Security

Yorker runs checks against your production endpoints, so we treat your configurations, credentials, and results as sensitive by default. Here is how we protect them.

Isolation by default

Every check runs in an isolated runner. Browser checks execute in a fresh, single-use environment that is destroyed the moment the run completes — no cookies, screenshots, browser profiles, or filesystem artifacts persist between runs, and nothing is shared between customers.

HTTP checks run in per-customer environments rather than a shared pool. Your checks never execute in a container another customer has touched.

Tenant separation

Every request and query is scoped to your team. There is no cross-tenant access at any layer:

  • Data is partitioned and filtered by team on every request
  • Runners are provisioned per customer
  • API keys authenticate to exactly one team

Encryption and credentials

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted, audited, and granted on a least-privilege basis.

Check secrets — auth headers, credentials, and scripts — are delivered to runners as encrypted, in-memory configuration. They are never written to disk and are not retained after a run.

Machine-to-machine access (CLI, runners, API) uses scoped API keys that are tied to a single team and can be revoked independently. Sign-in supports SSO, OAuth, and multi-factor authentication; Yorker never stores your password.

Your telemetry stays portable

Check telemetry is processed in Yorker's control plane — anomaly-scored, dependency-attributed, and correlated into alerts, SLOs, and wide events — then emitted as standard OTLP to the OpenTelemetry backend you choose.

Nothing about the data model is proprietary. The signals you receive are standard OpenTelemetry metrics, traces, and logs that you own and can move at any time.

Private locations

Run the same runner inside your own network with an outbound-only model:

  • Agents poll for work over authenticated HTTPS — no inbound firewall rules required
  • Check configurations are pulled, not pushed
  • Raw OTLP signals are emitted from inside your network to the backend you configure

Infrastructure

Yorker runs on established, SOC 2-compliant cloud infrastructure across multiple global regions, with provider-level DDoS protection, automatic HTTPS, and encrypted, regularly tested backups.

Responsible disclosure

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within 48 hours. Please give us a reasonable window to address an issue before disclosing it publicly.