Table of contents

Twist Security Policy

Our users trust us with their team’s conversations, knowledge, and files. That’s a responsibility we take seriously.

At Twist, we maintain a security system that:

  • Prevents all unauthorized access;
  • Supports continuous monitoring for potential vulnerabilities; and
  • Embraces ongoing, proactive improvement to stay on top of the latest security tools and threats.

Data Protection

In Transit

All user data­­ including channel names, threads, comments, uploaded files, account information, and payment information­­ are sent using SSL/HTTPS secure channels with a bank ­standard encryption.

At Rest

We use Amazon Web Services (AWS) servers to host all user data. We make extensive use of their built-­in firewalls to protect your data against unauthorized remote access.

All user data are stored and encrypted at rest.

AWS data centers undergo annual certifications to ensure they meet the highest standards of physical and virtual security. You can find more information on AWS security practices at http://aws.amazon.com/security/.

All data included in cloud storage attachments (such as Dropbox, Google Drive and One Drive) remain on those companies’ servers and are covered by their respective security policies and practices. We are not responsible for any data breach or loss with files uploaded to Dropbox and Google Drive.

Data Reliability

All user data are automatically backed up on AWS servers with multiple redundant copies.

Report a Vulnerability

If you have discovered a security vulnerability on Twist, please let us know right away on support@twist.com. We will do our best to fix these right away.

Account Access & Confidentiality

We verify account access through both email/password­-based authentication and Google Accounts authentication via OAuth 2.0.

When email/password-­based authentication is used, we always store individuals passwords with unique salts to add an extra layer of protection to your account.

Alternatively, OAuth provides a seamless way to create and access your account without Twist ever needing to access or store your Google log­in credentials.

At Twist, we understand the importance of your business data and information. We have strict control over internal personnel's access to your data and information. We are committed to ensuring that your data and information is not accessible to anyone who is not authorized by our Customers. Due to the nature of software service, some of our developers may need to access your data for troubleshooting and performing diagnosis. These developers are under strict supervision and cannot access your data unless deemed necessary and authorized by our Customer.

Twist Admin Controls

For Twist accounts, we provide three different user roles with different levels of access: admin, member, and guest. Learn more in the Roles and Permissions article.

Account admins can manage billing information as well as change users’ roles and permissions.

Data Privacy

We make it a priority to be transparent in how we collect, use, and handle your information when you use our website and software. Please see our full privacy policy for more details.