Your data & secrets
Typillar is designed so that the sensitive things — your application data and your credentials — stay on your side or stay encrypted. This page explains where data lives and how secrets are handled.
Where your data lives
Section titled “Where your data lives”Your application data lives in your Cloudflare account — in the D1 databases and Durable Objects your product uses. Typillar does not host a copy of your product’s data; the control plane coordinates builds, it isn’t a datastore for your app. See What you own.
Your code lives in your GitHub repository. The full source and its history are in a repo you own and can read with ordinary Git tools.
How secrets are protected
Section titled “How secrets are protected”To act on your behalf, Typillar holds a few sensitive values: the OAuth tokens from your Cloudflare and GitHub connections, and any model provider key you supply.
- These secrets are encrypted at rest using AES‑GCM — never stored in plain text.
- A provider key is used only to run inference for your builds.
- You can rotate or remove any connection or key at any time; revoking takes effect immediately. See Permissions & access.
In transit
Section titled “In transit”Connections to your accounts and to the console use standard encrypted HTTPS. The docs and console run on Cloudflare’s network with HSTS enabled.
What Typillar does not do
Section titled “What Typillar does not do”- It does not proxy your product’s data through its servers.
- It does not run your model inference — see Zero inference on our servers.
- It does not keep your credentials in plain text.
Related
Section titled “Related”- Permissions & access — what access is granted and how to revoke it.
- Models & API keys — how provider keys are stored.