Security

Yorker is built with security as a foundation, not an afterthought. Every architectural decision — from ephemeral containers to tenant isolation — is designed to protect your data and the endpoints you monitor.

Ephemeral Container Isolation

Browser checks and multi-step API tests run in isolated, ephemeral Docker containers. Each execution gets a fresh container with its own filesystem, network stack, and process space. The container is destroyed immediately after the check completes.

This means zero data bleed between tenants and zero residual state between executions — no leftover cookies, screenshots, browser profiles, or filesystem artifacts. Every run starts from a clean slate.

HTTP checks run on lightweight per-tenant persistent containers, each dedicated to a single customer per region. No shared execution environments.

Data Encryption

All data is encrypted in transit (TLS 1.2+) and at rest.

  • Database — Neon PostgreSQL with multi-AZ redundancy, WAL replication across availability zones, and point-in-time recovery.
  • Screenshots & artifacts — Cloudflare R2 with erasure coding across multiple data centres. 11 nines durability.
  • Execution nodes — Stateless. No volumes, no persistent storage. Check configurations are passed via environment variables and never written to disk.

Authentication

User authentication is handled by Clerk, providing secure session management, OAuth support, and MFA capabilities. We do not store passwords or session tokens directly.

Machine-to-machine communication (runners, CLI, API integrations) uses scoped API keys. Each key is tied to a specific team and can be revoked independently.

Tenant Isolation

Every API request is scoped to the authenticated team. There is no cross-tenant data access at any layer:

  • Database queries are filtered by team ID at the application layer
  • Runner machines are provisioned per-tenant per-region
  • API keys authenticate to a single team
  • Ephemeral machines are destroyed after each execution, eliminating data persistence

Private Locations

Private location agents run the same Docker image as hosted runners, deployed on your own infrastructure. The security model is outbound-only:

  • Agents make outbound HTTPS requests to the Yorker control plane — no inbound firewall rules required
  • Check configurations are pulled, not pushed
  • Results and telemetry are submitted over authenticated HTTPS
  • Agents validate control plane URL and API key on startup

Infrastructure

Yorker's infrastructure is distributed across trusted providers:

  • Control plane — Vercel (edge network, automatic HTTPS, DDoS protection)
  • Execution — Fly.io (14 global regions, WireGuard mesh networking, hardware isolation)
  • Database — Neon (SOC 2 Type II compliant, automated backups)
  • Storage — Cloudflare R2 (globally distributed, S3-compatible)

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously and will respond within 48 hours. Please do not disclose vulnerabilities publicly until we have had a chance to address them.