General Security and Access Control

Data Handling

All customer data is handled as potentially sensitive. Yuki's control plane retains only non-sensitive metadata such as query hashes and execution statistics - never actual query content or customer data.

Authentication

The system uses temporary tokens that can be revoked at any time, giving customers complete audit trails and control over access.

Compliance

Yuki is aligned with:

SOC 2 Type II
ISO 27001 (annexes A.10.1.1, A.10.1.2, A.14.1.2, A.18.1.5)

Encryption

Use	Standard
Data encryption keys	AES-256
PKI authentication	RSA
Website SSL certificates	SHA-256 with RSA

Cryptographic keys are rotated at minimum annually and remain protected throughout their lifecycle.

Access Controls

Production system access is disabled by default and requires explicit approval from the security team. Administrative privileges are temporary and automatically revoked upon task completion.

Data Isolation

Each customer account is isolated using unique identifiers enforced at the API and database layers, ensuring accounts can only access their own data.

Monitoring & Infrastructure

AWS CloudWatch provides continuous infrastructure surveillance
Security agents track suspicious activities
AWS maintains SOC and ISO 27001 certifications for the underlying physical infrastructure

Data Handling​

Authentication​

Compliance​

Encryption​

Access Controls​

Data Isolation​

Monitoring & Infrastructure​