Q1 numbers: what we shipped and what we missed

Quarterly receipts. We committed to three things in January:

1. Go SDK ✅ (mostly)

0.x went out late January as planned. 1.0 slipped to mid-March (we said February). The slip came from an awkward concurrency model we wanted to fix before declaring 1.0. Three Go-using customers integrated successfully. The SDK lives at github.com/swydex/swydex-go.

2. SOC 2 audit ❌ (slipped to Q2)

We engaged the auditor in February as planned. Observation period requires 6 months of evidence — we have 4. Audit completion is now late Q2. Customers asking specifically: we have a controls-and-evidence package available under NDA in the meantime.

3. Bug bounty ✅

Live on HackerOne since March 18. Two findings so far, both Medium severity, both paid out. No Criticals (yet).

What else we shipped not on the list

• BYOK for Enterprise tenants.
• Migration off DodoPayments to Stripe.
• P2P trade chat improvements (better dispute moderation tools).
• Replaced our placeholder admin UI with a real-time intervention queue.

What missed entirely: 2FA for tenant users, multi-region failover. Both pushed to Q3.

Net: shipped two of three commitments on time-ish, plus four off-roadmap things. SOC 2 slipped because audit timelines are not engineering timelines.