Skip to main contentTwill is built with enterprise security requirements in mind. Your code and credentials stay protected at every step.
Code Execution Isolation
Agent code runs in isolated cloud sandboxes, completely separate from Twill’s infrastructure:
- Container isolation: Each task runs in its own sandbox with dedicated resources
- Resource limits: CPU, memory, and disk quotas prevent runaway processes
- Automatic cleanup: Sandboxes terminate after completion or timeout
- No persistent access: Sandboxes are ephemeral—nothing persists between tasks
Read-Only by Default
Twill agents operate with minimal permissions:
- GitHub read-only: Agents cannot push directly to your repositories
- PR-based workflow: All changes go through pull requests for human review
- No direct deploys: Twill never deploys code without your approval
Data Encryption
Your sensitive data is protected at rest and in transit:
- AES-256-GCM encryption: Environment secrets are encrypted before storage
- HTTPS everywhere: All API communication uses TLS
- Short-lived tokens: GitHub access tokens are cached briefly and refreshed automatically
Webhook Verification
All incoming webhooks are cryptographically verified:
- HMAC-SHA256 signatures: GitHub, Linear, and Slack webhooks use signed payloads
- Timing-safe comparison: Prevents timing attacks on signature verification
- Replay protection: Slack webhooks reject requests older than 5 minutes
Workspace Isolation
Multi-tenant architecture ensures strict boundaries:
- Role-based access: Owner, Admin, and Member roles with appropriate permissions
- Credential scoping: Each workspace’s secrets are isolated from others
- OAuth state validation: CSRF protection on all authorization flows
No Model Training
Your code and prompts are never used to train AI models. Twill processes your data only to complete tasks you request.
Best Practices
Environment Variables
- Use Twill’s secret storage: Add sensitive values through the Repository Environment settings rather than committing them to your repository
- Use dev credentials only: Create separate API keys for development—never give agents access to production credentials
- Rotate credentials regularly: Update API keys and tokens periodically
- Scope permissions narrowly: Give third-party API keys only the permissions they need
Branch Protection
Enable GitHub branch protection on your main branches:
- Require pull request reviews: Ensure human review before merging agent PRs
- Require status checks: Block merges until CI passes
- Restrict direct pushes: Prevent bypassing the PR workflow
These settings work with Twill’s PR-based workflow to maintain code quality and security.
Third-Party Services
Twill integrates with trusted infrastructure providers:
- Modal / Daytona: Sandbox execution environments
- GitHub / Linear / Slack: Issue tracking and communication
- Stripe: Payment processing (PCI compliant)
For detailed privacy information, see our Privacy Policy. 
