Privacy Policy

Effective Date: August 15, 2025

1. Introduction

This Privacy Policy explains how Chainlit SAS ("we," "us," or "our") collects, uses, and protects your personal information when you use Twill, our AI-native project management platform.
We are committed to protecting your privacy and complying with applicable data protection laws.

2. Information We Collect

2.1 Account Information

  • Email address
  • Name and profile information
  • Password (encrypted)
  • Workspace and team affiliations

2.2 Usage Data

  • Project specifications and tickets you create
  • AI interactions and queries
  • Platform usage patterns and features accessed
  • Device information (browser, operating system)
  • IP address and location data

2.3 GitHub Integration Data

When you connect your GitHub account, we collect:
  • Repository names and structure (read-only access)
  • Code content for AI analysis
  • Commit information and file changes
  • Repository metadata
We only request read permissions and cannot modify your GitHub repositories.

2.4 Communication Data

  • Support tickets and correspondence
  • Feedback and survey responses
  • Email communications and notifications
  • Notification preferences for access updates

3. How We Use Your Information

3.1 Service Provision

  • Provide and maintain Twill's features
  • Generate AI-powered specifications and recommendations
  • Manage your account and subscriptions
  • Enable collaboration within workspaces

3.2 Service Improvement

  • Analyze usage patterns to improve our platform
  • Develop new features and capabilities
  • Monitor system performance and reliability

3.3 Communication

  • Send important service notifications
  • Provide customer support
  • Share product updates and announcements (with your consent)
  • Manage waitlist status and access notifications

4. Third-Party Services

We use the following third-party services that may process your data:

4.1 Analytics and Observability

  • PostHog: Usage analytics and product insights
We collect usage data including your prompts and messages sent to the AI agent to understand how users interact with Twill and improve the product experience. This data is subject to a 14-day retention policy and is automatically deleted after this period. Analytics data is used solely to derive usage behavior patterns and improve service quality—it is never used to train AI models.

4.2 Infrastructure and AI

  • Vercel: Application hosting and deployment
  • Anthropic: AI model services for code analysis and specification generation
  • OpenAI: AI model services for code analysis and specification generation
  • Modal: Cloud-based isolated sandbox environments for secure AI code execution
  • Daytona: Remote development sandbox environments
We comply with the usage policies and data retention policies of our AI providers (Anthropic, OpenAI). Your prompts and code sent to these providers are processed according to their respective terms of service and are not used to train their models when accessed via API.

4.3 GitHub and Email Services

  • GitHub: Repository access and code analysis (read-only permissions)
  • Resend: Email delivery and communication services

4.4 Waitlist Management

  • GetWaitlist: Waitlist management and user queue processing
Each third-party service has its own privacy policy. We only share data necessary for service functionality and choose providers with strong privacy commitments.

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 We Do Not Train AI Models on Your Data

Your prompts, code, and codebase content are never used to train AI models. When you interact with Twill, your data is processed solely to provide the service (e.g., generating specifications, analyzing code). We do not use your content to train, fine-tune, or improve any AI models—ours or third-party providers'.

5.3 Limited Sharing

We may share your information only in these circumstances:
  • With your consent for specific purposes
  • Service providers who help operate Twill (under strict confidentiality agreements)
  • Legal requirements if required by law, court order, or to protect our rights
  • Business transfers in case of merger, acquisition, or sale (with notice)

5.4 Workspace Data

Information you share within workspaces is accessible to other workspace members as part of the collaboration features.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:
  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication systems
  • Employee training on data protection
However, no internet transmission is 100% secure. We cannot guarantee absolute security but continuously work to improve our protections.

6.1 Sandbox Environment Security

When AI agents execute code on your behalf, they operate in isolated sandbox environments provided by third-party providers (Modal, Daytona). We implement:
  • Encryption: Environment variables and secrets you configure are encrypted at rest using AES-256-GCM authenticated encryption
  • Isolation: Resource-limited containers (CPU, memory, disk quotas) provided by sandbox providers
  • GitHub Access: Twill's application code enforces access controls—agents cannot directly push code to repositories and are limited to reading repository code and creating pull requests (you retain control over merging)
  • Webhook Verification: HMAC-SHA256 signature verification with timing-safe comparison for GitHub webhooks
Despite these measures, sandbox environments process sensitive information including repository code, environment variables, and secrets you configure. You should not store highly sensitive production credentials in Twill sandboxes.

7. Data Retention

We retain your data for as long as necessary to:
  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements

7.1 Account Data

Retained while your account is active and for up to 2 years after account deletion (unless longer retention is required by law).

7.2 Usage Analytics

Aggregated and anonymized usage data may be retained longer for service improvement purposes.

8. International Data Transfers

As Twill uses global third-party services, your data may be transferred to and processed in various countries worldwide.

9. Your Rights

You may have certain rights regarding your personal data, subject to applicable laws. These may include:
  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Unsubscribe from marketing communications
To exercise these rights, contact us at dan@twill.ai.

10. Cookies and Tracking

10.1 Essential Cookies

We use necessary cookies for:
  • Authentication and session management
  • Security and fraud prevention
  • Basic site functionality

10.2 Analytics Cookies

With your consent, we use analytics cookies to understand how you use Twill and improve the service.

10.3 Cookie Management

You can control cookies through your browser settings, though disabling essential cookies may affect functionality.

11. Children's Privacy

We don't knowingly collect personal information from children. If you believe we've collected information from a child without proper consent, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of material changes by:
  • Email notification
  • Prominent notice in our service
  • Updating the "Effective Date" above
Your continued use after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or concerns, please contact us at:
Chainlit SAS
Email: dan@twill.ai
Chainlit SAS
France
Last updated: August 15, 2025