Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Two way SaaS integration platform from Unito (Montreal, Canada) that synchronises work items, projects, tickets and contacts across tools like Jira, Asana, Trello, ClickUp, Notion, HubSpot, GitHub, Salesforce and Microsoft 365.
Unito Hub is a SaaS integration platform built by Unito Inc. (Montreal, Canada). It uses OAuth and APIs to read and write items in dozens of productivity, project management, CRM and engineering tools, then keeps them in sync with configurable rules. A typical use case is mirroring Jira tickets into Asana, ClickUp or HubSpot for cross team visibility.
Unito processes whatever fields the customer maps in the sync flow: titles, descriptions, comments, attachments, due dates, assignees, custom fields, project metadata. It stores OAuth tokens for each connected tool, internal mapping tables, sync audit logs, customer accounts and billing data. The marketing website sets first party cookies and uses standard product analytics.
Unito is a processor under the GDPR. The customer remains controller of all synced personal data (employee names, comments, customer information). The DPA includes SCCs, subprocessor list, security commitments (SOC 2 Type II, ISO 27001) and data subject rights support.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No end user consent is required to operate Unito Hub on internal data. The marketing site itself sets non essential cookies (Google Analytics, HubSpot, LinkedIn) that need consent under ePrivacy. Personal data of employees and customers is processed under Article 6(1)(b) GDPR (contract) or Article 6(1)(f) (legitimate interest), with appropriate transparency in the privacy notice.
Unito hosts its production environment on AWS in the US, with operational staff in Canada. Canada has a partial adequacy decision, the US relies on SCCs and the EU US Data Privacy Framework. Enterprise customers can request an EU data residency option for their workspace.
Sign the DPA, review the Unito subprocessor list, configure least privilege OAuth scopes on each connected tool, restrict who can create syncs, exclude sensitive fields from rules when possible, define retention for sync logs, document the flow in your ROPA and run a DPIA if HR, health or financial data is involved.
Websites using Unito Hub must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Unito Hub is used to sync employee performance data, HR records, sensitive customer information, healthcare or financial work items, or when large volumes of data subjects are involved through the connected tools.
Sample consent text
We use Unito Hub (Unito, Canada) to synchronise work items between our internal tools. Unito acts as a processor under a DPA, with transfers to Canada and the United States covered by Standard Contractual Clauses and the EU US Data Privacy Framework.
Third-party domains contacted
unito.ioapp.unito.ioapi.unito.iocdn.unito.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| unito_session | http | Session | Strictly necessary cookie that keeps the user signed in to the Unito web app. |
| unito_csrf | http | Session | CSRF protection token used by the Unito web app forms. |
| unito_pref | http | 1 year | Stores UI preferences such as language and theme. |
| _ga | http | 2 years | Google Analytics cookie set by the Unito marketing website to measure traffic; requires consent. |
Unito Hub collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Unito sets strictly necessary cookies in its web app (unito_session, unito_csrf, unito_pref) for sign in and UI preferences, and uses third party analytics cookies (Google Analytics) on its marketing website, which require consent.
No for the application itself when used internally on company data. Yes for the marketing site cookies (analytics, advertising) and for any visible employee data sync that requires transparency under Article 13 GDPR.
Article 6(1)(b) GDPR (contract performance) for the internal productivity use case. Article 6(1)(f) (legitimate interest) for IT security, abuse prevention and aggregate product analytics. Employee data should be assessed against the controller workplace policy and any works council requirements.
Yes. Unito hosts the production environment on AWS in the United States and operates teams in Canada. Transfers rely on SCCs, the EU US Data Privacy Framework and the partial adequacy decision for Canada. An EU residency option is available for enterprise plans.
A DPIA is recommended when Unito Hub synchronises HR records, employee performance data, sensitive customer information or large volumes of personal data through the connected tools. For low risk task syncing between standard project management tools, a DPIA is not normally required.
Sign the DPA, review subprocessors, configure least privilege OAuth scopes, restrict who can create flows, exclude sensitive fields, document the data flow in your ROPA, inform employees via the privacy notice or works council, and run a DPIA if HR or sensitive data is involved.
Other integration platforms include Zapier, Make (Integromat), Workato, Tray.io, Boomi, Mulesoft, n8n (open source, EU friendly) and native integrations within the connected SaaS tools. EU based alternatives reduce transfer risk.
List Unito as a processor in the privacy notice when used internally. If you embed any Unito widget on a public site, add the strictly necessary cookies (session, csrf, pref) to your cookie list, plus the marketing site analytics cookies if they end up on your domain.