One AI chat that spans GDPR, DORA, NIS2, the AI Act, ISO 27001, SOC 2, and 12 more — scoped to the regulation you are working on right now. Your documents. Your templates. Audit-ready answers.
DPOs today don't get the luxury of a single regulation. You ship against GDPR, DORA, NIS2, the AI Act, ISO 27001, SOC 2 — all at once, across overlapping controls, with the same finite team. That is the job now.
Every new regulation brings another 200-page text, another set of controls, another audit cycle. There aren't 18 DPOs on your team — there is one of you.
Your policies live in one folder, your DPAs in another, your control matrices in a spreadsheet, and your audit evidence wherever someone last saved it. Every question means 20 minutes of hunting.
DORA Article 30 and NIS2 Article 21 sound similar. They aren't. Knowing exactly where they overlap and where they diverge is a full-time job you don't have.
Pick one framework. The chat stays inside it — relevant templates, your auto-attached documents, and the right guardrails. Or start a general chat without a framework. 90 substantive compliance templates across 18 frameworks, one conversation, one source of truth.
Pick GDPR, DORA, NIS2 or any of the other 15. The chat loads that regulation's templates, pulls your matching documents, and only reasons about the framework you're working on.
Upload your policies, DPAs, contracts, and procedures once. UnnaData auto-attaches the relevant ones to every framework-scoped session. No more hunting through folders mid-audit.
Every answer cites the regulation article, the template clause, or the uploaded document paragraph it drew from. When the auditor asks "why does this control exist?", the chat already wrote your evidence paragraph.
Five substantive templates per framework — DPIAs, risk registers, vendor onboarding, incident response, audit checklists. Real content written for DPOs, not placeholder text.
Invite your compliance team, assign framework ownership, and share sessions with full audit trail visibility. Every message, every document reference, every framework switch is logged.
Per-message token usage, per-framework adoption tracking, per-session audit trails. You see exactly which frameworks your team is working on and what it costs.
UnnaData covers 8 EU regulations, 6 global standards, 2 US frameworks, 1 California privacy law, and 1 German IT baseline standard — all in one chat, all cited back to the regulation text.
EU regulation
General Data Protection Regulation — EU's primary data protection law covering personal data processing, data subject rights, and cross-border transfers.
EU regulation
Digital Operational Resilience Act — ICT risk, incident reporting, resilience testing, and third-party risk for financial entities.
EU regulation
Network and Information Security Directive 2 — EU-wide cybersecurity obligations for essential and important entities, including incident reporting timelines.
EU regulation
Payment Services Directives — payment services, strong customer authentication, open banking, and consumer protection.
Global standard
Information Security Management System — international certification standard for establishing and continually improving information security.
US standard
System and Organization Controls 2 — voluntary AICPA audit framework for security, availability, processing integrity, confidentiality, and privacy.
EU regulation
Artificial Intelligence Act — AI risk classification, conformity assessment, GPAI obligations, and prohibited practices. Phased rollout through 2026.
Global standard
Business Continuity Management — international standard for business impact analysis, continuity planning, and organizational resilience.
Global standard
Payment Card Industry Data Security Standard — security standard for organizations handling cardholder data. Network security, encryption, access controls.
EU regulation
Markets in Crypto-Assets Regulation — crypto-asset service provider licensing, reserve management, and consumer protection.
German standard
IT Baseline Protection — German BSI building-block methodology with a dual certification path to ISO 27001.
EU regulation
Cyber Resilience Act — cybersecurity requirements for products with digital elements, vulnerability handling, and CE marking.
US standard
NIST Cybersecurity Framework 2.0 — six functions: Govern, Identify, Protect, Detect, Respond, Recover.
California regulation
California Consumer Privacy Act — consumer data rights, opt-out mechanisms, automated decision-making.
Methodology
Governance, Risk, and Compliance — cross-cutting methodology for risk registers, control libraries, and audit preparation.
Methodology
Information Security Management System — structured approach to scope, security policy, risk methodology, asset inventory, and access control.
Methodology
Third-Party Risk Management — vendor risk assessment, onboarding, contractual requirements, continuous monitoring, and exit strategy.
EU regulation
Digital Services Act — content moderation, transparency reporting, algorithmic accountability, and platform governance.
UnnaData adapts to your workflow, not the other way around. Powerful enough for enterprise, simple enough to start today.
Pick the regulation. The chat loads the right templates, attaches the right documents, and cites the specific articles. No cross-contamination from adjacent frameworks, no hallucinated clauses, no hunting.
Upload once. Every framework-scoped session pulls the relevant policies, DPAs, and procedures automatically — with match confidence and overlap badges you can click through.
Every answer tracks the regulation article, template clause, and document paragraph it drew from. Per-message token usage and framework badges on every session — traceability as a first-class feature, not a compliance afterthought.
UnnaData is built by people who answer the same RFPs you do. Every trust claim below is a shipped v1.0 decision, not a future promise.
Hosted exclusively in AWS eu-west-1 (Ireland). No data transfers outside the European Economic Area. GDPR-native by construction, not by policy.
IDOR-hardened context pipeline (every session ownership-checked at the database layer). Prompt-injection mitigated via XML-tagged system prompt blocks. Every message audit-logged. AES-256 at rest, TLS 1.3 in transit.
UnnaData routes your queries through a frontier AI model under a zero-retention agreement. Your documents are never used to train any AI model. No retention beyond the session unless you save it. Working toward SOC 2 Type II certification.
Audit logs on every session. Per-message token usage. Framework badge on every conversation. Per-user and per-company activity feeds. Traceable by design so you can answer the auditor in hours, not weeks.
No complex onboarding. No consultants. Sign up, upload your documents, pick a framework, and start asking.
GDPR, DORA, NIS2, or any of the other 15. Or start a general chat with no framework scoping. You can switch frameworks mid-project.
Policies, DPAs, contracts, procedures, audit evidence. UnnaData categorizes them automatically and auto-attaches the relevant ones to every session.
Get grounded answers with article citations, template references, and document paragraph pointers. The chat stays inside the framework you picked.
Start free with one framework at a time. Upgrade to unlock all 18. No hidden fees, no surprises.
Everything you need to know about UnnaData and multi-framework compliance.
You pick one framework at a time — GDPR, DORA, NIS2, the AI Act, ISO 27001, SOC 2, or any of the other 12. The chat loads that framework's templates, auto-attaches the relevant documents from your library, and only reasons about that regulation. Every answer cites the regulation article, the template clause, or the paragraph in your own document it drew from. You can switch frameworks mid-project.
Because DPOs don't get the luxury of one framework. You ship against GDPR, DORA, NIS2, and the AI Act all at once — plus whichever global standards your auditors ask for (ISO 27001, SOC 2, PCI DSS, NIST CSF 2.0). Overlapping controls, overlapping evidence, overlapping deadlines. UnnaData is built for the real job, not a simplified version of it.
Yes. All data encrypted at rest (AES-256) and in transit (TLS 1.3). Hosted exclusively in AWS eu-west-1 (Ireland) with no transfers outside the EEA. Our context pipeline is IDOR-hardened at the database layer so one account can never read another's documents. Prompt injection is mitigated via XML-tagged system prompt blocks. Every message is audit-logged. We are working toward SOC 2 Type II certification.
Yes. Our Free plan is available forever with no credit card required. It includes one framework at a time, 1 project, 10 documents, and 50 AI chat messages per month — enough to meaningfully try a single framework end to end. Professional unlocks all 18 frameworks plus unlimited usage.
UnnaData runs on a frontier-class AI model selected for its strength on nuanced legal and regulatory text — the kind of reasoning multi-framework compliance work demands. We evaluate models continuously and route to whichever combination delivers the best answers under a zero-retention agreement. Your documents are used solely to provide contextual answers and are never used to train any AI model.
You can always start a general chat with no framework scoping — the AI still knows a wide range of regulations and can reason about frameworks outside our 18. You just lose the auto-attached templates and framework-specific guardrails. Enterprise customers can request custom framework additions with dedicated templates and citation anchors.
You can cancel at any time from your account settings. No cancellation fees, no long-term contracts. When you cancel, you keep access until the end of the current billing period. You can export all your data at any time.
One AI chat for 18 frameworks. Your documents, your templates, audit-ready answers. Start free — no credit card required.