Segment updated its privacy policy on May 19, 2026 to provide more detailed disclosure of its Data Privacy Framework (DPF) compliance certifications and mechanisms. The policy now explicitly states that Twilio Inc. and subsidiary Stytch Inc. have certified compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF frameworks, and clarifies that if these frameworks conflict with other policy terms, the DPF Principles govern. The policy also added specific opt-out rights for third-party disclosure and non-originally-authorized uses of personal data, and replaced a reference to a dispute resolution provider with the named provider JAMS.
The updated terms establish clearer disclosure of how Segment transfers personal data internationally. Segment now explicitly certifies its compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, and states that these DPF Principles take precedence if they conflict with other policy terms. The updated policy also adds specific rights allowing you to opt out of: (i) disclosure of your personal data to third parties other than service providers acting under Segment's instructions, or (ii) use of your personal data for purposes materially different from the original purpose or your subsequent authorization. You can exercise these rights by contacting privacy@twilio.com.
The updated terms establish explicit legal compliance commitments and international transfer mechanisms for personal data from regulated jurisdictions. By certifying DPF compliance and stating that DPF Principles take precedence, Segment provides clearer legal grounding for cross-border data transfers from the EU, UK, and Switzerland to the U.S. The addition of specific opt-out rights for third-party disclosure and non-authorized uses strengthens transparency and user control mechanisms for affected data subjects. Organizations relying on Segment must ensure their own compliance documentation and vendor management accurately reflect these mechanisms.
→ Review the Data Privacy Framework program information at https://www.dataprivacyframework.gov/ to understand your protections
→ Contact privacy@twilio.com if you wish to opt out of third-party disclosure of your personal data or use of your data for non-originally-authorized purposes
→ Your personal data will be transferred across borders under the Data Privacy Framework mechanisms as stated, unless you affirmatively opt out.
→ If Segment processes your data in a way that violates DPF Principles, Twilio remains liable unless it proves it was not responsible for the violation.
Segment explicitly certifies compliance with EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF, and states DPF Principles take precedence over conflicting policy terms.
Added explicit opt-out mechanism for third-party disclosure and non-originally-authorized uses of personal data, exercisable by contacting privacy@twilio.com.
Policy establishes that Twilio remains liable for DPF violations by third parties processing data on Twilio's behalf unless Twilio proves non-responsibility.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If you use Segment to process EU, UK, or Swiss personal data, Segment now commits to DPF compliance and you should disclose this in your own privacy notices.
You can now opt out of Segment sharing your data with third parties and using your data for new purposes not originally disclosed, by contacting privacy@twilio.com.
+ 1 more obligation changes. Full breakdown available with Monitor.
Track changes →Segment updated its privacy policy to provide more granular disclosure of Data Privacy Framework compliance and certification status, and to establish explicit opt-out mechanisms for third-party disclosure and non-originally-authorized uses of personal data. The policy now states that DPF Principles take precedence over conflicting policy terms. For organizations using Segment, this change affects how they represent Segment's international data transfer safeguards to their own customers and regulators, particularly for EU, UK, and Swiss data subjects. Organizations should verify whether their Data Processing Agreements, Standard Contractual Clauses, and privacy notices accurately reflect these updated mechanisms and whether downstream disclosure to their own customers requires updating.
GDPR (Chapter V, Articles 44-49 regarding international data transfers); UK GDPR (Chapter V); Swiss Federal Data Protection Act (Articles governing adequacy of safeguards); US Department of Commerce Data Privacy Framework oversight
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002187.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorSegment updated its privacy policy on May 22, 2026 to add two new provisions and clarify one existing process. The …
Segment updated its Terms of Service on May 9, 2026, removing Mexico-specific terms from Section 10.5 and replacing Japan-specific dispute …
Segment updated its Terms of Service on May 5, 2026 to restructure dispute resolution and country-specific terms. The agreement previously …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.