Thanks! One of my co-founders mentioned this in another thread, but you can set up specific playback_policies when you create an asset (https://docs.mux.com/v1/reference#create-an-asset). For internal-only videos with strict infosec requirements, they'd probably want to use signed URLs, but we're also working on things like geo and domain-based restrictions.