Twilio updated its privacy policy on May 1, 2026 by merging its previous standalone statement 'We do not sell your data to third parties' directly into the data disclosure section, and replacing it with a new, more specific commitment that no mobile information will be shared with or sold to third parties for marketing or promotional purposes. Previously, the no-sale commitment was a broad, standalone sentence. Now, it is narrower in scope — limited to mobile information and marketing/promotional purposes — which means other categories of personal data are no longer covered by an explicit no-sale pledge. This matters because consumers who relied on the broader original promise may have weaker protections for non-mobile data.
Twilio has removed its broad, unqualified commitment not to sell personal data to third parties and replaced it with a narrower promise that only covers mobile information and only for marketing or promotional purposes. This means personal data that is not classified as 'mobile information' — such as account data, usage data, or communications data — no longer carries an explicit no-sale guarantee under the policy. You can review Twilio's updated privacy notice directly and, if you are a California resident, exercise your right to opt out of the sale or sharing of personal information under CCPA by submitting a request through Twilio's privacy rights portal.
Twilio no longer explicitly promises not to sell all types of your personal data — only your mobile information is protected from being sold for marketing.
If your company told your own customers that Twilio doesn't sell their data, you may need to update that statement because Twilio's promise is now narrower.
Twilio's prior blanket no-sale promise gave all users clear assurance that none of their personal data would be sold; the new policy only protects mobile information from marketing-related sales, leaving other data categories without an explicit no-sale guarantee. This matters because consumers and downstream businesses may have made decisions — or written their own disclosures — based on the broader original commitment.
This is the 2nd significant Vendor Disclosure Shift change Twilio has made since ConductAtlas began monitoring.
ConductAtlas has recorded 2 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, Twilio has made 3 significant changes.
2 of Twilio's significant changes have been classified as negative for consumers.
Twilio removed its broad, unconditional pledge not to sell any personal data to third parties and replaced it with a narrower commitment limited to mobile information for marketing or promotional purposes only.
The disclosure section was amended to incorporate the narrowed no-sale language inline, while the original standalone no-sale sentence was removed and replaced with a mobile-specific carve-out.
ConductAtlas Policy Archive Entity: Twilio | Document: Twilio Privacy Notice | Record: CA-C-000788 Captured: 2026-05-01 16:28:21 UTC URL: https://conductatlas.com/change/2026-05-01-twilio-twilio-privacy-notice-788/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Twilio removed a blanket 'we do not sell your data to third parties' statement and replaced it with a scope-limited commitment covering only mobile information for marketing/promotional purposes. This change touches CCPA/CPRA disclosure obligations (Cal. Civ. Code §1798.100 et seq.) and GDPR Art. 13/14 transparency requirements. The narrowing of the no-sale pledge creates a potential disclosure gap for non-mobile personal data categories. Compliance officers whose organizations rely on Twilio's privacy representations as part of their own vendor due diligence or DPA language should reassess whether their downstream disclosures to end users remain accurate. Action is required if your organization's own privacy notice or DPA references Twilio's no-sale commitment broadly.
1. CCPA/CPRA — Cal. Civ. Code §1798.100, §1798.110, §1798.115, §1798.120, §1798.135: The removal of a blanket no-sale commitment and its replacement with a category-specific (mobile information only) and purpose-specific (marketing/promotional) commitment may affect CCPA 'Do Not Sell or Share' disclosures. Businesses relying on Twilio as a service provider must re-evaluate whether Twilio's updated commitments still support their own CCPA notices and opt-out mechanisms. California AG and CPPA enforcement guidance on privacy notice accuracy is directly relevant.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000788.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moTwilio updated their privacy notice navigation menu on May 1, 2026 by adding a new item called 'Twilio Messaging Campaign …
Twilio added a new item called 'Twilio Messaging Campaign Terms' to the navigation menu of their Terms of Service document …
Twilio updated its Privacy Notice on April 10, 2026, significantly restructuring how it introduces and explains its privacy practices. The …
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do…
We monitor 200+ platforms and archive every change — verified and timestamped.