# Security

Union.ai provides a production-grade workflow orchestration platform built on Flyte, designed for AI/ML and data-intensive workloads.
Security is foundational to Union.ai’s architecture, not an afterthought.
This document provides a comprehensive overview of Union.ai’s security practices, architecture, and compliance posture for enterprise security professionals evaluating the platform.

Union.ai’s security model is built on several core principles:

* **Data residency:** Customer data is stored and computed only within the customer's data plane. The Union.ai control plane stores only orchestration metadata—no task inputs, outputs, code, logs, secrets, or container images.
* **Architectural isolation:** A strict separation between the Union-hosted control plane and the customer-hosted data plane ensures that the blast radius of any control plane compromise does not extend to customer data.
* **Outbound only connectivity:** The Cloudflare Tunnel connecting the control plane to the data plane is outbound-only from the customer’s network, requiring no inbound firewall rules. All communication uses mutual TLS (mTLS) and is authenticated using the customer's Auth / SSO.
* **Compliance:** Union.ai is SOC 2 Type II certified for Security, Availability, and Integrity, with practices aligned to ISO 27001 and GDPR standards. Union is designed to meet HIPAA compliance requirements for handling Protected Health Information (PHI) and maintains CIS 1.4 AWS certification while pursuing CIS 3.0 certification (in progress). The Union.ai trust portal can be found at [trust.union.ai](https://trust.union.ai)
* **Defense in depth:** Multiple layers of encryption, authentication, authorization, and network segmentation protect data throughout its lifecycle.
* **Human / operational isolation:** Union.ai personnel access the customer's control plane UI only through authenticated, RBAC-controlled channels. Personnel do not have IAM credentials for customer cloud accounts and cannot directly access customer data stores, secrets, or compute infrastructure. In BYOC deployments, Union.ai additionally has [K8s cluster management access](https://www.union.ai/docs/v2/union/security/byoc-differences/page.md#human-access-to-customer-environments).

## Deployment models

Union.ai offers two deployment models, both sharing the same control plane / data plane architecture and security controls described in this document.

In **Self-Managed** deployments, the customer operates their data plane independently; Union.ai has zero access to the customer’s infrastructure, with the Cloudflare tunnel as the only connection.

In **BYOC** deployments, Union.ai manages the Kubernetes cluster in the customer’s cloud account via private connectivity (PrivateLink/PSC), handling upgrades, monitoring, and provisioning while maintaining strict separation from customer data, secrets, and logs.

The core security architecture—encryption, RBAC, tenant isolation, presigned URL data access, and audit logging—is identical across both models. Sections where operational responsibilities differ are noted inline. [BYOC deployment differences](https://www.union.ai/docs/v2/union/security/byoc-differences/page.md) provides a detailed comparison.

## Subpages

- [Security architecture](https://www.union.ai/docs/v2/union/security/security-architecture/page.md)
  - Control plane / data plane separation
  - Control plane (Union.ai hosted)
  - Data plane (customer hosted)
  - Network architecture
  - Cloudflare tunnel (outbound-only)
  - Control plane tunnel (outbound only)
  - Communication paths
  - Data flow architecture
  - Presigned URL pattern
  - Streaming relay pattern
  - Execution flow diagram
  - Data in the UI
- [Data protection](https://www.union.ai/docs/v2/union/security/data-protection/page.md)
  - Data classification
  - Encryption at rest
  - Encryption in transit
  - Data residency and sovereignty
  - Data plane
  - Control plane
- [Identity and access management](https://www.union.ai/docs/v2/union/security/identity-and-access-management/page.md)
  - Authentication
  - Authorization (RBAC)
  - Organization isolation
  - Database-layer isolation
  - Data plane isolation
  - Control plane service isolation
  - Isolation verification
  - Human access to customer environments
  - Current access model
  - Access scope and limitations
  - Audit trail
  - Least privilege principle
- [Secrets management](https://www.union.ai/docs/v2/union/security/secrets-management/page.md)
  - Secrets architecture
  - Secret lifecycle
  - Creation
  - Consumption
  - Write-only API
  - Secret scoping
- [Infrastructure security](https://www.union.ai/docs/v2/union/security/infrastructure-security/page.md)
  - Kubernetes security
  - Container security
  - IAM and workload identity
  - Control plane infrastructure
  - Availability, response time, and resilience
  - Control plane availability
  - Data plane resilience during control plane outages
- [Logging, monitoring, and audit](https://www.union.ai/docs/v2/union/security/logging-monitoring-and-audit/page.md)
  - Task logging
  - Observability metrics
  - Audit trail
  - Incident response
- [Compliance and certifications](https://www.union.ai/docs/v2/union/security/compliance-and-certifications/page.md)
  - Certifications overview
  - Standards compliance
  - HIPAA compliance
  - GDPR alignment
  - Trust Center
  - Shared responsibility model
- [Workflow execution security](https://www.union.ai/docs/v2/union/security/workflow-execution-security/page.md)
  - Task registration
  - Run creation and execution
  - Result retrieval
  - Data flow summary
- [Multi-cloud and region support](https://www.union.ai/docs/v2/union/security/multi-cloud-and-region-support/page.md)
  - Supported cloud providers
  - Supported regions
  - Consistent security across clouds
- [Organizational and physical security practices](https://www.union.ai/docs/v2/union/security/organizational-security-practices/page.md)
  - Employee security lifecycle
  - Governance & organizational controls
  - Security development lifecycle
- [Compute and control plane components](https://www.union.ai/docs/v2/union/security/components-architecture/page.md)
  - Component architecture
  - Executor
  - Apps and serving
  - Object store service
  - Log provider
  - Image builder
  - Tunnel service
- [Vulnerability and risk management](https://www.union.ai/docs/v2/union/security/vulnerability-and-risk-management/page.md)
  - Vulnerability assessment
  - Patch management
  - Threat modeling
  - Control plane compromise
  - Tunnel interception
  - Presigned URL leakage
  - Security architecture benefits
  - Third-party dependency risk
- [BYOC deployment differences](https://www.union.ai/docs/v2/union/security/byoc-differences/page.md)
  - Overview
  - Network architecture
  - Human access to customer environments
  - Secrets management
  - Infrastructure management
  - IAM role provisioning
  - Data plane patching
  - Availability and resilience
  - Third-party dependency risk
  - Shared responsibility model
  - HIPAA and compliance
  - Contact and resources
- [Data residency summary](https://www.union.ai/docs/v2/union/security/data-residency-summary/page.md)
- [Presigned URL data types](https://www.union.ai/docs/v2/union/security/presigned-url-data-types/page.md)
- [Kubernetes RBAC: Control plane](https://www.union.ai/docs/v2/union/security/kubernetes-rbac-control-plane/page.md)
- [Kubernetes RBAC: Data plane](https://www.union.ai/docs/v2/union/security/kubernetes-rbac-data-plane/page.md)
  - Union core services (data plane)
  - Observability and monitoring
- [AWS IAM roles](https://www.union.ai/docs/v2/union/security/aws-iam-roles/page.md)

---
**Source**: https://github.com/unionai/unionai-docs/blob/main/content/security/_index.md
**HTML**: https://www.union.ai/docs/v2/union/security/