Governance

Security

How we protect operational incident data, debugger inputs, and private stores during the design-partner phase.

Foundational security controls for early design partners. We do not claim SOC 2, ISO 27001, HIPAA, or enterprise compliance certification.

Foundational controls

Rate limiting, payload caps, secret redaction, input sanitization, and server-only audit logging on sensitive operational APIs. Controls are designed for pilot workloads — not a certified compliance program.

Secret redaction

Submissions pass through redaction for common API keys, JWTs, database URLs, bearer tokens, and private keys before storage. If secrets are detected, raw trace text is not written to audit logs.

Data store protection

Middleware blocks HTTP access to /data/, including operational incidents, investigations, failure intake, and audit logs.

SOC 2 roadmap

We are building toward SOC 2 Type II readiness. We do not claim SOC 2 compliance today.

Not used for model training

Operational incident and debugger submissions are not used to train foundation models.

Questions: enterprise@youtubetimestampsearch.com

Enterprise overview →