Last updated 2026-06-08. This documents the intended launch posture. Replace placeholder implementation notes with your actual controls before production.
Upload handling
Pre-signed upload URLs send large files directly to object storage.
Validate file type, size, duration estimate, plan limit, and abuse signals before processing.
Separate upload, processing, artifact, and checkout states so failed uploads do not burn credits.
Retention defaults
Raw uploads: delete after processing or within 7 days by default.
Generated artifacts: delete within 30 days by default unless the customer chooses storage.
Logs: avoid storing transcript text in application logs.
API & agent safety
Use scoped API keys for MCP, CLI, and agents; show usage limits and revoke keys from the dashboard.
Return stable artifact names so agents do not guess URLs or scrape pages.