Twilio removed two references from its Terms of Service navigation and index on July 3, 2026. The document previously listed 'GDPR Customer Data Protection Addendum' and 'Supplier Data Protection Addendum' as separate line items in the legal terms navigation; the updated version consolidates these into single references titled 'Customer Data Protection Addendum' and 'Supplier Data Protection Addendum' without the regulatory prefix. This is a structural reorganization of how data protection documentation is presented in the terms index, with no apparent change to the underlying data protection agreements themselves.
This change reflects a reorganization of how Twilio presents its data protection documentation in its legal terms index. The underlying data protection addendums themselves remain available; the change removes the 'GDPR' prefix label from customer and supplier data protection addendum references. This is a structural clarification without material impact on the rights, obligations, or protections users operate under.
This change reflects Twilio's reorganization of how it presents data protection documentation in its legal terms architecture. The underlying data protection addendums remain operationally unchanged; the modification only affects how these documents are labeled and indexed in the Terms of Service navigation.
Regulatory prefix 'GDPR' removed from customer and supplier data protection addendum titles in Terms index.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Twilio removed regulatory prefixes ('GDPR') from data protection addendum references in its Terms of Service navigation on July 3, 2026. This is a documentation reorganization and indexing change only. No underlying data protection obligations have been modified, removed, or altered. No regulatory or compliance action appears indicated.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003439.
This new provision significantly expands customer liability by making them responsible for all account activity by third parties and limits Twilio's responsibility for unauthorized access, shifting security burden to customers.
This new standalone provision caps Twilio's liability for indirect and consequential damages with explicit carve-outs for loss of profits, goodwill, and data, whereas the previous version capped total aggregate liability to 12 months of fees.
This provision was merged into the Mandatory Arbitration clause in the current version, removing the standalone jury trial waiver language.
Removal of the specific 12-month fee cap and $100 floor eliminates a quantified liability limit that previously existed, potentially allowing Twilio to be sued for damages up to higher amounts, though replaced by a separate indirect damages exclusion.
Removal of the explicit California governing law and San Francisco venue provision eliminates clarity about which jurisdiction will apply to disputes not covered by arbitration.
Removed JAMS administration requirement and single arbitrator specification, added carve-out for injunctive/equitable relief for IP infringement, merged class action waiver into single provision, and downgraded severity from high to medium.
Removed specific carve-outs for violations of law and third-party claims regarding communications, broadened language from "arising out of or related to" to "in any way connected with," and added accounting fees to legal fees.
Changed from immediate termination without notice to termination with notice, removed "sole discretion" standard and replaced with objective criteria (payment failure and harm prevention), and downgraded severity from high to medium.
Removed explicit statement about updates "at any time" and the reference to "AUP URL," softening the unilateral update power from explicit "at any time" to implicit "from time to time."
Changed licensed activities from "use, copy, transmit, and process" to "host, copy, transmit, and display," removed "solely to the extent necessary" qualifier, and changed ownership disclaimer language from explicit non-claim to "acquires no right, title or interest" formulation.
Added explicit 30-day notice requirement for material changes (previously only said "notice of material changes"), replaced "material changes" with more specific "changes that materially alter your rights or obligations," and removed the conditional instruction to stop using Services if disagreeing.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorTwilio's Privacy Notice table of contents was updated on July 3, 2026 to remove the reference to 'GDPR Customer Data …
Twilio added two new disclosures to its Privacy Notice on May 22, 2026. First, the policy now explicitly states that …
Twilio updated its privacy notice on May 19, 2026 to provide more explicit detail about its Data Privacy Framework (DPF) …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.