# Security (/security)



StarSling is built with security as a core principle. Your code and secrets are protected at every layer.

<Cards>
  <Card title="Data Handling" href="/security/data-handling" description="What data we access and retain" />

  <Card title="Compliance" href="/security/compliance" description="Certifications and practices" />

  <Card title="GitHub App Permissions" href="/configuration/github-app-permissions" description="What permissions we request and why" />
</Cards>

## Security Highlights

* **Secrets never touch StarSling** - Passed directly from GitHub to runner
* **Ephemeral, hardware-isolated sandboxes** - Each job runs in its own single-use microVM, destroyed after the run — the same isolation as GitHub-hosted
* **Encrypted everywhere** - TLS 1.3 for all communications
* **Minimal data retention** - Logs deleted within 24 hours