> ## Documentation Index
> Fetch the complete documentation index at: https://docs.twill.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Isolation, least-privilege access, encryption, and human review at the core of the workflow.

## The workflow is the safeguard

* **Nothing merges automatically.** Every change arrives as a pull request for human review. Twill has no deploy access.
* **Agents can't push to your default branch.** Work happens on task branches; repo access uses short-lived, scoped GitHub tokens.
* **Code runs in Twill's sandboxes, not your infrastructure.** Unless you explicitly connect read-only cloud integrations, agents can't see your infra at all.

## Isolation

Each workspace gets its own sandboxed VM; each task runs in its own fork with CPU, memory, and disk quotas. Tasks can't see other workspaces or interfere with each other's runs.

## Data protection

* Environment secrets and OAuth tokens are encrypted at rest with **AES-256-GCM**; all traffic is HTTPS/TLS.
* Incoming webhooks (GitHub, Linear, Slack) are verified with **HMAC-SHA256** signatures using timing-safe comparison; Slack requests older than 5 minutes are rejected to block replays.
* OAuth flows carry CSRF-protected state.
* **Your code and prompts are never used to train models.**

## Access control

Workspace roles — **Owner**, **Admin**, **Member** — govern who can manage integrations, billing, and the team. See [Team management](/team-management). API keys are workspace-scoped, hashed at rest, and rate-limited.

## Third parties

Twill relies on a small set of processors: sandbox infrastructure (Modal, Daytona), the integrations you connect (GitHub, Linear, Slack, …), and Stripe for billing (PCI-compliant; Twill never sees card numbers). Model providers process code context per their API terms — or bring [your own keys](/agent-config/byok) and contract with them directly.

Questions? See the [privacy policy](https://twill.ai/privacy) or reach out via the website.
