Twine uses artificial intelligence to provide services to customers. As the product expands, security and compliance are critical factors in how Twine is designed and architected. Security isn't just a feature in Twine—it's fundamental to the mission of connecting knowledge across organizations.
This article outlines the common security questions. Please reach out to support@twine.so if any of your questions are not addressed.
What is Twine?
Twine is like having a virtual team member that makes sure important information from every customer conversation reaches the right people at the right time. It:
Automatically captures key moments from customer calls - like product feedback, urgent issues, and competitive intel
Organizes and connects these insights to business metrics and account data from the CRM (e.g., Salesforce, Hubspot).
Generates and delivers reports and updates to each team, including via their existing communications tools (e.g., Slack).
Helps teams close the loop with customers by providing targeted, personalized enablement of any product or GTM updates to the relevant account owners.
Think of it as your customer intelligence layer that constantly works in the background to ensure nothing important gets missed and every team has the context they need to make better decisions.
What data does Twine store?
Call recordings
Twine integrates with call recording software (e.g., Gong, Chorus) to extract transcripts and video files for team members that have been selected within Twine. For every call it stores the transcript, participants, video file (if provided), and date/time. If the call bot is used, the user's calendar and events are stored as well.
CRM data
When a call is completed, a look up is done for the customer account and any open opportunities associated with it. To do this, Twine requires read access on account, contacts, opportunities, and stages from the CRM. Twine doesn't write anything to the CRM. The ability to map custom fields (e.g., segment) to customer and opportunity fields is supported as well.
Slack
Slack is used to send messages that you've configured in Twine. This includes sending a digest to a public channel of your choosing and sending personalized enablement via DMs. To do this, Twine requires access to users, channels, the ability to send messages including video files, and read conversations Twine is included in.
User accounts
The name and email address is stored for every user who creates an account in Twine.
Where does Twine store data?
Amazon Web Services (AWS) who is Twine's primary infrastructure provider. All data is stored in the US region. Twine has a multi-tenant architecture.
How do users authenticate in Twine?
Twine offers multiple ways to log in to a workspace. Users can authenticate via Google or by setting a unique password. Customers on the Enterprise plan can use custom SSO/SAML (including Okta, OneLogin, Auth0, and more) as well as SCIM provisioning. Twine supports MFA across all authentication methods.
Does Twine use third party AI models or build their own?
Twine uses Amazon Bedrock to provide their AI services. The current models used are built by Anthropic.
All requests to AI providers are transmitted individually through SSL-encrypted channels, ensuring data security in transit. The LLM providers used maintain strict no-retention policies for both inputs and outputs, ensuring your data isn't stored beyond its immediate use. Twine's AI sub-processors maintain SOC 2 Type II compliance.
Is customer data used to train or improve Twine?
No, Twine has a strict policy against using customer data to train or improve AI models. All data and AI responses are strictly isolated to your workspace and never shared between customers or used for cross-customer training. Please see the Trust Center for all of Twine's policies.
Is Twine SOC 2 Type II certified?
Yes, Twine has independently verified security controls and practices through comprehensive SOC 2 Type II certification. Please see the Trust Center for the full certification report. More compliance standards are planned and security and compliance are a long-term commitment for Twine.