Pillar A · Pillar B · Pillar C — three-pillar compliance platform

The compliance platform for DPOs who ship, defend, and teach.

One product, three pillars. Pillar A — Active Awareness: regulator feeds, a rated knowledge base, and team certifications across 18 frameworks. Pillar B — Business Execution: framework-scoped AI chat grounded in your documents and 90 substantive templates. Pillar C — Contest Support: dispute case management, evidence vault, and defense pack export when a regulator comes knocking. Built in the EU, for the EU.

Start free See the three pillars
18 frameworks covered
EU data residency (eu-west-1)
Dispute-ready evidence trail
The problem

You don't do one framework.
You do all of them.

DPOs today don't get the luxury of a single regulation. You ship against GDPR, DORA, NIS2, the AI Act, ISO 27001, SOC 2 — all at once, across overlapping controls, with the same finite team. That is the job now.

Compliance fatigue

Every new regulation brings another 200-page text, another set of controls, another audit cycle. There aren't 18 DPOs on your team — there is one of you.

No single source of truth

Your policies live in one folder, your DPAs in another, your control matrices in a spreadsheet, and your audit evidence wherever someone last saved it. Every question means 20 minutes of hunting.

No time to learn 18 dialects

DORA Article 30 and NIS2 Article 21 sound similar. They aren't. Knowing exactly where they overlap and where they diverge is a full-time job you don't have.

Pillar A — Active Awareness

Stay ahead of 18 regulators.
Without reading every press release.

UnnaData watches the regulators so you don't have to. Weekly TL;DR digests from 40+ official sources, a growing knowledge base rated by peers, and framework certifications for your whole team — all scoped to the frameworks you actually ship against.

Regulator feed weekly TL;DR

Regulator feeds, weekly TL;DR

EDPB, ENISA, EU Commission, CNIL, BaFin, Bundesbank — plus Hacker News and LinkedIn signal. One weekly email with the items that move. Framework tags on every entry, one-click to the source.

Knowledge base rated entries

Knowledge base, peer-rated

Reddit-style voting on regulator decisions, court rulings, and best-practice write-ups. The interpretations that survive community review float to the top — not the ones a single consultant shouted loudest about.

Team certifications GDPR DORA AI Act

Team certifications & badges

Gamified Q-banks for GDPR, DORA, and the AI Act. Employee / team / company-level certification with public verification URLs. Prove your team's compliance literacy to a regulator or a procurement questionnaire.

Pillar B — Business Execution

One AI chat.
Scoped to the regulation you are working on.

AI-first operational compliance — Pillar B is your day-to-day workspace. Pick one framework and the chat stays inside it: relevant templates, your auto-attached documents, the right guardrails. Or start a general chat without a framework. 90 substantive compliance templates across 18 frameworks, one conversation, one source of truth.

Framework-scoped AI context

Pick GDPR, DORA, NIS2 or any of the other 15. The chat loads that regulation's templates, pulls your matching documents, and only reasons about the framework you're working on.

Your documents, your templates

Upload your policies, DPAs, contracts, and procedures once. UnnaData auto-attaches the relevant ones to every framework-scoped session. No more hunting through folders mid-audit.

Audit-ready answers

Every answer cites the regulation article, the template clause, or the uploaded document paragraph it drew from. When the auditor asks "why does this control exist?", the chat already wrote your evidence paragraph.

90 compliance templates

Five substantive templates per framework — DPIAs, risk registers, vendor onboarding, incident response, audit checklists. Real content written for DPOs, not placeholder text.

Team collaboration

Invite your compliance team, assign framework ownership, and share sessions with full audit trail visibility. Every message, every document reference, every framework switch is logged.

Usage + token transparency

Per-message token usage, per-framework adoption tracking, per-session audit trails. You see exactly which frameworks your team is working on and what it costs.

All 18 frameworks

One assistant.
Every framework your team ships against.

UnnaData covers 8 EU regulations, 6 global standards, 2 US frameworks, 1 California privacy law, and 1 German IT baseline standard — all in one chat, all cited back to the regulation text.

EU

GDPR

EU regulation

General Data Protection Regulation — EU's primary data protection law covering personal data processing, data subject rights, and cross-border transfers.

EU

DORA

EU regulation

Digital Operational Resilience Act — ICT risk, incident reporting, resilience testing, and third-party risk for financial entities.

EU

NIS2

EU regulation

Network and Information Security Directive 2 — EU-wide cybersecurity obligations for essential and important entities, including incident reporting timelines.

EU

PSD2/PSD3

EU regulation

Payment Services Directives — payment services, strong customer authentication, open banking, and consumer protection.

ISO

ISO 27001

Global standard

Information Security Management System — international certification standard for establishing and continually improving information security.

US

SOC 2

US standard

System and Organization Controls 2 — voluntary AICPA audit framework for security, availability, processing integrity, confidentiality, and privacy.

EU

EU AI Act

EU regulation

Artificial Intelligence Act — AI risk classification, conformity assessment, GPAI obligations, and prohibited practices. Phased rollout through 2026.

ISO

ISO 22301

Global standard

Business Continuity Management — international standard for business impact analysis, continuity planning, and organizational resilience.

PCI

PCI DSS

Global standard

Payment Card Industry Data Security Standard — security standard for organizations handling cardholder data. Network security, encryption, access controls.

EU

MiCA

EU regulation

Markets in Crypto-Assets Regulation — crypto-asset service provider licensing, reserve management, and consumer protection.

DE

BSI IT-Grundschutz

German standard

IT Baseline Protection — German BSI building-block methodology with a dual certification path to ISO 27001.

EU

CRA

EU regulation

Cyber Resilience Act — cybersecurity requirements for products with digital elements, vulnerability handling, and CE marking.

US

NIST CSF 2.0

US standard

NIST Cybersecurity Framework 2.0 — six functions: Govern, Identify, Protect, Detect, Respond, Recover.

CA

CCPA/CPRA

California regulation

California Consumer Privacy Act — consumer data rights, opt-out mechanisms, automated decision-making.

GRC

GRC

Methodology

Governance, Risk, and Compliance — cross-cutting methodology for risk registers, control libraries, and audit preparation.

ISMS

ISMS

Methodology

Information Security Management System — structured approach to scope, security policy, risk methodology, asset inventory, and access control.

TPRM

TPRM

Methodology

Third-Party Risk Management — vendor risk assessment, onboarding, contractual requirements, continuous monitoring, and exit strategy.

EU

DSA

EU regulation

Digital Services Act — content moderation, transparency reporting, algorithmic accountability, and platform governance.

Platform

Built for the way
DPOs actually work

UnnaData adapts to your workflow, not the other way around. Powerful enough for enterprise, simple enough to start today.

Framework-scoped chat

Ask in DORA. Answer in DORA.

Pick the regulation. The chat loads the right templates, attaches the right documents, and cites the specific articles. No cross-contamination from adjacent frameworks, no hallucinated clauses, no hunting.

Documents

Auto-attached & audit-ready

Upload once. Every framework-scoped session pulls the relevant policies, DPAs, and procedures automatically — with match confidence and overlap badges you can click through.

Audit trail

Every message, cited

Every answer tracks the regulation article, template clause, and document paragraph it drew from. Per-message token usage and framework badges on every session — traceability as a first-class feature, not a compliance afterthought.

Pillar C — Contest Support

When the regulator comes knocking.
You have 72 hours. We have the folder.

Complaints, investigations, and enforcement are the moments compliance work actually matters. UnnaData turns those moments from scramble into muscle memory — hash-chained case timelines, evidence vault with S3 Object-Lock, AI-drafted responses, and a one-click signed defense pack.

Dispute case hash-chained timeline

Hash-chained case timeline

Every event on a dispute case — received filings, internal notes, drafted responses, submitted documents — is SHA-256 chained to the previous event. Tamper-evident by construction. Prove the file you sent the DPA is the file you had on day one.

Evidence vault COMPLIANCE-mode S3

Evidence vault — S3 Object-Lock COMPLIANCE

Regulator-grade evidence storage. S3 Object-Lock in COMPLIANCE mode — not even the root AWS account can delete a retained object during its retention period. Jurisdiction-aware deadline registry baked in. EU data residency, eu-west-1.

Defense pack signed PDF export

Defense pack — one signed PDF

AI-drafted responses scoped to the jurisdiction and deadline. Four-eyes review workflow with privilege ACL and segregation of duties. Export as a single PDF with a cryptographic hash-match gate — if the content drifted, the export fails, loudly, before your signature goes on it.

Trust

Security architecture
a DPO would demand.

UnnaData is built by people who answer the same RFPs you do. Every trust claim below is a shipped v1.2 decision, not a future promise.

EU data residency

Hosted exclusively in AWS eu-west-1 (Ireland). No data transfers outside the European Economic Area. GDPR-native by construction, not by policy.

Security architecture

IDOR-hardened context pipeline (every session ownership-checked at the database layer). Prompt-injection mitigated via XML-tagged system prompt blocks. Every message audit-logged. AES-256 at rest, TLS 1.3 in transit.

Your documents stay yours

UnnaData routes your queries through a frontier AI model under a zero-retention agreement. Your documents are never used to train any AI model. No retention beyond the session unless you save it. Working toward SOC 2 Type II certification.

Continuous compliance

Audit logs on every session. Per-message token usage. Framework badge on every conversation. Per-user and per-organization activity feeds. Traceable by design so you can answer the auditor in hours, not weeks.

How it works

Up and running
in minutes, not months

No complex onboarding. No consultants. Sign up, upload your documents, pick a framework, and start asking.

1

Pick your framework

GDPR, DORA, NIS2, or any of the other 15. Or start a general chat with no framework scoping. You can switch frameworks mid-project.

2

Upload your documents

Policies, DPAs, contracts, procedures, audit evidence. UnnaData categorizes them automatically and auto-attaches the relevant ones to every session.

3

Ask anything

Get grounded answers with article citations, template references, and document paragraph pointers. The chat stays inside the framework you picked.

18
Compliance frameworks covered
90
Substantive templates
1
Chat, not 18 tabs
100%
EU data residency
Pricing

Simple, transparent pricing

Start free with Pillar A. Upgrade to unlock disputes, evidence, and AI drafters. EUR-priced, EU-hosted, no hidden fees.

Free
For solo DPOs — Pillar A forever free
0 / month
Forever free · No credit card
  • Regulator feeds + TL;DR
  • Knowledge base (read-only)
  • 1 certification track
  • Up to 3 users, EU residency
Start free
Starter
For solo DPOs and small compliance teams
49 / month
€470/yr save 20%
  • All 18 frameworks
  • 3 disputes, 10 GB evidence
  • 50 AI drafts / month
  • 3 certification tracks
  • Defense-pack PDF export
Start 14-day Pro trial
Pro
For teams running multi-framework programs
199 / month
€1,910/yr save 20%
  • Everything in Starter, plus:
  • 25 disputes, 100 GB evidence
  • 500 AI drafts / month
  • 5 reviewer seats
  • Unlimited cert tracks
Start 14-day Pro trial
Enterprise
For organizations with advanced needs
Custom
Tailored to your organization
  • Everything in Pro
  • Unlimited everything
  • SSO / SAML + 99.9% SLA
  • Custom frameworks + feeds
  • Dedicated CSM
Talk to sales
See full pricing & feature matrix
FAQ

Frequently asked questions

Everything you need to know about UnnaData and multi-framework compliance.

You pick one framework at a time — GDPR, DORA, NIS2, the AI Act, ISO 27001, SOC 2, or any of the other 12. The chat loads that framework's templates, auto-attaches the relevant documents from your library, and only reasons about that regulation. Every answer cites the regulation article, the template clause, or the paragraph in your own document it drew from. You can switch frameworks mid-project.

Because DPOs don't get the luxury of one framework. You ship against GDPR, DORA, NIS2, and the AI Act all at once — plus whichever global standards your auditors ask for (ISO 27001, SOC 2, PCI DSS, NIST CSF 2.0). Overlapping controls, overlapping evidence, overlapping deadlines. UnnaData is built for the real job, not a simplified version of it.

Yes. All data encrypted at rest (AES-256) and in transit (TLS 1.3). Hosted exclusively in AWS eu-west-1 (Ireland) with no transfers outside the EEA. Our context pipeline is IDOR-hardened at the database layer so one account can never read another's documents. Prompt injection is mitigated via XML-tagged system prompt blocks. Every message is audit-logged. We are working toward SOC 2 Type II certification.

Yes. Our Free plan is available forever with no credit card required. It includes Pillar A — regulator feeds, TL;DR summaries, knowledge base read-only access, one certification track, and up to 3 users — enough to build compliance awareness and get your team certified. Starter and Pro unlock dispute cases, the evidence vault, and AI drafters (Pillars B and C).

UnnaData runs on a frontier-class AI model selected for its strength on nuanced legal and regulatory text — the kind of reasoning multi-framework compliance work demands. We evaluate models continuously and route to whichever combination delivers the best answers under a zero-retention agreement. Your documents are used solely to provide contextual answers and are never used to train any AI model.

You can always start a general chat with no framework scoping — the AI still knows a wide range of regulations and can reason about frameworks outside our 18. You just lose the auto-attached templates and framework-specific guardrails. Enterprise customers can request custom framework additions with dedicated templates and citation anchors.

You can cancel at any time from your account settings. No cancellation fees, no long-term contracts. When you cancel, you keep access until the end of the current billing period. You can export all your data at any time.

Ready to ship compliance
that actually scales?

One AI chat for 18 frameworks. Your documents, your templates, audit-ready answers. Start free — no credit card required.

Start free Book a demo