Trigunatita is YouTube channel insurance. It takes every video you upload, publishes it to your primary YouTube channel, and mirrors a private copy to a backup channel on a separate Google account. The original file is archived in cold storage so you can restore to a new channel if both are lost.

Why not just download my videos with Google Takeout?

Google Takeout only works while you still control the account. The moment your channel is terminated, Takeout is gone with it. Trigunatita mirrors continuously to an account you also control, so the backup exists before disaster — not after.

Will YouTube flag the backup channel for duplicate content?

Backup uploads are always private. YouTube's duplicate-content and spam systems operate on publicly visible content. A private archive on a channel you own is not public duplication. We still recommend keeping the backup channel otherwise active with distinct public content over time.

What happens if my primary channel is terminated?

The backup channel on your second Google account still has every video, private. You can republish selectively, export, or use the cold archive to seed a new channel. Your audience rebuilding starts from a position of ownership, not zero.

How much does it cost?

Creator tier is ₹1,599 per month (roughly $19) with one backup channel and ninety-day cold archive. Pro is ₹3,999 with two backups, year-long archive, and priority support. Studio is ₹11,999 for agencies and multi-channel operators.

Is this legal and within YouTube's terms?

Yes. Trigunatita uses the sanctioned YouTube Data API v3 with your explicit OAuth consent on both channels. We never scrape, never bypass quota, and never store your Google password. You revoke access anytime in your Google account settings.

What does Trigunatita not protect against?

If both channels are terminated simultaneously (rare, but possible for severe TOS violations), the private mirror is lost. The cold archive in our storage survives that case and lets you republish to a new channel. We also cannot intercept uploads made directly from the YouTube mobile app — upload through Trigunatita instead.

Who built this and why?

I'm Meru. My previous YouTube channel was terminated with no clear cause — likely a false 'invalid traffic' flag. Four years of videos gone, no backup. I built Trigunatita so the next creator doesn't open that email with nothing in reserve.

Do Trigunatita employees have access to my video files?

No human Trigunatita employee has access to customer video files under normal operations. Engineers have administrative access to AWS accounts, but S3 bucket policies deny read access to the video buckets from human IAM principals — only specific Lambda execution roles can read them. Break-glass access requires a documented incident, a PR-approved policy change, and leaves an immutable CloudTrail record.

Can you read my YouTube channel's private data?

Only what the three requested scopes allow: channel ID, channel name, playlist list, and the ability to upload and edit videos / thumbnails. We do not have and cannot obtain: monetisation data, subscriber identities, individual comment content, analytics beyond what youtube.readonly exposes, or any Google service data outside YouTube.

What happens to my data when I cancel?

Account marked for deletion. 30-day grace period so you can export or change your mind. After 30 days: OAuth tokens revoked and deleted, DynamoDB rows deleted within 24h, S3 archive bucket objects marked for deletion. Objects in Glacier Deep Archive are billed for a 180-day minimum — we delete them immediately and absorb the prorated cost rather than retain them. You receive an 'erasure complete' email when every stage finishes.

Where is the data stored geographically?

Primary region is AWS ap-south-1 (Mumbai). Data does not leave India except for YouTube API calls to Google's global edge, which is unavoidable for the product to function. We do not replicate to a second region currently — the cost-reliability trade-off is not worth it for data that is already replicated at 11 nines within a single region, but we revisit this for Studio-tier customers on request.

Is there a bug bounty program?

Informal for now. If you find a security issue, email security@trigunatita.com with details. We respond within 48 hours, acknowledge the researcher publicly once the fix ships (with permission), and pay a token bounty in INR via UPI for anything beyond cosmetic. Formal program launching in 2026Q3.

Can I request a DPA or security questionnaire?

Yes. Email legal@trigunatita.com. Standard DPA available immediately. Customer-specific DDQs are turned around in under two weeks for Studio-tier buyers.

Do you have a SOC 2 report?

Not yet. We are collecting evidence and expect our Type I report in approximately 6 months, Type II a year after that. Studio tier includes early access to the evidence package on request.

What about CASA audit for Google's OAuth restricted scopes?

We operate in Google's OAuth Testing Mode while under 100 production users. Before approaching the threshold we undergo a CASA Tier 2 assessment by a Google-approved third party. Budget and timeline are disclosed in the founder’s public memo. This is an industry-wide requirement, not a Trigunatita specific burden.

Trigunatita

§ VI — TrustPosture · Scopes · ControlsUpdated 4 May 2026

Exactly what we hold, and exactly who can reach it.

Trigunatita’s whole job is to protect a creator’s work. A product that can’t describe its own security posture in one page doesn’t deserve the credentials it asks for. This page is that description. Updated whenever it changes.

Google OAuth scopes

What we ask for — and everything we don’t.

Minimising OAuth scope is the single biggest lever for reducing creator risk. Every extra scope is a wider blast radius if we’re ever compromised.

Scope	Status	Why / Why not
youtube.upload	Required	Call youtube.videos.insert to publish videos to your primary and backup channels.
youtube.readonly	Required	Read your channel ID, verify ownership, and list existing playlists so the upload form can offer them.
youtube.force-ssl	Required	Set thumbnails (thumbnails.set) and add videos to playlists (playlistItems.insert). Required by YouTube API for these calls.
userinfo.email / openid / userinfo.profile	Required	Sign-in only. Identify the account in our own auth system. Never used for marketing or shared.
youtubepartner	Not requested	Content ID and monetisation management. Not needed by Trigunatita; requesting it would bloat our CASA audit scope and your trust surface.
youtube.channel-memberships.creator	Not requested	Paid memberships. Outside the scope of a backup product.
Google Ads / AdSense / Analytics	Not requested	Your revenue data is none of our business. We will never ask for access to it.

Controls in place

Encryption, access, and audit — specifically.

Encryption at rest: All data at rest is encrypted with AWS KMS customer-managed keys, one per environment. S3 buckets use SSE-KMS with bucket keys for cost-efficiency. DynamoDB uses AWS-owned keys by default plus our CMK for PII-tagged attributes. Secrets Manager holds every OAuth refresh token, keyed by userId+channelId, with access gated by IAM policies that only permit decryption by the specific Lambda function that needs the token at the moment of use.
Encryption in transit: TLS 1.2+ everywhere. HSTS with a two-year max-age and preload enabled on trigunatita.com. Certificate pinning is not currently enforced (breaks more than it helps on mobile browsers). Browser-to-S3 presigned uploads are TLS; server-to-S3 is TLS; server-to-YouTube-API is TLS.
Access control: Every Lambda has a dedicated IAM role with narrow, resource-scoped permissions. No wildcard resources, no wildcard actions. Engineers get time-bound console access via AWS SSO with mandatory MFA; production writes require a PR approval and a deployment workflow — no human types into prod.
Least-privilege OAuth: We request the minimum YouTube Data API scopes to run the product: youtube.upload, youtube.readonly, youtube.force-ssl. You can revoke Trigunatita from your Google account at any time (Google Account → Security → Third-party access). Revocation immediately breaks our ability to call the API on your behalf; backups made while authorised remain yours on your backup channel.
Network isolation: Lambdas that talk to KMS, Secrets Manager, and DynamoDB run inside a VPC with no public egress. Outbound traffic to the YouTube API goes through a NAT gateway whose IP range is allow-listed in our audit logs. The marketing site is static-rendered and served from CloudFront — your browser never talks to a Trigunatita origin server to read this page.
Logging and audit: CloudTrail enabled organisation-wide, logs delivered to a dedicated audit account. Every Lambda writes structured JSON logs with a correlation ID that follows a single upload through the whole pipeline. CloudWatch Alarms fire on anomalies (DLQ depth > 0, sync failure rate > 5%, KMS throttle). A dedicated AuditLog DynamoDB entity records security-sensitive actions (OAuth token add/remove, sync deletion, user profile change) with immutable append-only semantics.

Data inventory

Everything we store, mapped.

Data	Where it lives	Retention	Purpose
Google OAuth refresh tokens	AWS Secrets Manager (KMS-encrypted)	Until you disconnect the channel	Call YouTube API on your behalf
Source video files (original)	AWS S3 Glacier Instant Retrieval (→ Deep Archive after 90d on Pro/Studio)	Per-tier: 90d / 365d / unlimited; 30d grace after cancel	Cold restore if both YouTube channels are lost
Video metadata (title, desc, tags)	AWS DynamoDB, KMS-encrypted	Lifetime of account + 30d grace	Re-apply metadata on republish / restore
Sync ledger (per-destination status)	AWS DynamoDB	Lifetime of account + 90d audit window	Show you which videos synced to which channel
Account profile (email, name)	AWS Cognito + DynamoDB	Lifetime of account + 30d grace	Authenticate you, email receipts and alerts
Payment records (Razorpay references)	DynamoDB (tokenised ID only) + Razorpay	7 years (GST / tax law)	Invoicing, refunds, dispute defence
Web analytics	Plausible (DPDP/GDPR-safe, cookieless)	Aggregated only; 2 years max	Improve the marketing site
Video content payload on YouTube	YouTube's servers, under your account	Controlled by you / YouTube	The product outcome itself

Google OAuth refresh tokens

Where: AWS Secrets Manager (KMS-encrypted)
Retain: Until you disconnect the channel
Why: Call YouTube API on your behalf

Source video files (original)

Where: AWS S3 Glacier Instant Retrieval (→ Deep Archive after 90d on Pro/Studio)
Retain: Per-tier: 90d / 365d / unlimited; 30d grace after cancel
Why: Cold restore if both YouTube channels are lost

Video metadata (title, desc, tags)

Where: AWS DynamoDB, KMS-encrypted
Retain: Lifetime of account + 30d grace
Why: Re-apply metadata on republish / restore

Sync ledger (per-destination status)

Where: AWS DynamoDB
Retain: Lifetime of account + 90d audit window
Why: Show you which videos synced to which channel

Account profile (email, name)

Where: AWS Cognito + DynamoDB
Retain: Lifetime of account + 30d grace
Why: Authenticate you, email receipts and alerts

Payment records (Razorpay references)

Where: DynamoDB (tokenised ID only) + Razorpay
Retain: 7 years (GST / tax law)
Why: Invoicing, refunds, dispute defence

Web analytics

Where: Plausible (DPDP/GDPR-safe, cookieless)
Retain: Aggregated only; 2 years max
Why: Improve the marketing site

Video content payload on YouTube

Where: YouTube's servers, under your account
Retain: Controlled by you / YouTube
Why: The product outcome itself

Compliance posture

Where we are, and where we’re going.

India DPDP Act 2023
Compliant — data fiduciary obligations met
Consent-based processing, user-controlled deletion, grievance officer designated.
GDPR (EU)
Compliant for EU creators
DPA available on request. Data-processor role for creator content; controller role for account data.
Google CASA / OAuth restricted scope
Testing mode (< 100 production users)
CASA Tier 2 assessment scheduled when user count approaches the threshold. See / story for the plan.
SOC 2 Type II
Roadmap — Studio tier
Evidence-collection started; target report in 12 months.
PCI DSS
Not in scope
Razorpay handles card data; we never see or store PANs.

Incident response

What happens when something goes wrong

T + 0m
Detection
CloudWatch Alarm fires on anomaly (unusual auth pattern, sync failure spike, unexpected IAM denial), or a user reports an incident. On-call engineer acknowledges within 15 minutes during business hours, 60 minutes overnight.
T + 30m
Containment
If credentials are suspected compromised: rotate affected Lambda IAM role, revoke active Cognito sessions, optionally invalidate user refresh tokens (forced re-auth). Preserve forensic logs.
T + 2h
User notification
If any customer data was accessed, affected users notified by email with facts known at the time. Status posted to status.trigunatita.com. We do not wait for full forensic closure to notify.
T + 24h
Regulator notification
Under India DPDP Act, significant personal-data breaches must be notified to the Data Protection Board within 72 hours. We target under 24 to have margin.
T + 7d
Public post-mortem
Blameless post-mortem published at /security/incidents/{yyyy-mm-dd}. Root cause, user impact, remediation, and prevention. Never vague.

Report a security issue to security@trigunatita.com. PGP key available on request.

Frequently asked

Security questions

Procurement, legal, or DPO reviewing before a Studio-tier purchase? Email legal@trigunatita.com and we’ll turn around a full questionnaire within two weeks.

Do Trigunatita employees have access to my video files?
No human Trigunatita employee has access to customer video files under normal operations. Engineers have administrative access to AWS accounts, but S3 bucket policies deny read access to the video buckets from human IAM principals — only specific Lambda execution roles can read them. Break-glass access requires a documented incident, a PR-approved policy change, and leaves an immutable CloudTrail record.
Can you read my YouTube channel's private data?
Only what the three requested scopes allow: channel ID, channel name, playlist list, and the ability to upload and edit videos / thumbnails. We do not have and cannot obtain: monetisation data, subscriber identities, individual comment content, analytics beyond what youtube.readonly exposes, or any Google service data outside YouTube.
What happens to my data when I cancel?
Account marked for deletion. 30-day grace period so you can export or change your mind. After 30 days: OAuth tokens revoked and deleted, DynamoDB rows deleted within 24h, S3 archive bucket objects marked for deletion. Objects in Glacier Deep Archive are billed for a 180-day minimum — we delete them immediately and absorb the prorated cost rather than retain them. You receive an 'erasure complete' email when every stage finishes.
Where is the data stored geographically?
Primary region is AWS ap-south-1 (Mumbai). Data does not leave India except for YouTube API calls to Google's global edge, which is unavoidable for the product to function. We do not replicate to a second region currently — the cost-reliability trade-off is not worth it for data that is already replicated at 11 nines within a single region, but we revisit this for Studio-tier customers on request.
Is there a bug bounty program?
Informal for now. If you find a security issue, email security@trigunatita.com with details. We respond within 48 hours, acknowledge the researcher publicly once the fix ships (with permission), and pay a token bounty in INR via UPI for anything beyond cosmetic. Formal program launching in 2026Q3.
Can I request a DPA or security questionnaire?
Yes. Email legal@trigunatita.com. Standard DPA available immediately. Customer-specific DDQs are turned around in under two weeks for Studio-tier buyers.
Do you have a SOC 2 report?
Not yet. We are collecting evidence and expect our Type I report in approximately 6 months, Type II a year after that. Studio tier includes early access to the evidence package on request.
What about CASA audit for Google's OAuth restricted scopes?
We operate in Google's OAuth Testing Mode while under 100 production users. Before approaching the threshold we undergo a CASA Tier 2 assessment by a Google-approved third party. Budget and timeline are disclosed in the founder’s public memo. This is an industry-wide requirement, not a Trigunatita specific burden.

For procurement

Need a DPA, DDQ, or security review?

Standard DPA available immediately. Custom DDQ turned around in under two weeks. If your compliance team has a specific framework in mind, tell us upfront and we’ll map our controls to it.

Email legal@trigunatita.com See the mechanism