API credential security
API keys for partner integrations are stored in dedicated secret management. Keys are scoped, rotated on a defined schedule, and never written to source code, logs, or client-side applications.
Security
Operational security as a first-class requirement.
Unlimited Global builds technology that handles sensitive customer information and integrates with financial infrastructure. This page describes the controls we operate to protect that data and the platform.
Encryption
Data is encrypted in transit using TLS 1.2+ and at rest using industry-standard algorithms. Sensitive fields are encrypted at the application layer with additional key separation.
Role-based access control
Internal access to administrative tools is gated by least-privilege role assignments, with multi-factor authentication required for all employee accounts.
Audit logs
Administrative and user-impacting actions are logged with actor, target, action, and timestamp. Logs are retained per applicable record-keeping requirements.
Transaction records
Financial transaction records are preserved per partner and regulatory requirements, with mechanisms to provide records to authorized parties when legally required.
Incident response
We maintain an incident response process covering detection, containment, communication, and post-incident review. Material incidents affecting users will be communicated per applicable law.
Monitoring
Production systems are monitored for availability, performance, and security signals. On-call coverage exists for production incidents.
Secure cloud infrastructure
Production workloads run on reputable cloud infrastructure with the appropriate compliance certifications (ISO 27001, SOC 2, or equivalent at the provider level).
Report a security issue
If you believe you have found a security vulnerability or are aware of suspected unauthorized activity affecting Unlimited Global, please contact our security team. We welcome responsible disclosure.
security@unlimitedg.com