Security Policy

  • Last Updated: June 21, 2025.

UnoLock Security Policy


1.1 Introduction

Techsologic Incorporated (Corporation Number 734340-0, headquartered at 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada), provider of the UnoLock platform, including all services, features, applications, and websites (collectively, the "Services"), establishes this Security Policy to govern the protection of user data and ensure the confidentiality, integrity, and availability of the Services for all users ("you," "your," "user"), including LegacyLink nominees, as defined in Section 3 (Services Overview) of the UnoLock Terms of Service ("Terms"). This policy, incorporated into the Terms, available at https://www.unolock.com/tos.html, aligns with our zero-knowledge architecture, Absolute Anonymity, and compliance with Canadian law (PIPEDA), GDPR, HIPAA, and other regulations, as per Section 6 (Data Security and Encryption) and Section 17 (Compliance with Privacy Regulations) of the Terms.

1.2 Purpose

This policy outlines Techsologic Incorporated's ("Techsologic," "we," "us," or "our") security measures to protect User Content and transactional data against unauthorized access, disclosure, alteration, or destruction. It details shared responsibilities with users to maintain a secure environment, ensuring the Services remain a trusted platform for digital asset management, as per Section 3 (Services Overview) of the Terms.

1.3 Encryption

All data within the Services, including User Content in vaults and transactional information, is protected using industry-leading cryptographic standards, as per Section 6 (Data Security and Encryption) of the Terms:

  • Client-Side Encryption: Data is encrypted on your device using AES-256-GCM before transmission, ensuring Techsologic cannot access plaintext data.
  • Data in Transit: Transmitted via TLS 1.3 with post-quantum session keys (ML-KEM-1024), preventing interception.
  • Data at Rest: Stored with dual-layer encryption (client-side AES-256-GCM and server-side AES-256 via AWS S3), ensuring security even in a breach.

You must safeguard encryption keys, as loss results in permanent data inaccessibility, as per Section 5.3 (Data Management) of the Terms.

1.4 Access Control

Access to the Services is secured through advanced authentication mechanisms, as per Section 3.4 (Key Features) of the Terms:

  • Biometric and FIDO2: Supported for secure, passwordless authentication.
  • PIN-Based Authentication: Uses randomized keypad inputs to prevent keylogger attacks.
  • Two-Factor Authentication (2FA): Available to enhance security, where applicable.

You are responsible for maintaining the confidentiality of credentials and enabling additional security features, as per Section 5.1 (Account Security) of the Terms.

1.5 Anonymity

Techsologic ensures Absolute Anonymity and Payment Anonymity, as per Section 9 (Privacy and Anonymity) of the Terms:

  • No PII Collection: No personal identifiable information (PII) is collected unless voluntarily provided for support, as per Section 9.3 of the Terms.
  • Payment Anonymity: Transactions (e.g., Stripe, Bitcoin) are isolated from vault contents, using one-time session keys for Bitcoin, as per Section 9.4.
  • Non-Tracking: No IP addresses or metadata are collected, ensuring untraceable interactions, as per the Privacy Policy at https://www.unolock.com/policies.html.

You must use secure practices to maintain anonymity, as per Section 5.8 (User Responsibilities for Privacy) of the Terms.

1.6 Data Integrity

Techsologic employs mechanisms to ensure User Content remains accurate and unaltered:

  • Integrity Checks: Cryptographic validation (e.g., hash functions) verifies data authenticity during storage and transmission.
  • Zero-Knowledge Architecture: Prevents unauthorized modifications, as Techsologic cannot access plaintext data, as per Section 9.2 of the Terms.

You must ensure lawful and accurate User Content, as per Section 5.3 of the Terms.

1.7 Incident Response

Techsologic maintains a formal incident response plan to address security breaches or anomalies:

  • Detection and Assessment: Continuous monitoring and regular audits per ISO/IEC 27001 and SOC 2 Type II standards detect threats, as per Section 6.7 (Security Audits and Monitoring) of the Terms.
  • Containment and Eradication: Prompt isolation and mitigation of incidents, leveraging zero-knowledge protections.
  • Notification: Breaches involving PII (e.g., support emails) are reported to authorities within 72 hours (per GDPR) and users via https://www.unolock.com/support.html, as per Section 17.3 of the Terms.
  • Recovery: Restoration of services with minimal disruption, ensuring data security.

You must report suspected incidents to https://www.unolock.com/support.html, as per Section 5.7 of the Terms.

1.8 User Responsibilities

You play a critical role in maintaining security, as per Section 5 (User Responsibilities) of the Terms:

  • Credential Security: Safeguard access credentials and avoid sharing them.
  • Security Features: Enable 2FA, biometric, or PIN authentication where available.
  • Reporting: Promptly report suspicious activities or vulnerabilities to https://www.unolock.com/support.html.
  • Compliance: Adhere to the Acceptable Use Policy at https://www.unolock.com/policies.html to prevent illegal or harmful activities.

Techsologic is not liable for breaches due to user errors, as per Section 10 (Limitations of Liability) of the Terms.

1.9 Compliance

Techsologic's security practices comply with:

  • PIPEDA: Canadian data protection requirements.
  • GDPR: EU data security standards, including 72-hour breach reporting.
  • HIPAA: Security for protected health information, where applicable.
  • Standards: ISO/IEC 27001 and SOC 2 Type II, as per Section 6.7 of the Terms.

You must comply with applicable laws, as per Section 5.5 of the Terms.

1.10 Policy Modifications

Techsologic may revise this policy, as per Section 14 (Modifications to Terms) of the Terms. Material changes will be notified via https://www.unolock.com/support.html with 30 days' notice, where feasible. Continued use constitutes acceptance, as per Section 14.5 of the Terms.

1.11 Contact Information

For security inquiries or to report concerns, contact:

  • Mail: Techsologic Incorporated, 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
  • Email: support@unolock.com
  • Security Reports: https://www.unolock.com/support.html
  • Support Portal: https://www.unolock.com/support.html