Security & Trust
At UbiQuity, the security of your data is our highest priority. We know our platform is trusted by enterprises, government agencies, and organisations across Aotearoa — and with that comes a responsibility to keep information safe.
That’s why we’ve built UbiQuity from the ground up with security, privacy, and compliance at its core. From robust encryption and strict access controls to continuous monitoring and independent audits, every layer of our system is designed to protect your data.
We also recognise that no two organisations are the same. Whether you’re a large enterprise with complex compliance needs, or a public sector agency managing sensitive citizen information, UbiQuity provides the assurance, transparency, and tools you need to stay in control.
Our goal is simple: to give you the confidence to focus on engaging your customers and communities, knowing your data is secure with us.
UbiQuity is certified to ISO/IEC 27001:2022 for its Information Security Management System (ISMS).
ISO/IEC 27001:2022 Certificate - Certified by MSECB:
MSECB - ISO/IEC 27001:2022
UbiQuity operates on a shared responsibility model, clarifying the roles of both our platform and our customers. This framework ensures data is handled securely, campaigns are executed reliably, and compliance obligations are met. It highlights what UbiQuity provides, what customers are responsible for, and where responsibilities overlap, giving transparency and confidence in how the platform is used safely and effectively.
Customer Responsibility
✅ Collect and upload only lawful, accurate, and consented data.
✅ Manage user accounts, roles, and access within their organisation.
✅ Ensure correct use of available features and functions.
✅ Ensure compliance with privacy and electronic messaging laws when using the platform.
✅ Maintain list hygiene and content quality to maximise deliverability.
Shared Responsibility
✅ Data security and encryption during transfer and storage.
✅ Incident detection, reporting, and coordinated response.
✅ Deliverability outcomes (UbiQuity provides infrastructure; customers follow best practice).
✅ Compliance in practice: UbiQuity supports regulatory alignment; customers implement lawful data use.
UbiQuity’s Responsibility
✅ Provide secure and reliable hosting infrastructure with redundancy and failover.
✅ Maintain and patch the platform.
✅ Encrypt data at rest and in transit; monitor for security threats.
✅ Provide tools for access control, permissions, and audit logging.
✅ Operate compliant email and SMS delivery infrastructure.
✅ Maintain certification and compliance posture, such as with the Privacy Act 2020 (New Zealand).
Shared Responsibilities Explained:
Data security and encryption during transfer and storage
UbiQuity ensures encryption standards are built into the platform. Customers must use the platform correctly - for example, applying secure access controls and avoiding unsafe data handling practices.
Incident detection, reporting, and coordinated response
UbiQuity monitors and detects threats within the platform. Customers must report suspicious activity in their accounts and cooperate in resolving incidents. Both sides work together during investigation and remediation.
Deliverability outcomes
UbiQuity provides compliant infrastructure and maintains sender reputation. Customers must follow deliverability best practice - clean lists, accurate data, relevant content - to avoid spam filtering or blacklisting. Both influence the final outcome.
Compliance in practice
UbiQuity designs features and processes aligned with privacy and messaging regulations such as the Privacy Act 2020 (New Zealand). Customers remain responsible for lawful use of data, obtaining valid consent, and honouring unsubscribe or preference requests.