Twilio Privacy Notice
Effective December 19, 2024 Last Updated: November 12, 2024 (View the prior version of our privacy notice here)
The Privacy program of Twilio Inc. and its group companies (‘Twilio’, ‘we’ or ‘our’) is built on our Binding Corporate Rules ('BCRs'), which serve as our code of conduct that governs our global processing of personal data.
In order to provide products and services to our customers and conduct our day-to-day business operations, including the operation of our websites, we collect, use and share, or otherwise process personal data about our customers, our customers’ authorized users ('end users') and their customers, our website visitors and business contacts.
Personal data is any information that directly identifies you, such as your name and email address, or that indirectly identifies you, for example a phone number or device identifier.
The personal data we may collect and process about you varies depending on our relationship with you. We may have a direct relationship with you because you have set up an account or consented to receive marketing communications from us, or we may have an indirect relationship with you via your relationship with one of our customers; for example you may be their employee or their customer.
We take privacy, data protection and our legal obligations very seriously. We are committed to being transparent with you about how we use personal data. This Privacy Notice aims to describe our privacy practices in a clear, accessible and easy to understand way and to let you know how you can exercise your rights in relation to your data.
This Privacy Notice applies where Twilio processes personal data as a data controller, in connection with the products and services we provide to our customers (“Services”) and the operation of our business, including our websites. As a data controller, we determine the purpose (why) and means (how) of personal data processing and are ultimately responsible for the correct handling of your data, in accordance with applicable law.
This Notice does not apply to the Personal Data we process in relation to job applicants. This is covered by our Global Applicant Privacy Notice.
We also process personal data for most of our Services as a data processor. As a data processor, we process personal data related to our customers' employees, end users and customers on behalf of our customers to provide Services to them in accordance with their instructions. These instructions are set out in our customer agreements, Data Protection Addendum, service specific terms or through a customer's use or configuration of a product feature. You should contact these organizations directly for information about how they process your personal data as a data controller and to exercise your rights in relation to that data.
Contents of our Privacy Notice
How Long We Retain Personal Data
Your Rights and Choices About Your Data
How To Exercise Your Rights and Choices
The personal data we collect about you depends on your relationship with us and the purposes for which we process that personal data. The following describes the types of personal data that we collected and disclosed for a business purpose in the preceding 12 months.
Personal Data You Share With Us Directly
Contact Information - When you sign up for a Twilio, Sendgrid or Segment account and use any of our products and services, request product information, ask for a call from our sales team, or participate in events, we ask you to provide us with your name, company name, business address, phone number, email address and other contact information. We also ask you to create a password and name your account (or accounts, if you have more than one).
Customer Account Data - We process certain personal data to manage our relationship with you and administer you or your company’s account. This includes purchase history, names or contact information of individuals authorized to manage the Twilio account on behalf of our customer to set up, access and manage billing. We also collect personal data required to administer use of your account and the Services, and information to allow us to verify your identity for Know Your Customer or other identity verification purposes.
Customer Content - We receive and store the content of communications received from you or our customers and other personal data uploaded to the Services or generated for our customers’ use as part of the Services, which we may be authorized by you or our customer to use, where necessary for specific legitimate business purposes and in accordance with applicable law.
Marketing and Contact Preferences - We use information about how you would like to be contacted and choices you have made to send you marketing communications.
Payment Information - In connection with products and services you pay for, we ask you to provide our payment processor with your payment method information like a credit card or your Paypal account and your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our Services. Our payment processor will share your billing address with Twilio for this purpose.
Personalization Details - Some of our products, such as our short code service, may require you to complete an application form by providing details about your or your company’s intended use of the product to determine eligibility for these products.
Professional Information - The information we process about you with respect to your employment or profession, including company, job title, email address, phone number and online business networking profile.
Subscriber Records - For some of our communications products, we may also obtain proof of identity from you or our customer that includes a proof of address, name, physical address, or other identification information. For example, to use our Trust Hub or to obtain a phone number in certain countries, local law may require us to have a physical service address on file for the individual who will be using that Twilio number, whether that’s you or our customer's end user.
Support and Feedback - When you interact with us on our websites (including via our Help Center Assistant), through our AI chatbot, over the phone or via email, we process the phone number or email address that you use, the content of your interaction and the feedback you provide about our services. You may also provide us with feedback about our Services in surveys and questionnaires. We will let you know when a call may be recorded, in accordance with applicable law.
Personal Data We Generate or Collect Automatically
Communications Usage Data - When you or our customers use Twilio communications products, we collect electronic communications metadata, such as phone numbers and routing information, the source and destination of a communication, location of the device generated in the context of delivering the communication, date, time, duration and type of communication, status of the message, error data and traffic records.
Device Information and IP Addresses - When you use our account portal, we collect your IP address and device information through tracking technologies like cookies, web beacons, pixels, and similar technologies. We also collect IP addresses when you make requests to our APIs and in our server logs. Additionally, we collect information about your device, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, unique identifiers, and general location information such as city or town when you use our account portal. We do not collect precise geolocation information.
Online Activity Information - When you visit Twilio websites, including our web forms, we use tracking technologies such as cookies, web beacons, and pixels to collect the following data: your device and browser, time zone setting, web pages visited, products you view or search for, page response times, download errors, length of visits to certain pages, page interaction information, IP address.
Security Identifiers or SIDs - When you sign up for an account with Twilio, we’ll automatically assign you and each of your accounts a unique security ID and generate an API token for each account. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.
Customer Proprietary Network Information - When you use certain US voice-based communications services, Twilio collects information associated with your service usage. This includes information such as the number of phone calls, call destinations, call locations, type, and service configuration, and is known as Customer Proprietary Network Information (CPNI). CPNI does not include information such as your name, address, phone number, or the content of phone calls. We use CPNI to market Twilio-related products or services to which you are not already subscribed unless you have exercised your right to opt out. For information about your CPNI choices, see the section “Your Rights and Choices About Your Data” below.
Personal Data Collected From Other Sources
Add-On Service Data - In the event you purchase our services through one of our Add-On Partners, they may share your personal data with us to fulfill their contractual obligations. Add-On Partners may share your personal data in the form of leads when you download Twilio content on the Add-On Partner’s website or you participate in events and webinars of which Twilio is a sponsor.
Professional Data - We collect certain personal data such as employment or professional information from sources other than you. We may combine this data with other personal data that you share with us.
Publicly-Available Sources - We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from third party providers, such as your industry, the size of your company, and your company’s website URL.
Social Media Data - Social media service providers such as Google, LinkedIn, and Meta may provide us with information about you, in accordance with your privacy settings on those sites.
Telecommunication Data - We receive communication-related data from telecommunications operators, aggregators and carriers that may include phone type, carrier history, SIM status and history, city and/or country where phone was first registered, contract and account type, IP address city and/or country and a validation result of personal data provided by our customer and whether it matches data held by the carrier.
The purposes for which we process personal depends on your relationship with us. We only use personal data that is necessary to fulfill the specified purposes listed below as applicable to you and in accordance with applicable data protection law.
Purpose
Personal Data Processed
Legal Basis for Processing
Creating and managing accounts, including verification of the identity of our customer’s end user for Know-Your-Customer (KYC) or identity verification purposes.
Add-On Service Data
Contact Information
Customer Account Data
Online Activity Information
Payment Information
Professional Information
Subscriber Records
Legitimate Interest
Legal Obligation
Carrying out Twilio’s core business operations, such as account administration, accounting, auditing and compliance, business analytics, filing taxes, finance, forecasting, consolidated management and reporting, product strategy and revenue planning.
Add-On Service Data
Professional Information
Customer Account Data
Support and Feedback
Customer Content
Communications Usage Data
Payment Information
Publicly Available Sources
Social Media Data
Legitimate Interest
Billing and relationship management.
Add-On Service Data
Contact Information
Communications Usage Data
Payment Information
Legitimate Interest
Providing, optimizing and maintaining our services, platform, including debugging and troubleshooting.
Add-On Service Data
Subscriber Records
Online Activity Information
Communications Usage Data
Customer Content
Device Information
Legitimate Interest
Preventing, detecting and investigating security incidents and managing the security of Twilio’s platform, services, websites and accounts.
Add-On Service Data
Communications Usage Data
Customer Content
Device Information
Online Activity Information
Payment Information
Subscriber Records
Telecommunication Data
Contact Information
Legitimate Interest
Legal Obligation
Determining eligibility for certain products.
Add-On Service Data
Contact Information
Payment Information
Personalization Details
Subscriber Records
Legitimate Interest
For routing and connectivity purposes to send messages on behalf of our customers, including transmitting, distributing and exchanging communications using phone numbers, either through the public switched telephone network or other communications networks.
Add-On Service Data
Communications Usage Data
Legitimate Interest
Providing customer support, including responding to your requests and communicating with you about your account and use of the services, including suspicious activity or security alerts.
Contact Information
Customer Content
Communications Usage Data
Professional Information
Support and Feedback
Other personal data provided by requestor
Legitimate interest
Sending important notifications about our products and services.
Add-On Service Data
Contact Information
Customer Account Data
Legitimate Interest
Complying with legal and regulatory obligations, telecommunication provider requirements and communications industry codes of practice.
Subscriber Records
Customer Content
Communications Usage Data
Legal Obligation
Legitimate Interest
Sending marketing communications in accordance with your marketing preferences.
Add-On Service Data
Contact Information
Marketing and Contact Preferences
Professional Data
Publicly Available Sources
Social Media Data
Legitimate Interest
Consent
Analyzing your interest in our products and delivering marketing campaigns that are relevant to you.
Add-On Service Data
Contact Information
Marketing and Contact Preferences
Professional Data
Publicly Available Sources
Social Media Data
Legitimate Interest
Consent
Deploying cookies and other tracking technologies in accordance with your online settings.
Add-On Service Data
Contact Information
Marketing and Contact Preferences
Professional Data
Social Media Data
Legitimate Interest
Consent
Understanding how visitors navigate our websites, and tracking and optimizing the performance of our advertising activities.
Device Information
Online Activity Information
Publicly Available Sources
Social Media Data
Legitimate Interest
Understanding how customers are using our platform and improving the website navigation experience.
Add-On Service Data
Contact Information
Marketing and Contact Preferences
Online Activity Information
Professional Data
Legitimate Interest
Consent
Conducting questionnaires and surveys to improve our products and provide training to our employees.
Add-On Service Data
Contact Information
Customer Account Data
Marketing and Contact Preferences
Personalization Details
Professional Data
Support and Feedback
Legitimate Interest
Consent
Managing your participation in our events and webinars and granting you access to whitepapers and on-demand resources.
Add-On Service Data
Contact Information
Customer Account Data
Marketing and Contact Preferences
Professional Data
Support and Feedback
Legitimate Interest
Consent
Collecting sales insights and performing lead scoring.
Contact Information
Professional Data
Publicly Available Sources
Social Media Data
Legitimate Interest
Developing our business by updating, expanding, and analyzing our customer relationship records.
Contact Information
Marketing and Contact Preferences
Payment Information
Professional Data
Publicly Available Sources
Social Media Data
Legitimate Interest
Consent
Identifying potential job candidates.
Publicly Available Sources
Social Media Data
Legitimate Interest
Developing or improving our products and services, including anonymizing, de-identifying, pseudonymizing and aggregating personal data for this purpose.
Communications Usage Data
Customer Content
Personalization Details
Support and Feedback
Legitimate Interest
As otherwise authorized by you or our customer in Service specific terms or through your or our customer’s use and configuration of features in a product.
Data used will vary based on customer authorization
Legitimate Interest
Protecting the health and safety of our employees, visitors and our properties.
Contact Information
Customer Account Data
Legal Obligation
Protecting the rights and freedoms of individuals, meeting legal obligations, including complying with valid court orders, disclosure requests, subpoenas, and other appropriate legal mechanisms and complying with telecommunications providers requirements and communications industry codes of conduct.
Add-On Service Data
Communications Usage Data
Customer Content
Device Information
Online Activity Information
Marketing and Contact Preferences
Payment Information
Subscriber Records
Telecommunication Data
Legal Obligation
Legitimate Interest
We disclose personal data to third parties in limited circumstances in order to provide the Services and to otherwise run our business. Below are the different scenarios under which we may disclose your data to third parties.
Telecommunications Service Providers
Twilio’s communications products provide an easier way for developers to build applications that make use of the publicly switched telephone network (PSTN) to send communications. Therefore, we engage with a global network of telecommunications operators, aggregators, carriers and other communication service providers (collectively, “telecommunications service providers”) as necessary to route and connect those communications from the sender to the intended recipient. How telecommunications service providers handle this data is generally determined by their own policies and local regulations.
Where telecommunications service providers transmit the content of a communication, they function neither as data controllers nor data processors, instead they act simply as a conduit to transmit communication content. In the event telecommunications services providers process any personal data for their own purposes such as communications metadata required to transmit the message, or for billing or fraud prevention purposes, they also act as data controllers.
We may have to share Subscriber Records with local government authorities or local telecommunications carriers that provide connectivity services. However, we don’t share subscriber records for purposes other than this, and we treat these records with our highest confidentiality.
Other Communications Service Providers
For proper routing and connectivity, Twilio also enables sending or receiving communications through communications service providers that do not use the PSTN, these are referred to as Over-the-Top (OTT) communications service providers. If you or our customer chooses to use Twilio to send or receive communications by way of these providers, Twilio will disclose communications content and other data to these providers as necessary to route and connect those communications from the sender to the intended recipient. How those OTT communications service providers, as data controllers, handle this data is determined by their own policies and local regulations.
Third Party Service Providers
Twilio engages third-party vendors and service providers to carry out certain personal data processing functions on our behalf. These providers are limited to only accessing or using personal data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.
Add-On Partners
Add-ons are additional features, functionality or services offered by Twilio’s Add-on partners (who are third parties not affiliated with Twilio). Twilio may make Add-ons available through the Twilio Marketplace. Some Add-ons may need to access or collect some of your information, including personal data. If you choose to use an Add-on, Twilio will disclose your information to the Add-on partner so you can use the Add-on. Twilio does not control Add-on partners’ use of your information and their use of your information will be in accordance with their own policies. If you do not want your information to be disclosed to an Add-on partner, then you should not use the Add-on.
Twilio Group Members
We may disclose your personal data among Twilio Group Members. Twilio Group Members will only use the information as described in this Privacy Notice. Twilio Group Members are listed in Appendix 1 in our Binding Corporate Rules.
Compliance with Legal Obligations
We may disclose your personal data to a third party if:
- we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements);
- to enforce our agreements and policies;
to protect the security or integrity of our services and products;
to protect ourselves, our other customers, or the public from harm or illegal activities; or
to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury.
For more details, please see the procedure laid out in our Binding Corporate Rules.
If Twilio is required by law to disclose any personal data about you, we will notify you of the disclosure requirement to the extent legally permitted and where Twilio determines such disclosure will not interfere with an ongoing investigation. Further, we object to information requests we do not believe were issued properly.
Business Transfers
In connection with a corporate sale, merger, reorganization, dissolution or similar event, personal data about you may be part of the assets transferred or disclosed in connection with the due diligence for any such transaction. If required by law, we will notify you prior to such a transfer and provide you with information about any choices you may have with respect to your personal data.
Aggregated, Anonymized or De-identified Data
Aggregated, anonymized and de-identified data may be derived by Twilio from your personal data but is generally not considered personal data under data protection law as this data does not directly or indirectly reveal your identity. We may use and disclose de-identified, anonymized or aggregated data to third parties. We do not disaggregate or reidentify de-identified data.
As a global organization, we may need to transfer your personal data to Twilio affiliates, contractors, service providers and third parties in various countries and jurisdictions around the world. When we transfer your personal data, we take care to use appropriate safeguards to ensure your personal data remains protected.
Data Transfers to the United States and Elsewhere
When you use our account portal, or our other products and services, your personal data may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate.
Safeguards for Data Transfers
Twilio employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law.
EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF“)
As set forth by the U.S. Department of Commerce Twilio is officially certified under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF and relies on these certifications as its primary transfer mechanisms for transfers of personal data from the EU and Switzerland to the U.S. Twilio adheres to the DPF principles for onward transfers of personal data to third parties and remains liable for damages caused by third parties under the DPF unless Twilio did not cause the event giving rise to damage. The U.S. Federal Trade Commission has jurisdiction over Twilio’s compliance with the DPF. To learn more about the DPF Program, and to view our certifications, please visit the DPF website.
Twilio’s Binding Corporate Rules
Twilio has established and implemented a set of Binding Corporate Rules for internal transfers of personal data between Twilio Group Members in the European Union and Twilio Group Members elsewhere as a data controller. Twilio’s BCRs have been approved by European Union Data Protection Authorities and are a commitment by Twilio to adequately protect personal data that Twilio processes regardless of where the information resides. You can access Twilio’s BCR-Controller Policy here.
Where neither the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, Swiss-EU DPF nor Twilio's BCRs apply, we rely instead on other data transfer mechanisms to transfer personal data outside the EEA, the UK, and Switzerland, such as Standard Contractual Clauses and the UK’s International Data Transfer Agreement.
APEC CBPR & PRP Participation
Twilio’s privacy practices, described in this Privacy Notice, comply with the APEC Cross Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems. The APEC, CBPR and PRP systems provide a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC framework can be found here.
To protect personal data from loss, or unauthorized use, access or disclosure, Twilio uses reasonable and appropriate security measures designed to protect the security of your personal data both online and offline. These measures vary based on the sensitivity of the personal data we collect, process and store and the current state of technology. All systems used to support our business are governed by Twilio’s Information Security Policy and Standards which are built on industry standards and best practices such as the ISO 27001 and NIST standards. More information about our security measures can be found in our Security Overview.
We endeavor not to retain personal data in a form which permits identification of individuals for longer than is necessary for the purposes for which that data is processed. We retain personal data in accordance with Twilio's record retention policies and guidelines as revised and updated from time to time.
Twilio will store your Customer Account Data as long as needed to provide you or our customer with the Services and to operate our business. If you ask Twilio to delete specific personal data from your Customer Account Data (see ‘Your Rights and Choices About Your Data’ below), we will honor this request, unless deleting that information prevents us from carrying out necessary business functions, such as billing for our services, calculating taxes, or conducting required audits.
Depending on the data protection laws applicable to you, you may have the following rights in relation to your personal data that we process as a data controller:
that we provide details about the categories of personal data that we collect about you, including how we collect and share it;
that we provide you access to, and a copy of, the personal data we collect about you;
that we update or correct any inaccurate personal data we have about you;
that we delete the personal data we have about you;
that we restrict processing of personal data about you;
that we provide you with your personal data in a structured, commonly used format and to transmit that information to another controller, and where feasible, transmit the information directly;
that we provide you with the right to object to the processing of personal data, including profiling;
that we provide you with a free, easy mechanism to object to use of your personal information for direct marketing purposes;
that you not be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly affects your individual rights;
to withdraw your consent; and
to complain to a competent supervisory authority and/or to commence proceedings in a court of competent jurisdiction.
Twilio will honor your rights subject to limitations in certain situations, such as where Twilio can demonstrate that it has a legal requirement or legitimate interest to process your data or can legitimately apply an exemption to the exercise of a right under applicable law. More information about these rights can be found in our Binding Corporate Rules Controller Policy Rule 10.
If you are a US resident interested in what personal data we have disclosed lately for our business purposes, here’s a list:
Identifiers
Commercial information
Financial information
Internet or other electronic activity information
Geolocation information
Professional or employment information
By “our business purposes,” we mean that we only disclose personal data as we describe in the section "How We Disclose Personal Data" above. Also, as described in the “How We Use Cookies & Other Tracking technologies” section below, we process personal data to deliver ads targeted to your interests on other companies’ websites and mobile apps. Some of these activities may be considered “sharing” or “targeted advertising” under certain laws. You have the right to opt out of the processing of your personal data for targeted advertising, and can do so by adjusting your preferences using our Cookie Preferences Tool located on the bottom right of the Twilio website you are visiting. Any choices concerning cookies are browser and/or device specific. If you clear your cookies from your browser on any of your devices, your choices will need to be reset.
You also have the right to request the restriction of processing of your sensitive personal information. Where applicable, the respective sensitive personal information will be marked accordingly and may only be processed by us for certain purposes. At the current time, however, we do not use or disclose sensitive personal information for purposes other than those expressed in this Privacy Notice or otherwise permitted by applicable law, and these uses cannot be limited under California law.
You may have additional rights under our Binding Corporate Rules in the EU. For example, where you believe your personal data has been transferred by an EU-based Twilio company to our US headquarters and processed by the US company in breach of the Binding Corporate Rules, you may have a right to:
Lodge a complaint with the Twilio company that transferred your data outside Europe;
Lodge a complaint with the supervisory authority in the same country as the Twilio company that transferred your data outside Europe; and
Bring a court action against the Twilio company that transferred your data outside Europe.
If Twilio processes your personal data as a data processor on behalf of a customer, we will either direct you to contact our customer to exercise your rights.
The following sections provide information about how to exercise certain rights in relation to your personal data. To exercise any other rights, please contact us at [email protected].
Accessing and Controlling Account Data
As part of the services we provide to our customers, we provide you with a number of self-service features at no additional cost within the Twilio console itself, including the ability to access your data, update any incorrect data, download a copy of your data, delete your data, or restrict the use of your data. You can make various choices about your Customer Account Data through the account portal when you log into your Twilio account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by contacting Customer Support.
Closing Your Account and Deletion
To request closure or deletion of your Twilio account, you can contact Customer Support. Please be aware that closure or deletion of your Twilio account will result in you permanently losing access to your account and the data in the account. After closure of your account, certain information associated with your account may remain on Twilio’s servers in an aggregated form that does not identify you. Similarly, after you close your account, we will retain data — including personal data — associated with your account that we are required to maintain for legal purposes or for necessary business operations (see “How Long We Retain Personal Data” section above) until it’s no longer needed.
In some instances, we will need to verify your identity before honoring your request. We will generally verify your identity by asking you to provide personal data related to your recent interactions with us. Thereafter, we will process your request and inform you of any decisions we have made about your request. Additionally, you may exercise your privacy rights through an authorized agent. If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us at [email protected].
We won’t discriminate against you or change the price of our services if you make a request, but if you ask us to delete your data, it may affect your ability to use our Services.
Customer Proprietary Network Information (CPNI)
As an individual Twilio account holder or as an authorized representative of a Twilio customer in the US, you have the right to restrict Twilio’s use of CPNI. To opt-out of the use of CPNI data related to your Twilio account to market other Twilio products and services based on your usage of our products, click here. Please note that, if you have subscribed for the services on behalf of an organization, the CPNI relates to the service usage by that organization and not you individually. Opting-out of the use of CPNI for marketing will not unsubscribe you from other types of marketing contacts from Twilio and will not affect the status of the services you currently have with us. Your approval or opt-out of the use of your CPNI outside of the services to which you are already subscribed is valid until you affirmatively revoke or limit such approval.
Communication Preferences
You can opt out of receiving marketing communications from us at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from Twilio. You can also update your communication preferences using our online form or contact our Customer Support Team to communicate your choice to opt out. Please note that it may take up to three days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request. You will not be able to opt out of service emails from us, such as password reset emails, billing emails, or notifications of updates to our terms, unless you deactivate your account.
Twilio uses common information gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites, your account or when you interact with emails we send to you.
Cookies
A cookie is a small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow Twilio to identify your device as you navigate our websites or your account. This makes navigating and interacting with our websites or your account more efficient, easy and meaningful for you.
Twilio uses both session and persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off.
The cookies on our websites fall into three categories: (1) Required Cookies, (2) Functional Cookies, and (3) Advertising Cookies. To learn more about each category of cookie, you can visit our cookie consent tool by clicking on the “Cookie Preferences” link on the bottom right of the Twilio website you are visiting.
Manage Your Cookie Preferences
Twilio uses a cookie consent tool, which you can utilize to customize your cookie preferences. When you visit our website for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences at a later date, you can easily do so by clicking on the “Cookie Preferences” link on the bottom right of the Twilio website you are visiting. Please note that Required Cookies cannot be disabled and if you decide to opt-out of Functional Cookies, certain functionality of our websites or your account may be impacted. Any choices concerning cookies are browser and/or device specific. If you clear your cookies from your browser on any of your devices, your choices will need to be reset.
Manage Cookies Using Your Browser
In addition to using our Cookie Consent tool, you can use your browser settings to opt out of Functional Cookies and Advertising Cookies. For more information on how to do that, click here. To manage privacy and storage settings for cookies, click here.
Universal Opt-Out Mechanisms
Global Privacy Control (GPC) and Do Not Track (DNT) are tools that you can use to inform websites of your privacy preferences in regard to ad trackers. To set up GPC, you can visit the Global Privacy Control page. To set DNT, you can visit the All About DNT page. Please note that this may impact the functionality of our websites or your account.
Opt Out of Advertising Cookies
To learn more about how to opt out of targeting and advertising cookies, you can go to the Your Online Choices page, the Network Advertising Initiative page, and the Digital Advertising Alliance’s Consumer Choice page. These opt-out tools are provided by third parties, not Twilio. We do not control or operate these tools or the choices that advertisers and others provide through these tools.
Web Beacons
Twilio also uses web beacons to gather data about your use of our websites, your account, and how you interact with emails we have sent to you. Web beacons are clear electronic images that can recognize certain types of data on your computer, like when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon. Additionally, we may put web beacons in marketing emails that notify us when you click on a link in the email that directs you to a Twilio website.
Our products and services are not directed to or intended to be used by children (under the age of 13 in the US and UK, or 16 in the EEA). We do not knowingly permit children to sign up for a Twilio account. If we become aware that a child has signed up for an account, we will take reasonable steps to deactivate the account and remove their personal data from our records as quickly as possible. If you believe an underage person has signed up for a Twilio account, please contact us at [email protected] with the subject line “Children”.
Automated decision-making occurs when an electronic system uses personal data to make a decision about you, without human involvement. Twilio uses automated decision-making leveraging a variety of signals derived from records we collect or obtain from third party vendors, to help monitor, identify, and suspend accounts sending spam or engaging in other abusive or fraudulent activity. If your account is suspended under these circumstances you will be notified of the suspension and given an opportunity to request human review of the suspension decision.
We may rely on other automated decision-making where:
We have notified you of the decision and provided you with the opportunity to request a human review of the decision
It is necessary to perform a contract with you and appropriate measures are in place to safeguard your rights
We have your consent and we have put in place appropriate measures to safeguard your rights
If you have any questions, concerns or complaints about this Privacy Notice or our data protection practices, please do not hesitate to contact our Data Protection Officer by emailing us at [email protected] or by writing to us at any of the following addresses:
Worldwide Headquarters
Twilio Inc.
101 Spear Street, 5th Floor
San Francisco CA 94105
EEA Headquarters
Twilio Ireland Limited
70 Sir John Rogerson's Quay
Dublin 2
D02 R296, Ireland
Complaints
We will endeavor to resolve questions, concerns or complaints you raise with us in accordance with our Complaints Handling Procedure. In the unlikely event that we are unable to resolve your concern, you can find information about your options to seek assistance through independent dispute resolution mechanisms or complaints to your local data protection authority here.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Twilio commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance that are not resolved by any of the other DPF mechanisms. You can find more information in the DPF ANNEX-I-introduction.
If your question or complaint relates to personal data we process as a data processor on behalf of a customer, we will direct you to contact our customer to address your question or complaint.
We will periodically review this Privacy Notice and may change it to address legal, technical or business development requirements. When we change this Privacy Notice, the most current version will be available at https://www/twilio.com/legal/privacy with the date indicating when it was last updated. If we make material changes that affect your rights, we will provide you with advance notice, such as by posting a message in the Twilio console or sending an email to the address we have on file for you. We will comply with applicable law with respect to any changes we make to this Notice. We will also seek your consent to material changes, where required by applicable law.
Twilio offers a range of industry-leading communications and customer data platform services to our customers. Depending on the Service, Twilio may be a data controller and data processor of personal data used to provide the Services.
Twilio processes personal data (Communications Usage Data and Customer Content) for most of our Services as a data processor acting on the instruction of our customer and in accordance with the terms of our agreement with a customer, our Data Protection Addendum, and service specific terms. Our services provide customers with ways to control, access and secure their data.
We also offer customers the ability to store, delete, access, or exercise other choices about their personal data. The ability to make these choices depends on the Twilio product or service being used and how it is being used by a customer. Customers are referred to our API docs for each of our products and services, along with SendGrid’s documentation and Segment’s documentation to find more detailed information about managing personal data collected and stored in connection with their use of our products and services. We also provide an overview of our retention and deletion practices, including how to delete data you control in our support documentation. We provide information about the security measures we use to protect our customer’s data in our Security Overview, and if you are located in a country that requires you to obtain information about our supplemental measures, you may read more about those measures here.
For some of the Services we also act as a data controller where disclosed and agreed to by our customer in the agreement, Data Protection Addendum, product specific terms or via the customers’ use and configuration of a product or feature.As a data controller, Twilio is responsible for the processing of the personal data.
For more detail on our Services, please find information below or by visiting our products page.
Authy
The Authy service is our standalone two-factor authentication (2FA) service for desktop and mobile. The Authy apps generate one time passwords and push notifications that can be used as a part of a two-step verification process with your Authy-compatible accounts to add another layer of security. Authy’s 2FA can be used on its own or with applications that directly integrate with Authy’s 2-factor authentication API.
Due to the nature of the Authy service, Twilio collects the following additional personal data elements to other Twilio services:
Identifiers
Once you open the Authy app, we ask you to provide us with a phone number to create your Authy account. We send a verification code to that phone number to be sure that the person creating the Authy account also has control over the phone number entered. This phone number is considered your “primary device,” and will be the identifier for your Authy account. We use that phone number to identify you, to provide you 2FA services, and to maintain logs for security and anti-fraud purposes. We also collect your email address, and we use it for identity verification and account recovery purposes.
Device Information
When you download and open the Authy desktop or mobile app, we automatically collect information about the type of device you have downloaded the app on and your device identifier. We collect this to ensure we deliver the right version of the app for your device and so that we can provide appropriate follow up support as necessary. We also use your device information to ensure proper delivery of our service and to provide and deliver support and maintenance of the Authy app.
Login History and Authy Account History
When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application you logged in to, that you logged in, and when. If you change your phone number or email associated with your Authy account, we will also keep a log of that. We collect this information to monitor for suspicious activity and also as another piece of information that could be used to verify your identity if we suspect your account may be compromised.
Geolocation information
If you have location services turned on, we collect your location based on your IP address. We use this information for anti-fraud purposes, to check for suspicious activity and as another piece of information we can use to verify your identity if we suspect your account may be compromised.
Frontline Services
To use the Frontline services, you must log in to the Frontline app using a third party account (through your Single Sign-On provider). The authentication of your login details is handled by that third party and we only collect the information you expressly agree to share with us at the time you give permission to link the Frontline app with the third party account. We only gather the information you and our customers give us access to, and we only use it for the purposes for which you and our customers have provided it to us. Please see the Frontline App Terms for specific details about your relationship with us.
SendGrid Services
The SendGrid services also collect additional data in the form of web beacons placed in the body of emails delivered using the SendGrid platform. This allows us to keep track of whether or not an email has been delivered, opened, clicked on, whether it bounced or was treated as spam. You can learn more about web beacons in the section titled “How We Use Cookies and Other Tracking Technologies” above.
Voice Intelligence
Voice Intelligence incorporates artificial intelligence and machine learning to transcribe and analyze voice calls into a structured format that allows our customers to drive their business processes. To translate voice calls into structured content, Twilio processes certain data as a controller, including personal data contained in voice calls disclosed to us by our customer through their use of the service.