Security Model
How Humrun keeps your scripts and data safe.
Script isolation
Each script runs in its own temporary directory that's destroyed after execution. Scripts cannot access each other's code, state, or environment variables.
Restricted modules
For security, scripts cannot import potentially dangerous modules like subprocess, socket, or sys. See Scripts for the full list.
Resource limits
Scripts are constrained by:
- Memory: 128 MB maximum
- Timeout: 30 seconds (Free) or 2 minutes (Pro)
- State: 64 KB maximum
These limits prevent runaway scripts from affecting the platform.
Network access
Scripts can make outbound HTTP/HTTPS requests but cannot:
- Listen on ports
- Accept incoming connections
- Access internal infrastructure
Environment variables
Environment variables are:
- Sanitized (uppercase only, no reserved prefixes)
- Read-only during script execution
- Not logged or exposed in run output
What we have access to
As the platform operator, we have access to your script code, run output, and state data. We need this to run your scripts.
We do not sell or share your data.
Reporting issues
If you find a security issue, email support@humrun.io.