Skip to main content

The workflow is the safeguard

  • Nothing merges automatically. Every change arrives as a pull request for human review. Twill has no deploy access.
  • Agents can’t push to your default branch. Work happens on task branches; repo access uses short-lived, scoped GitHub tokens.
  • Code runs in Twill’s sandboxes, not your infrastructure. Unless you explicitly connect read-only cloud integrations, agents can’t see your infra at all.

Isolation

Each workspace gets its own sandboxed VM; each task runs in its own fork with CPU, memory, and disk quotas. Tasks can’t see other workspaces or interfere with each other’s runs.

Data protection

  • Environment secrets and OAuth tokens are encrypted at rest with AES-256-GCM; all traffic is HTTPS/TLS.
  • Incoming webhooks (GitHub, Linear, Slack) are verified with HMAC-SHA256 signatures using timing-safe comparison; Slack requests older than 5 minutes are rejected to block replays.
  • OAuth flows carry CSRF-protected state.
  • Your code and prompts are never used to train models.

Access control

Workspace roles — Owner, Admin, Member — govern who can manage integrations, billing, and the team. See Team management. API keys are workspace-scoped, hashed at rest, and rate-limited.

Third parties

Twill relies on a small set of processors: sandbox infrastructure (Modal, Daytona), the integrations you connect (GitHub, Linear, Slack, …), and Stripe for billing (PCI-compliant; Twill never sees card numbers). Model providers process code context per their API terms — or bring your own keys and contract with them directly. Questions? See the privacy policy or reach out via the website.