# Data protection

Union.ai protects customer data through a classification framework, residency guarantees, and cloud-native encryption. All customer data is encrypted both at rest and in transit.

The platform uses three data access patterns:

- **Presigned URLs** for bulk data (files, DataFrames, code bundles), which bypass the control plane entirely.
- **Inline proxy** for structured task I/O and secret values, which transits control plane memory encrypted in transit, exists as plaintext in memory only during request handling, and is not persisted.
- **Streaming relays** for logs and metrics, which transit control plane memory and are not persisted.

This section covers:

* [Data classification and residency](https://www.union.ai/docs/v2/union/security/data-protection/classification-and-residency/page.md): How data is classified, where it resides, and multi-cloud region support.
* [Data flow](https://www.union.ai/docs/v2/union/security/data-protection/data-flow/page.md): Presigned URL and streaming relay patterns, and what data appears in the UI.
* [Encryption](https://www.union.ai/docs/v2/union/security/data-protection/encryption/page.md): Encryption at rest and in transit across all storage and communication paths.
* [Secrets management](https://www.union.ai/docs/v2/union/security/data-protection/secrets/page.md): Write-only API design, backends, and secret lifecycle.
* [Workflow data flow](https://www.union.ai/docs/v2/union/security/data-protection/workflow-data-flow/page.md): Security controls at each stage of the workflow lifecycle.
* [Multi-cloud support](https://www.union.ai/docs/v2/union/security/data-protection/multi-cloud/page.md): Supported cloud providers and consistent security guarantees.
* [Logging and audit](https://www.union.ai/docs/v2/union/security/data-protection/logging-and-audit/page.md): Task logging, observability metrics, and audit trails.

## Subpages

- [Data classification and residency](https://www.union.ai/docs/v2/union/security/data-protection/classification-and-residency/page.md)
  - Data classification
  - Data residency
  - Verification
  - Data classification
  - Data residency
- [Data flow](https://www.union.ai/docs/v2/union/security/data-protection/data-flow/page.md)
  - Presigned URL pattern
  - Inline proxy pattern
  - Streaming relay pattern
  - Data in the UI
  - Verification
  - Presigned URLs
  - Streaming relay
  - UI data sources
- [Encryption](https://www.union.ai/docs/v2/union/security/data-protection/encryption/page.md)
  - Encryption at rest
  - Encryption in transit
  - Data protection summary
  - Verification
  - Encryption at rest
  - Customer-managed key authority
  - Encryption in transit
- [Secrets management](https://www.union.ai/docs/v2/union/security/data-protection/secrets/page.md)
  - Core design
  - Backends
  - Secret lifecycle
  - Verification
  - Write-only API
  - Secret lifecycle
- [Workflow data flow](https://www.union.ai/docs/v2/union/security/data-protection/workflow-data-flow/page.md)
  - Task deployment and run creation
  - Result retrieval
  - Verification
  - End-to-end data flow
- [Multi-cloud support](https://www.union.ai/docs/v2/union/security/data-protection/multi-cloud/page.md)
  - Supported services
  - Consistent security guarantees
  - Verification
  - Multi-cloud support
- [Logging and audit](https://www.union.ai/docs/v2/union/security/data-protection/logging-and-audit/page.md)
  - Task logging
  - Observability metrics
  - Audit trail
  - Verification
  - Task logging
  - Audit trail

---
**Source**: https://github.com/unionai/unionai-docs/blob/main/content/security/data-protection/_index.md
**HTML**: https://www.union.ai/docs/v2/union/security/data-protection/