data only—unit details, pricing, and availability. We don't store customer financial data or payment information.
Leads are delivered to your CRM via secure API with configurable access controls. You remain in full control of your customer data.
What we access
Questions?
We're happy to discuss security in detail or provide documentation for your IT and legal teams.