| An icon of a down chevron | | An icon of a down chevron |
| Acknowledgement and Waiver | | Acknowledgement and Waiver |
| Twilio Privacy Notice | | Twilio Privacy Notice |
| n | Last Updated: August 14, 2025 (View the prior version of our privacy notice here | n | Last Updated: April 09, 2026 (View the prior version of our privacy notice here) |
| ) | | |
| Introduction | | Introduction & Scope |
| The Privacy program of Twilio Inc. and its group companies (‘Twilio’, ‘we’ or ‘o | | Building the Future of Engagement. Twilio powers the world’s most important comm |
| ur’) is built on our Binding Corporate Rules ('BCRs'), which serve as our code o | | unications by seamlessly unifying data and connectivity. We protect the personal |
| f conduct that governs our global processing of personal data. | | data flowing through our platform by centering our privacy program on Binding C |
| | | orporate Rules (“BCRs”). These BCRs serve as our global code of conduct, mandati |
| | | ng how Twilio Inc. and its group companies (“Twilio”, “we”, or “our”) process pe |
| | | rsonal data wherever we operate. |
| In order to provide products and services ('Services') to our customers and cond | | Trust Through Transparency. In a digital economy defined by speed and scale, tra |
| uct our day-to-day business operations, including the operation of our websites, | | nsparency is essential to who we are and how we operate. It is the foundation of |
| we collect, use and share, or otherwise process personal data about our custome | | the trust we build with the millions of developers and organizations who rely o |
| rs, our customers’ authorized users ('end user') and their customers, our websit | | n Twilio. To honor that trust, we explain our privacy practices in a clear, acce |
| e visitors and business contacts. | | ssible, and easy-to-understand way, and let you know how to exercise your rights |
| | | in relation to your data. |
| Personal data is any information that directly identifies you, such as your name | | Putting Privacy Into Practice. To provide our products and services (collectivel |
| and email address, or that indirectly identifies you, for example a phone numbe | | y, our “Services”) and conduct our day-to-day business operations, we collect, s |
| r or device identifier. | | tore, use, and share personal data, which is any information that identifies you |
| | | directly (such as your name) or indirectly (such as a phone number or device id |
| | | entifier). |
| The personal data we may collect and process about you varies depending on our r | | Depending on which Services are used, we process personal data for: |
| elationship with you. We may have a direct relationship with you because you hav | | |
| e set up an account or consented to receive marketing communications from us, or | | |
| we may have an indirect relationship with you via your relationship with one of | | |
| our customers; for example you may be their employee or their customer. | | |
| We take privacy, data protection and our legal obligations very seriously. We ar | | Customers: Individuals or entities who contract with us to use our Services. |
| e committed to being transparent with you about how we use personal data. This P | | |
| rivacy Notice ('Notice') aims to describe our privacy practices in a clear, acce | | |
| ssible and easy to understand way and to let you know how you can exercise your | | |
| rights in relation to your data. | | |
| This Notice applies where Twilio processes personal data as a data controller, i | | End Users: Individuals who interact with our customers via our Services (e.g., r |
| n connection with the Services we provide to our customers and the operation of | | eceiving a text or authenticating an identity). |
| our business, including our websites. As a data controller, we determine the pur | | |
| pose (why) and means (how) of personal data processing and are ultimately respon | | |
| sible for the correct handling of your data, in accordance with applicable law. | | |
| This Notice describes our general privacy practices. Depending on how you intera | | |
| ct with us or the specific services you use, additional privacy notices may appl | | |
| y. These supplemental notices will be provided to you at or before the time we c | | |
| ollect your personal data. These supplemental notices should be read together wi | | |
| th this Notice and are incorporated by reference. | | |
| This Notice does not apply to the Personal Data we process in relation to job ap | | Prospective Customers & Visitors: Individuals who visit our websites, attend our |
| plicants. This is covered by our Global Applicant Privacy Notice. | | events, or engage with our sales teams. |
| We also process personal data for most of our Services as a data processor. As a | | Our personal data responsibilities depend on how you use our Services or interac |
| data processor, we process personal data related to our customers' employees, e | | t with us: |
| nd users and customers on behalf of our customers to provide Services to them in | | |
| accordance with their instructions. These instructions are set out in our custo | | |
| mer agreements, Data Protection Addendum, service specific terms or through a cu | | |
| stomer's use or configuration of a product feature. You should contact these org | | |
| anizations directly for information about how they process your personal data as | | |
| a data controller and to exercise your rights in relation to that data. | | |
| Contents of our Privacy Notice | | Twilio As Data Controller: We determine the “how” and the “why” personal data is |
| | | used in relation to our Services, accounts, websites, and operations. In these |
| | | cases, we are directly responsible for protecting the data. |
| | | Twilio As Data Processor: We process personal data as directed by our customers |
| | | - whether through specific instructions, our Data Protection Addendum, or their |
| | | chosen Service configurations. In these cases, we must use and protect personal |
| | | data in line with those directions. |
| | | This Privacy Notice (“Notice”) applies when Twilio acts as a Data Controller. |
| | | What This Notice Doesn't Cover |
| | | Supplemental Notices: Specific Services or business operations may have addition |
| | | al privacy terms provided at the time of collection. |
| | | Job Applicants: This Notice does not apply to candidates. Please see our Global |
| | | Applicant Privacy Notice. |
| Personal Data We Process | | What Personal Data We Process |
| How We Process Personal Data | | An icon of a plus symbol |
| How We Disclose Personal Data | | An icon of a minus symbol |
| International Data Transfers | | To deliver our Services, manage our business operations, drive research and deve |
| | | lopment, secure our platform and networks, and prevent fraud, we process persona |
| | | l data from three sources: 1) data you share directly; 2) data we generate or co |
| | | llect automatically; and 3) data from third parties. The categories of personal |
| | | data we have collected, processed and disclosed for our business purposes in the |
| | | past 12 months will depend on the nature of your relationship with us or on the |
| | | Services you or our customers use, and may include the following: |
| How We Secure Personal Data | | Table 1: Data You Share Directly |
| How Long We Retain Personal Data | | Personal data you provide for account setup, purchases, or support. |
| Your Rights and Choices About Your Data | | Contact Data |
| How To Exercise Your Rights and Choices | | Name, company name, business address, phone number, email address, job title, in |
| | | dustry, social media profile URLs. |
| How We Use Cookies and Other Tracking Technologies | | |
| Children | | |
| Automated Decision-Making | | |
| How to Contact Us | | |
| Changes to Our Privacy Notice | | |
| Twilio Product Privacy | | |
| Personal Data We Process | | |
| The personal data we collect about you depends on your relationship with us and | | |
| the purposes for which we process that personal data. The following describes th | | |
| e types of personal data that we collected and disclosed for a business purpose | | |
| in the preceding 12 months. | | |
| Personal Data You Share With Us Directly | | |
| Contact Information - When you sign up for a Twilio, Sendgrid or Segment account | | |
| and use any of our Services, request product information, ask for a call from o | | |
| ur sales team, or participate in events, we ask you to provide us with your name | | |
| , company name, business address, phone number, email address and other contact | | |
| information. We also ask you to create a password and name your account (or acco | | |
| unts, if you have more than one). | | |
| Customer Account Data - We process certain personal data to manage our relations | | |
| hip with you and administer you or your company’s account. This includes purchas | | |
| e history, names or contact information of individuals authorized to manage the | | |
| Twilio account on behalf of our customer to set up, access and manage billing. W | | |
| e also collect personal data required to administer use of your account and the | | |
| Services, and information to allow us to verify your identity for Know Your Cust | | |
| omer or other identity verification purposes. | | |
| Customer Content - We receive and store the content of communications received f | | |
| rom you or our customers and other personal data uploaded to the Services or gen | | |
| erated for our customers’ use as part of the Services, which we may be authorize | | |
| d by you or our customer to use, where necessary for specific legitimate busines | | |
| s purposes and in accordance with applicable law. | | |
| Marketing and Contact Preferences - We use information about how you would like | | |
| to be contacted and choices you have made to send you marketing communications. | | |
| Payment Information - In connection with Services you pay for, we ask you to pro | | |
| vide our payment processor with your payment method information like a credit ca | | |
| rd or your Paypal account and your billing address. Our payment processor, actin | | |
| g on our behalf, gathers this so we can bill you for your use of our Services. O | | |
| ur payment processor will share your billing address with Twilio for this purpos | | |
| e. | | |
| Personalization Details - Some of our products, such as our short code service, | | |
| may require you to complete an application form by providing details about your | | |
| or your company’s intended use of the product to determine eligibility for these | | |
| products. | | |
| Professional Information - The information we process about you with respect to | | |
| your employment or profession, including company, job title, email address, phon | | |
| e number and online business networking profile. | | |
| Subscriber Records - For some of our communications products, we may also obtain | | |
| proof of identity from you or our customer that includes a proof of address, na | | |
| me, physical address, or other identification information. For example, to use o | | |
| ur Trust Hub or to obtain a phone number in certain countries, local law may req | | |
| uire us to have a physical service address on file for the individual who will b | | |
| e using that Twilio number, whether that’s you or our customer's end user. | | |
| Support and Feedback - When you interact with us on our websites including throu | | |
| gh our AI chatbots (e.g. our Help Center Assistant), over the phone or via email | | |
| , we process the phone number or email address that you use, the content of your | | |
| interaction and the feedback you provide about our Services. You may also provi | | |
| de us with feedback about our Services in surveys and questionnaires. We will le | | |
| t you know when a call may be recorded, in accordance with applicable law. | | |
| Personal Data We Generate or Collect Automatically | | |
| Communications Usage Data - When you or our customers use Twilio communications | | |
| products, we collect electronic communications metadata, such as phone numbers a | | |
| nd routing information, the source and destination of a communication, location | | |
| of the device generated in the context of delivering the communication, date, ti | | |
| me, duration and type of communication, status of the message, error data and tr | | |
| affic records. | | |
| Device Information and IP Addresses - When you use our account portal, we collec | | |
| t your IP address and device information through tracking technologies like cook | | |
| ies, web beacons, pixels, and similar technologies. We also collect IP addresses | | |
| when you make requests to our APIs and in our server logs. Additionally, we col | | |
| lect information about your device, such as your computer or mobile device opera | | |
| ting system type and version number, manufacturer and model, browser type, scree | | |
| n resolution, unique identifiers, and general location information such as city | | |
| or town when you use our account portal. We do not collect precise geolocation i | | |
| nformation. | | |
| Online Activity Information - When you visit Twilio websites, including our web | | |
| forms, we use tracking technologies such as cookies, web beacons, and pixels to | | |
| collect the following data: your device and browser, time zone setting, web page | | |
| s visited, products you view or search for, page response times, download errors | | |
| , length of visits to certain pages, page interaction information, IP address. | | |
| Security Identifiers or SIDs - When you sign up for an account with Twilio, we’l | | |
| l automatically assign you and each of your accounts a unique security ID and ge | | |
| nerate an API token for each account. We keep a record of these credentials so w | | |
| e know it is you making the requests when your application makes requests to our | | |
| API using these credentials. | | |
| Customer Proprietary Network Information - When you use certain US voice-based c | | |
| ommunications services, Twilio collects information associated with your service | | |
| usage. This includes information such as the number of phone calls, call destin | | |
| ations, call locations, type, and service configuration, and is known as Custome | | |
| r Proprietary Network Information ('CPNI'). CPNI does not include information su | | |
| ch as your name, address, phone number, or the content of phone calls. We use CP | | |
| NI to market Twilio-related Services to which you are not already subscribed unl | | |
| ess you have exercised your right to opt out. For information about your CPNI ch | | |
| oices, see the section “Your Rights and Choices About Your Data” below. | | |
| Personal Data Collected From Other Sources | | |
| Add-On Service Data - In the event you purchase our Services through one of our | | |
| Add-On Partners, they may share your personal data with us to fulfill their cont | | |
| ractual obligations. Add-On Partners may share your personal data in the form of | | |
| leads when you download Twilio content on the Add-On Partner’s website or you p | | |
| articipate in events and webinars of which Twilio is a sponsor. | | |
| Professional Data - We collect certain personal data such as employment or profe | | |
| ssional information from sources other than you. We may combine this data with o | | |
| ther personal data that you share with us. | | |
| Publicly-Available Sources - We may also use publicly-available information abou | | |
| t you that we have gathered through services like LinkedIn, or we may obtain inf | | |
| ormation about you or your company from third party providers, such as your indu | | |
| stry, the size of your company, and your company’s website URL. | | |
| Social Media Data - Social media service providers such as Google, LinkedIn, and | | |
| Meta may provide us with information about you, in accordance with your privacy | | |
| settings on those sites. | | |
| Telecommunication Data - We receive communication-related data from telecommunic | | |
| ations operators, aggregators and carriers that may include phone type, carrier | | |
| history, SIM status and history, city and/or country where phone was first regis | | |
| tered, contract and account type, IP address city and/or country and a validatio | | |
| n result of personal data provided by our customer and whether it matches data h | | |
| eld by the carrier. | | |
| How We Process Personal Data | | |
| The purposes for which we process personal depends on your relationship with us. | | |
| We only use personal data that is necessary to fulfill the specified purposes l | | |
| isted below as applicable to you and in accordance with applicable data protecti | | |
| on law. | | |
| Purpose | | |
| Personal Data Processed | | |
| Legal Basis for Processing | | |
| Creating and managing accounts, including verification of the identity of our cu | | |
| stomer’s end user for Know-Your-Customer (KYC) or identity verification purposes | | |
| . | | |
| Add-On Service Data | | |
| Contact Information | | |
| Customer Account Data | | Customer Account Data |
| n | Online Activity Information | n | Purchase & Payment Data |
| Payment Information | | Purchase history, credit/debit card details, billing address, PayPal account inf |
| | | o. |
| Professional Information | | Service Provisioning Data |
| | | Application details regarding intended use of certain Services (e.g., Short Code |
| | | s) |
| | | Security & Verification Data |
| | | Username, password, account names, unique Account IDs, API tokens, government-is |
| | | sued IDs. |
| Subscriber Records | | Subscriber Records |
| n | Security Identifier | n | Proof of identity and physical service address and other information as required |
| | | by local laws to provide specific services (e.g., phone numbers). |
| | | Customer Content |
| | | Communications content (e.g., email subject, email body, text body, media files) |
| | | , transcripts, recordings, communications logs, and other data uploaded to the S |
| | | ervices. |
| | | Marketing & Communications Data |
| | | Privacy settings, communication preferences, event attendance info, dietary requ |
| | | irements, or accessibility needs for in-person events. |
| | | Customer Support & Feedback Data |
| | | Call recordings with our support agents, transcribed conversations conducted wit |
| | | h AI chatbots, feedback and survey responses. |
| | | Table 2: Data We Generate or Collect Automatically |
| | | Personal data we automatically collect or generate in order to route communicati |
| | | ons, optimize performance, and prevent fraud, including through tracking technol |
| | | ogies like cookies and web beacons. |
| | | Communications Usage Data |
| | | Electronic Communications Metadata |
| | | Sender/recipient information, routing details, timestamps, communication type, d |
| | | uration, message status & activity (e.g., delivered, opened, bounced, spam, clic |
| | | ks, or unsubscribes), error data and traffic records. |
| | | Customer Proprietary Network Information (“CPNI”) |
| | | U.S. only: A subset of usage data (e.g., call destinations, locations, and confi |
| | | gurations) that excludes names, addresses, and call content. Learn more about CP |
| | | NI and how to exercise your rights here. |
| | | Device Data |
| | | IP address, OS type/version, browser type, screen resolution, CPU count, manufac |
| | | turer/model, device IDs, time zone, IP address-based location of the device gene |
| | | rated in the context of delivering a communication, and general location (City/T |
| | | own) when you use our account portal and make requests to our APIs and activity |
| | | logs. Precise geolocation data is not collected. |
| | | Online Activity Data |
| | | Browsing behavior, page and feature interactions, products viewed or searched, r |
| | | esponse times, download errors. |
| | | Table 3: Data From Other Sources |
| | | Personal data we receive from third parties, trusted partners, telecommunication |
| | | s operators, aggregators, or carriers to provision accounts, validate identities |
| | | , and enrich our Services. |
| | | Partner-Sourced Data |
| | | Contact Data provided by event partners and co-sponsors, as well as marketing an |
| | | d lead generation partners. Data may also include information you choose to shar |
| | | e via third-party forms or advertisements, which may be auto-populated from your |
| | | profile on those platforms and which may include location related data. |
| | | Solution Provider-Sourced Data |
| | | Contact Data and Customer Account Data shared by our solutions providers - Indep |
| | | endent Software Vendors (“ISVs”) and Managed Service Providers (“MSP”) - to help |
| | | us process orders and set up sub-accounts. |
| | | Data Enrichment Services |
| | | Contact Data obtained from third-party data providers and enrichment services an |
| | | d data that is publicly available. We may combine this Contact Data with other d |
| | | ata we have collected about you. |
| | | Third-Party Authentication Data |
| | | Contact Data and Customer Account Data shared by connected third-party services |
| | | like Google and Meta when you link those accounts to your Twilio account, as per |
| | | mitted by your individual privacy settings on those platforms. |
| | | Telecommunications Data |
| | | Communication-related data from operators, aggregators, and carriers - including |
| | | phone type, SIM and carrier history, registration location, account type and IP |
| | | address - used to validate whether personal data provided to Twilio matches ope |
| | | rator, aggregator or carrier records. |
| | | How and Why We Use Your Data |
| | | An icon of a plus symbol |
| | | An icon of a minus symbol |
| | | The specific reasons we process personal data depend on your relationship with u |
| | | s. We only process the personal data necessary to fulfill the purposes listed be |
| | | low, and we do so in accordance with applicable data protection laws.. |
| | | In the past 12 months, we have processed personal data for the following busines |
| | | s purposes: |
| | | Table 4: Data Use Categories & Legal Basis for Processing |
| | | Data Use Categories & Legal Basis for Processing |
| | | Account Management |
| | | Purpose: |
| | | Creating and managing your Twilio account throughout your customer lifecycle. |
| | | Examples: |
| | | Determining service eligibility; verifying identities (KYC); billing and relatio |
| | | nship management; and, sending essential administrative or Service updates. |
| | | Personal Data Processed: |
| | | Contact Data |
| | | Customer Account Data |
| | | Solution-Provider Sourced Data |
| | | Third-Party Authentication Data |
| | | Legal Basis for Processing: |
| | | Consent |
| Legitimate Interest | | Legitimate Interest |
| Legal Obligation | | Legal Obligation |
| n | Carrying out Twilio’s core business operations, such as account administration, | n | Business Operations |
| accounting, auditing and compliance, business analytics, filing taxes, finance, | | |
| forecasting, consolidated management and reporting, product strategy and revenue | | |
| planning. | | |
| Add-On Service Data | | Purpose: |
| Professional Information | | Managing essential business functions. |
| | | Examples: |
| | | Financial management (accounting, auditing, and revenue planning); strategic gro |
| | | wth (lead scoring and operational insights); relationship management; corporate |
| | | governance; risk management; maintaining customer records; identifying potential |
| | | job candidates; and, ensuring the safety of our employees, visitors, and proper |
| | | ties. |
| | | Personal Data Processed: |
| | | Contact Data |
| Customer Account Data | | Customer Account Data |
| n | Support and Feedback | n | |
| Customer Content | | |
| Communications Usage Data | | Communications Usage Data |
| n | Payment Information | n | Customer Support & Feedback Data |
| Publicly Available Sources | | |
| Social Media Data | | |
| Legitimate Interest | | |
| Billing and relationship management. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Communications Usage Data | | |
| Payment Information | | |
| Legitimate Interest | | |
| Providing, optimizing and maintaining our Services and, platform, including debu | | |
| gging and troubleshooting. | | |
| Add-On Service Data | | |
| Subscriber Records | | |
| Online Activity Information | | Online Activity Data |
| Communications Usage Data | | Solution-Provider Sourced Data |
| Customer Content | | Data Enrichment Services |
| Device Information and IP | | Third-Party Authentication Data |
| Addresses | | Legal Basis for Processing: |
| Security Identifier | | Consent |
| Legitimate Interest | | |
| Preventing, detecting and investigating security incidents and managing the secu | | |
| rity of Twilio’s platform, services, websites and accounts. | | |
| Add-On Service Data | | |
| Communications Usage Data | | |
| Customer Content | | |
| Device Information and IP | | |
| Addresses | | |
| Online Activity Information | | |
| Payment Information | | |
| Subscriber Records | | |
| Telecommunication Data | | |
| Contact Information | | |
| Customer Account Data | | |
| Security Identifier | | |
| Legitimate Interest | | Legitimate Interest |
| Legal Obligation | | Legal Obligation |
| n | Preventing, detecting, or investigating abuse or misuse of Twilio’s platform or | n | Platform Security & Fraud Prevention |
| Services , including spam, fraud, illegal activities, or violations of the Twili | | |
| o Acceptable Use Policy, or assisting telecommunications service providers, regu | | |
| lators, or law enforcement agencies with combating spam, fraud, or illegal activ | | |
| ities. | | |
| Communications Usage Data | | Purpose: |
| Customer Content | | Securing our platform and data while proactively protecting our network and our |
| | | users from abuse. |
| Customer Account Data | | Examples: |
| Contact Information | | Safeguarding systems against unauthorized access and security threats; identifyi |
| | | ng account takeovers and signs of spam or bot attacks; training AI/ML models to |
| | | recognize evolving security vulnerabilities and fraud signatures; and, utilizing |
| | | signals to make real-time automated security decisions, such as approving accou |
| | | nt applications or suspending fraudulent accounts (of which you will be notified |
| | | and given an opportunity to object). |
| Device Information and IP | | Personal Data Processed: |
| Addresses | | Contact Data |
| Telecommunications Data | | |
| Security Identifier | | |
| Legitimate Interest | | |
| Legal Obligation | | |
| Determining eligibility for certain Services. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Payment Information | | |
| Personalization Details | | |
| Subscriber Records | | |
| Legitimate Interest | | |
| For routing and connectivity purposes to send messages on behalf of our customer | | |
| s, including transmitting, distributing and exchanging communications using phon | | |
| e numbers, either through the public switched telephone network or other communi | | |
| cations networks. | | |
| Add-On Service Data | | |
| Communications Usage Data | | |
| Legitimate Interest | | |
| Providing customer support, including responding to your requests and communicat | | |
| ing with you about your account and use of the services, including suspicious ac | | |
| tivity or security alerts. | | |
| Contact Information | | |
| Customer Account Data | | Customer Account Data |
| Customer Content | | Customer Content |
| Communications Usage Data | | Communications Usage Data |
| n | Professional Information | n | Customer Support & Feedback Data |
| Support and Feedback | | Solution-Provider Sourced Data |
| Security Identifier | | Third-Party Authentication Data |
| Other personal data provided by requestor | | Telecommunications Data |
| | | Legal Basis for Processing: |
| | | Consent |
| Legitimate interest | | Legitimate Interest |
| Sending important notifications about our Services. | | Legal Obligation |
| Add-On Service Data | | Service Support & Improvement |
| Contact Information | | Purpose: |
| | | Operating, maintaining, and evolving our communications and engagement platforms |
| | | . |
| | | Examples: |
| | | Providing global connectivity and routing communications; troubleshooting techni |
| | | cal issues; training AI/ML models with performance metrics to optimize network r |
| | | eliability; providing dedicated customer support; and, refining our Service suit |
| | | e through usage insights. |
| | | Personal Data Processed: |
| | | Contact Data |
| Customer Account Data | | Customer Account Data |
| n | Legitimate Interest | n | |
| Complying with legal and regulatory obligations, telecommunication service provi | | |
| der requirements and communications industry codes of practice. | | |
| Subscriber Records | | |
| Customer Content | | Customer Content |
| Communications Usage Data | | Communications Usage Data |
| n | | n | Customer Support & Feedback Data |
| | | Solution-Provider Sourced Data |
| | | Third-Party Authentication Data |
| | | Telecommunications Data |
| | | Legal Basis for Processing: |
| | | Consent |
| | | Legitimate Interest |
| | | Legal Obligation |
| | | Research & Innovation |
| | | Purpose: |
| | | Expanding platform capabilities and developing the next generation of communicat |
| | | ions, engagement, and identity solutions. |
| | | Examples: |
| | | Developing new features or products to continuously improve our Services. |
| | | Personal Data Processed: |
| Customer Account Data | | Customer Account Data |
| n | | n | Customer Content |
| | | Communications Usage Data |
| | | Customer Support & Feedback Data |
| | | Online Activity Data |
| | | Solution-Provider Sourced Data |
| | | Third-Party Authentication Data |
| | | Telecommunications Data |
| | | Legal Basis for Processing: |
| | | Consent |
| Legitimate Interest | | Legitimate Interest |
| n | Sending marketing communications in accordance with your marketing preferences. | n | Legal Obligation |
| Add-On Service Data | | Customer Engagement |
| Contact Information | | Purpose: |
| Marketing and Contact Preferences | | Personalizing your experience and managing our ongoing relationship with you. |
| Professional Data | | Examples: |
| Publicly Available Sources | | Delivering essential Service notifications and account support; sending relevant |
| | | Service updates and news based on your preferences; facilitating event particip |
| | | ation and access to resources like whitepapers; and, conducting surveys to gathe |
| | | r insights for Service improvements. |
| Social Media Data | | Personal Data Processed: |
| | | Contact Data |
| | | Customer Account Data |
| | | Marketing & Communications Data |
| | | Communications Usage Data (Device Data) |
| | | Online Activity Data |
| | | Partner-Sourced Data |
| | | Solution-Provider Sourced Data |
| | | Data Enrichment Services |
| | | Third-Party Authentication Data |
| | | Legal Basis for Processing: |
| | | Consent |
| Legitimate Interest | | Legitimate Interest |
| n | | n | Personalization & Optimization |
| | | Purpose: |
| | | To analyze site and platform interactions in order to improve your digital exper |
| | | ience, refine our interfaces, and optimize our marketing ecosystem through a uni |
| | | fied understanding of the customer journey. |
| | | Examples: |
| | | Analyzing website and platform navigation to improve functionality and experienc |
| | | e; utilizing identity resolution to create unified profiles that ensure a consis |
| | | tent experience across different devices and touchpoints; measuring and optimizi |
| | | ng the performance of our advertising activities; and deploying online tracking |
| | | technologies in accordance with your preferences. |
| | | Personal Data Processed: |
| | | Contact Data |
| | | Customer Account Data |
| | | Marketing & Communications Data |
| | | Communications Usage Data (Device Data) |
| | | Online Activity Data |
| | | Partner-Sourced Data |
| | | Solution-Provider Sourced Data |
| | | Third-Party Authentication Data |
| | | Legal Basis for Processing: |
| Consent | | Consent |
| n | Analyzing your interest in our Services and delivering marketing campaigns that | n | |
| are relevant to you. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Marketing and Contact Preferences | | |
| Professional Data | | |
| Publicly Available Sources | | |
| Social Media Data | | |
| Security Identifier | | |
| Legitimate Interest | | Legitimate Interest |
| n | Consent | n | Legal Compliance |
| Deploying cookies and other tracking technologies in accordance with your online | | Purpose: |
| settings. | | |
| Add-On Service Data | | Fulfilling our global legal obligations and protecting the public interest. |
| Contact Information | | Examples: |
| Marketing and Contact Preferences | | Adhering to international telecommunications and data protection laws, along wit |
| | | h carrier requirements and industry codes of practice; responding to valid legal |
| | | requests (such as court orders or subpoenas); and safeguarding the fundamental |
| | | rights and freedoms of individuals. |
| Professional Data | | Personal Data Processed: |
| Social Media Data | | Customer Account Data |
| | | Customer Content |
| | | Communications Usage Data |
| | | Solution=Provider Sourced Data |
| | | Third-Party Authentication Data |
| | | Legal Basis for Processing: |
| Legitimate Interest | | Legitimate Interest |
| n | Consent | n | |
| Understanding how visitors navigate our websites, and tracking and optimizing th | | |
| e performance of our advertising activities. | | |
| Device Information | | |
| Online Activity Information | | |
| Publicly Available Sources | | |
| Social Media Data | | |
| Legitimate Interest | | |
| Understanding how customers are using our platform and improving the website nav | | |
| igation experience. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Marketing and Contact Preferences | | |
| Online Activity Information | | |
| Professional Data | | |
| Legitimate Interest | | |
| Consent | | |
| Conducting questionnaires and surveys to improve our Services and provide traini | | |
| ng to our employees. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Customer Account Data | | |
| Marketing and Contact Preferences | | |
| Personalization Details | | |
| Professional Data | | |
| Support and Feedback | | |
| Legitimate Interest | | |
| Consent | | |
| Managing your participation in our events and webinars and granting you access t | | |
| o whitepapers and on-demand resources. | | |
| Add-On Service Data | | |
| Contact Information | | |
| Customer Account Data | | |
| Marketing and Contact Preferences | | |
| Professional Data | | |
| Support and Feedback | | |
| Legitimate Interest | | |
| Consent | | |
| Collecting sales insights and performing lead scoring. | | |
| Contact Information | | |
| Professional Data | | |
| Publicly Available Sources | | |
| Social Media Data | | |
| Legitimate Interest | | |
| Developing our business by updating, expanding, and analyzing our customer relat | | |
| ionship records. | | |
| Contact Information | | |
| Marketing and Contact Preferences | | |
| Payment Information | | |
| Professional Data | | |
| Publicly Available Sources | | |
| Social Media Data | | |
| Legitimate Interest | | |
| Consent | | |
| Identifying potential job candidates. | | |
| Publicly Available Sources | | |
| Social Media Data | | |
| Legitimate Interest | | |
| Developing or improving our Services, including anonymizing, de-identifying, pse | | |
| udonymizing and aggregating personal data for this purpose. | | |
| Communications Usage Data | | |
| Customer Content | | |
| Customer Account Data | | |
| Personalization Details | | |
| Support and Feedback | | |
| Legitimate Interest | | |
| As otherwise authorized by you or our customer in Service specific terms or thro | | |
| ugh your or our customer’s use and configuration of features in a product. | | |
| Data used will vary based on customer authorization | | |
| Legitimate Interest | | |
| Protecting the health and safety of our employees, visitors and our properties. | | |
| Contact Information | | |
| Customer Account Data | | |
| Legal Obligation | | Legal Obligation |
| n | Protecting the rights and freedoms of individuals, meeting legal or regulatory o | n | |
| bligations, including complying with valid court orders, disclosure requests, su | | |
| bpoenas, and other appropriate legal mechanisms. | | |
| Add-On Service Data | | |
| Communications Usage Data | | |
| Customer Content | | |
| Device Information and IP | | |
| Addresses | | |
| Online Activity Information | | |
| Marketing and Contact Preferences | | |
| Payment Information | | |
| Subscriber Records | | |
| Telecommunication Data | | |
| Security Identifier | | |
| Legal Obligation | | |
| Legitimate Interest | | |
| How We Disclose Personal Data | | How We Disclose Personal Data |
| n | We disclose personal data to third parties in limited circumstances in order to | n | An icon of a plus symbol |
| provide the Services and to otherwise run our business. Below are the different | | |
| scenarios under which we may disclose your data to third parties. | | |
| | | An icon of a minus symbol |
| | | We only share your data when it is necessary to provide our Services, run our bu |
| | | siness, or comply with the law. We do not sell your data to third parties. In th |
| | | e past 12 months, we may have shared personal data with the following categories |
| | | of recipients: |
| | | Table 5: Data Recipient Categories |
| | | Data Recipient Categories |
| Telecommunications Service Providers | | Telecommunications Service Providers |
| n | Twilio’s communications products provide an easier way for developers to build a | n | Recipient Details: |
| pplications that make use of the publicly switched telephone network ('PSTN') to | | |
| send communications. Therefore, we engage with a global network of telecommunic | | |
| ations operators, aggregators, carriers and other communication service provider | | |
| s (collectively, “telecommunications service providers”) as necessary to route a | | |
| nd connect those communications from the sender to the intended recipient. How t | | |
| elecommunications service providers handle this data is generally determined by | | |
| their own policies and local regulations. | | |
| Where telecommunications service providers transmit the content of a communicati | | Global network of operators, aggregators, and carriers who act as conduits for C |
| on, they function neither as data controllers nor data processors, instead they | | ustomer Content. These providers function as independent data controllers when p |
| act simply as a conduit to transmit communication content. In the event telecomm | | rocessing metadata for billing, fraud prevention, or legal compliance. |
| unications services providers process any personal data for their own purposes s | | |
| uch as communications metadata required to transmit the message, or for billing | | |
| or fraud prevention purposes, they also act as data controllers. | | |
| We may have to share Subscriber Records with local government authorities or loc | | Important Note: |
| al telecommunications carriers that provide connectivity services. However, we d | | |
| on’t share subscriber records for purposes other than this, and we treat these r | | |
| ecords with our highest confidentiality. | | |
| | | Where required by local law, we share Subscriber Records with local carriers or |
| | | authorities solely to provide connectivity, maintaining the highest confidential |
| | | ity for these records. |
| | | Reason for Sharing: |
| | | To route and connect communications across the publicly switched telephone netwo |
| | | rk (“PSTN”). |
| Other Communications Service Providers | | Other Communications Service Providers |
| n | For proper routing and connectivity, Twilio also enables sending or receiving co | n | Recipient Details: |
| mmunications through communications service providers that do not use the PSTN, | | |
| these are referred to as Over-the-Top ('OTT') communications service providers. | | |
| If you or our customer chooses to use Twilio to send or receive communications b | | |
| y way of these providers, Twilio will disclose communications content and other | | |
| data to these providers as necessary to route and connect those communications f | | |
| rom the sender to the intended recipient. How those OTT communications service p | | |
| roviders, as data controllers, handle this data is determined by their own polic | | |
| ies and local regulations. | | |
| | | Over-the-Top (“OTT”) providers (such as WhatsApp) that function as independent d |
| | | ata controllers. |
| | | Reason for Sharing: |
| | | To route and connect communications across the publicly switched telephone netwo |
| | | rk (“PSTN”). |
| Third Party Service Providers | | Third Party Service Providers |
| n | Twilio engages third-party vendors and service providers to carry out certain pe | n | Recipient Details: |
| rsonal data processing functions on our behalf. These providers are limited to o | | |
| nly accessing or using personal data to provide services to us and must provide | | |
| reasonable assurances they will appropriately safeguard the data. | | |
| Add-On Partners | | Third-party vendors and service providers engaged by Twilio to process personal |
| | | data on our behalf. |
| Add-ons are additional features, functionality or services offered by Twilio’s A | | Reason for Sharing: |
| dd-on partners (who are third parties not affiliated with Twilio). Twilio may ma | | |
| ke Add-ons available through the Twilio Marketplace. Some Add-ons may need to ac | | |
| cess or collect some of your information, including personal data. If you choose | | |
| to use an Add-on, Twilio will disclose your information to the Add-on partner s | | |
| o you can use the Add-on. Twilio does not control Add-on partners’ use of your i | | |
| nformation and their use of your information will be in accordance with their ow | | |
| n policies. If you do not want your information to be disclosed to an Add-on par | | |
| tner, then you should not use the Add-on. | | |
| Twilio Group Members | | To perform specific operational functions, with access strictly limited to provi |
| | | ding services to Twilio under robust security and confidentiality safeguards. |
| We may disclose your personal data among Twilio Group Members. Twilio Group Memb | | Partners & Integrated Service Providers |
| ers will only use the information as described in this Notice. Twilio Group Memb | | |
| ers are listed in Appendix 1 in our Binding Corporate Rules. | | |
| Compliance with Legal Obligations | | Recipient Details: |
| We may disclose your personal data to a third party if: | | Third party partners who provide 'add-ons' or integrations to our Services throu |
| | | gh the Twilio Marketplace or other Twilio provided catalogue (such as Segment Co |
| | | nnections). |
| If we reasonably believe that disclosure is compelled by applicable law, regulat | | Reason for Sharing: |
| ion, legal process, or a government request (including to meet national security | | |
| , emergency services, or law enforcement requirements); | | |
| to enforce our agreements and policies; | | To facilitate seamless interoperability between Twilio and third-party services. |
| | | This includes disclosing Contact Data and Customer Account Data to those partne |
| | | rs to enable the chosen functionality. |
| to protect the security or integrity of our Services; | | Twilio Group Companies |
| to protect ourselves, our other customers, or the public from harm or illegal ac | | Recipient Details: |
| tivities, including security threats, spam and fraud; or | | |
| to respond to an emergency which we believe in good faith requires us to disclos | | Twilio group companies (subsidiaries and affiliates) as listed in our Binding Co |
| e data to assist in preventing a death or serious bodily injury. | | rporate Rules. |
| For more details, please see the procedure laid out in our Binding Corporate Rul | | Reason for Sharing: |
| es. | | |
| If Twilio is required by law to disclose any personal data about you, we will no | | To facilitate global operations and Service delivery, with all members contractu |
| tify you or our customers of the disclosure requirement to the extent legally pe | | ally bound to use your information strictly as described in this Notice. |
| rmitted and where Twilio determines such disclosure will not interfere with an o | | |
| ngoing investigation. Further, we object to information requests we do not belie | | |
| ve were issued properly. | | |
| Business Transfers | | Legal, Regulatory, & Judicial Parties |
| In connection with a corporate sale, merger, reorganization, dissolution or simi | | Recipient Details: |
| lar event, personal data about you may be part of the assets transferred or disc | | |
| losed in connection with the due diligence for any such transaction. If required | | |
| by law, we will notify you prior to such a transfer and provide you with inform | | |
| ation about any choices you may have with respect to your personal data. | | |
| | | Law enforcement, government agencies, emergency services, private parties involv |
| | | ed in legal proceedings (such as opposing counsel or court-appointed officers) o |
| | | r a third party. |
| | | Important Note: |
| | | We notify users of legal requests whenever permitted and where Twilio determines |
| | | the disclosure will not interfere with an on-going investigation. We object to |
| | | any requests that are not properly issued. |
| | | Reason for Sharing: |
| | | To comply with legal obligations, respond to court orders or subpoenas in civil |
| | | or criminal cases, enforce our agreements and policies, prevent fraud, and prote |
| | | ct the safety and integrity of the platform or the public. |
| | | Corporate Transaction Parties |
| | | Recipient Details: |
| | | Prospective or actual buyers, merger partners, and their professional advisors ( |
| | | such as legal and financial consultants). |
| | | Important Note: |
| | | We will notify you in advance if required by law and provide information on any |
| | | choices you have regarding the transfer of your data to a new entity. |
| | | Reason for Sharing: |
| | | To conduct due diligence or complete a transfer of assets during a merger, sale, |
| | | reorganization, or dissolution, ensuring business continuity. |
| Aggregated, Anonymized or De-identified Data | | Aggregated, Anonymized & De-Identified Data |
| Aggregated, anonymized and de-identified data may be derived by Twilio from your | | We may derive aggregated, anonymized, or de-identified data from your personal d |
| personal data but is generally not considered personal data under data protecti | | ata. Because this data does not identify you, it is not considered personal data |
| on law as this data does not directly or indirectly reveal your identity. We may | | under the law. We may use this data for any purpose. We commit to never attempt |
| use and disclose de-identified, anonymized or aggregated data to third parties. | | ing to re-identify this information, and we will only share it with third partie |
| We do not disaggregate or reidentify de-identified data. | | s who are legally or technically bound to keep it de-identified. |
| International Data Transfers and Jurisdiction-Specific Provisions | | U.S. Supplemental Disclosure |
| As a global organization, we may need to transfer your personal data to Twilio a | | |
| ffiliates, contractors, service providers and third parties in various countries | | |
| and jurisdictions around the world. When we transfer your personal data, we tak | | |
| e care to use appropriate safeguards to ensure your personal data remains protec | | |
| ted. | | |
| Data Transfers to the United States and Elsewhere | | |
| When you use our account portal, or our other Services, your personal data may b | | |
| e transferred to the United States, where our primary processing facilities are | | |
| located, and possibly to other countries where we or our service providers opera | | |
| te. | | |
| Safeguards for Data Transfers | | |
| Twilio employs appropriate safeguards for cross-border transfers of personal dat | | |
| a, as required by applicable local law. | | |
| EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. | | |
| DPF and Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF“) | | |
| As set forth by the U.S. Department of Commerce Twilio is officially certified u | | |
| nder the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF and | | |
| relies on these certifications as its primary transfer mechanisms for transfers | | |
| of personal data from the EU, UK and Switzerland to the U.S. Twilio adheres to | | |
| the DPF principles for onward transfers of personal data to third parties and re | | |
| mains liable for damages caused by third parties under the DPF unless Twilio did | | |
| not cause the event giving rise to damage. The U.S. Federal Trade Commission ha | | |
| s jurisdiction over Twilio’s compliance with the DPF. To learn more about the DP | | |
| F Program, and to view our certifications, please visit the DPF website. | | |
| Brazilian Standard Contractual Clauses | | |
| Twilio uses the Brazilian Standard Contractual Clauses as the legal mechanism fo | | |
| r transferring personal data from Brazil. Twilio’s incorporation of the Brazilia | | |
| n SCCs, as well as a link to the Brazilian SCCs, is available at https://www.twi | | |
| lio.com/en-us/legal/data-protection-addendum. | | |
| If you are a Brazilian data subject, you have rights afforded to you by the Lei | | |
| Geral de Proteção de Dados Pessoais (“LGPD”), specifically those outlined in Art | | |
| icle 18. Twilio has appointed a DPO who provides oversight of Twilio's complianc | | |
| e with applicable data protection laws and regulations. You may exercise your ri | | |
| ghts by contacting our DPO at privacy@twilio.com. | | |
| Twilio’s Binding Corporate Rules | | |
| Twilio has established and implemented a set of Binding Corporate Rules for inte | | |
| rnal transfers of personal data between Twilio Group Members in the European Uni | | |
| on and Twilio Group Members elsewhere as a data controller. Twilio’s BCRs have b | | |
| een approved by European Union Data Protection Authorities and are a commitment | | |
| by Twilio to adequately protect personal data that Twilio processes regardless o | | |
| f where the information resides. You can access Twilio’s BCR-Controller Policy h | | |
| ere. | | |
| Where neither the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, Swiss-EU DPF | | |
| nor Twilio's BCRs apply, we rely instead on other data transfer mechanisms to t | | |
| ransfer personal data outside the EEA, the UK, and Switzerland, such as Standard | | |
| Contractual Clauses and the UK’s International Data Transfer Agreement. | | |
| Global CBPR & Global PRP Participation | | |
| Twilio’s privacy practices, described in this Notice, comply with the Global Cro | | |
| ss Border Privacy Rules (“CBPR”) and Global Privacy Recognition for Processors ( | | |
| “PRP”) Systems. The global, CBPR and PRP systems provide a framework for organiz | | |
| ations to ensure protection of personal data transferred among participating eco | | |
| nomies. More information about this global framework can be found here. | | |
| How We Secure Personal Data | | |
| To protect personal data from loss, or unauthorized use, access or disclosure, T | | |
| wilio uses reasonable and appropriate security measures designed to protect the | | |
| security of your personal data both online and offline. These measures vary base | | |
| d on the sensitivity of the personal data we collect, process and store and the | | |
| current state of technology. All systems used to support our business are govern | | |
| ed by Twilio’s Information Security Policy and Standards which are built on indu | | |
| stry standards and best practices such as the ISO 27001 and NIST standards. More | | |
| information about our security measures can be found in our Security Overview. | | |
| How Long We Retain Personal Data | | |
| We endeavor not to retain personal data in a form which permits identification o | | |
| f individuals for longer than is necessary for the purposes for which that data | | |
| is processed. We retain personal data in accordance with Twilio's record retenti | | |
| on policies and guidelines as revised and updated from time to time. | | |
| Twilio will store your Customer Account Data as long as needed to provide you or | | |
| our customer with the Services and to operate our business. If you ask Twilio t | | |
| o delete specific personal data from your Customer Account Data (see ‘Your Right | | |
| s and Choices About Your Data’ below), we will honor this request, unless deleti | | |
| ng that information prevents us from carrying out necessary business functions, | | |
| such as billing for our services, calculating taxes, or conducting required audi | | |
| ts. | | |
| Your Rights and Choices About Your Data | | |
| Depending on the data protection laws applicable to you, you may have the follow | | |
| ing rights in relation to your personal data that we process as a data controlle | | |
| r: | | |
| that we provide details about the categories of personal data that we collect ab | | |
| out you, including how we collect and share it; | | |
| that we provide you access to, and a copy of, the personal data we collect about | | |
| you; | | |
| that we update or correct any inaccurate personal data we have about you; | | |
| that we delete the personal data we have about you; | | |
| that we restrict processing of personal data about you; | | |
| that we provide you with your personal data in a structured, commonly used forma | | |
| t and to transmit that information to another controller, and where feasible, tr | | |
| ansmit the information directly; | | |
| that we provide you with the right to object to the processing of personal data, | | |
| including profiling; | | |
| that we provide you with a free, easy mechanism to object to use of your persona | | |
| l information for direct marketing purposes; | | |
| that you not be subject to a decision based solely on automated processing, incl | | |
| uding profiling, that produces legal effects or similarly affects your individua | | |
| l rights; | | |
| to withdraw your consent; and | | |
| to complain to a competent supervisory authority and/or to commence proceedings | | |
| in a court of competent jurisdiction. | | |
| Twilio will honor your rights subject to limitations in certain situations, such | | |
| as where Twilio can demonstrate that it has a legal requirement or legitimate i | | |
| nterest to process your data or can legitimately apply an exemption to the exerc | | |
| ise of a right under applicable law. More information about these rights can be | | |
| found in our Binding Corporate Rules Controller Policy Rule 10 and Appendix 3. | | |
| If you are a US resident interested in what personal data we have disclosed late | | If you are a US resident interested in what personal data we have disclosed late |
| ly for our business purposes, here’s a list: | | ly for our business purposes, here’s a list: |
| Identifiers | | Identifiers |
| Commercial information | | Commercial information |
| Internet or other electronic activity information | | Internet or other electronic activity information |
| Geolocation information | | Geolocation information |
| Professional or employment information | | Professional or employment information |
| n | By “our business purposes,” we mean that we only disclose personal data as we de | n | By “our business purposes,” we mean that we only disclose personal data as descr |
| scribe in the section "How We Disclose Personal Data" above. Also, as described | | ibed in this section. |
| in the “How We Use Cookies & Other Tracking technologies” section below, we proc | | |
| ess personal data to deliver ads targeted to your interests on other companies’ | | |
| websites and mobile apps. Some of these activities may be considered “sharing” o | | |
| r “targeted advertising” under certain laws. You have the right to opt out of th | | |
| e processing of your personal data for targeted advertising, and can do so by ad | | |
| justing your preferences using our Cookie Preferences Tool located on the bottom | | |
| right of the Twilio website you are visiting. Any choices concerning cookies ar | | |
| e browser and/or device specific. If you clear your cookies from your browser on | | |
| any of your devices, your choices will need to be reset. | | |
| You also have the right to request the restriction of processing of your sensiti | | International Transfers |
| ve personal information. Where applicable, the respective sensitive personal inf | | |
| ormation will be marked accordingly and may only be processed by us for certain | | |
| purposes. At the current time, however, we do not use or disclose sensitive pers | | |
| onal information for purposes other than those expressed in this Privacy Notice | | |
| or otherwise permitted by applicable law, and these uses cannot be limited under | | |
| California law. | | |
| You may have additional rights under our Binding Corporate Rules in the EU. For | | An icon of a plus symbol |
| example, where you believe your personal data has been transferred by an EU-base | | |
| d Twilio company to our US headquarters and processed by the US company in breac | | |
| h of the Binding Corporate Rules, you may have a right to: | | |
| Lodge a complaint with the Twilio company that transferred your data outside Eur | | An icon of a minus symbol |
| ope; | | |
| Lodge a complaint with the supervisory authority in the same country as the Twil | | As a global platform, we move data across borders to ensure seamless connectivit |
| io company that transferred your data outside Europe; and | | y, Service provision and business operations. While our primary processing facil |
| | | ities are in the U.S., we use regulator-approved frameworks to ensure personal d |
| | | ata receives the same high level of protection everywhere it travels. Whether we |
| | | are transferring data internally within the Twilio group or externally to trust |
| | | ed third parties, we rely on the following legal safeguards: |
| Bring a court action against the Twilio company that transferred your data outsi | | Data Privacy Frameworks (or “DPF”): Primary mechanism for transfers from the EU, |
| de Europe. | | UK and Switzerland to the U.S. |
| | | Binding Corporate Rules (or “BCRs”): EU-approved rules covering transfers to Twi |
| | | lio group companies globally. |
| | | EU, UK Standard Contractual Clauses (or “SCCs”): Transfer mechanisms used for EU |
| | | and UK transfers where the DPF or BCR’s do not apply. |
| | | Brazil Standard Contractual Clauses (or “Brazil SCCs”): Primary mechanism for tr |
| | | ansfers from Brazil. |
| | | Global CBPR and PRP Systems (or “CBPR and PRP”): Twilio’s privacy practices (as |
| | | described in this Notice) comply with the Global Cross Border Privacy Rules and |
| | | Privacy Recognition for Processors, frameworks for organisations to ensure the p |
| | | rotection of data transferred among participating economies. More on these progr |
| | | ams can be found here. |
| | | For our customers, all international data transfers are governed by our Data Pro |
| | | tection Addendum (“DPA”), which provides detailed information on our contractual |
| | | safeguards. |
| | | Data Security & Retention |
| | | An icon of a plus symbol |
| | | An icon of a minus symbol |
| | | Twilio protects personal data through a risk-based security framework and data l |
| | | ifecycle management processes. |
| | | Security Measures |
| | | To protect against loss, unauthorized use, access, or disclosure, Twilio uses re |
| | | asonable and appropriate security measures designed to protect personal data bot |
| | | h online and offline. |
| | | Risk-Based Protections: These measures vary based on the sensitivity of the pers |
| | | onal data we collect, process, and store, as well as the current state of techno |
| | | logy. |
| | | Global Standards: All systems are governed by policies built on industry best pr |
| | | actices, including ISO 27001 and NIST standards. |
| | | More information about our security measures can be found in our Security Overvi |
| | | ew. |
| | | Retention Policy |
| | | We endeavor not to retain personal data in a form which permits identification o |
| | | f individuals for longer than is necessary for the purposes for which that data |
| | | is processed. We retain personal data in accordance with Twilio’s record retenti |
| | | on policies and guidelines. |
| | | Customer Account Data is stored as long as needed to provide Services and operat |
| | | e our business. Please note that requests to delete Customer Account Data are su |
| | | bject to the Limitations set forth in the Privacy Rights & Choices section of th |
| | | is Notice. |
| | | Managing Your Data |
| | | We provide the tools you need to store, access, delete, and exercise control ove |
| | | r your data. The specific choices available to you depend entirely on which Serv |
| | | ice you use and how you have configured it. The Twilio Docs repository is a cent |
| | | ralized hub that includes product-specific instructions for managing your data, |
| | | plus step-by-step guides on our retention and deletion practices. |
| | | Privacy Rights & Choices |
| | | An icon of a plus symbol |
| | | An icon of a minus symbol |
| | | Depending on the applicable data protection laws, you may have the following rig |
| | | hts in relation to the personal data that we process as a data controller: |
| | | Table 6: Privacy Rights & Choices |
| | | Privacy Rights & Choices |
| | | Transparency & Control Rights |
| | | Be Informed: Request clear details on data categories, sources, purposes, and th |
| | | ird-party sharing. |
| | | Access: View or request a copy of your data. |
| | | Correct: Update inaccurate or outdated information. |
| | | Delete: Request data destruction when no legal or legitimate business reason for |
| | | retention exists. |
| | | Portability: Receive data in a structured, machine-readable format for transfer. |
| | | Object or Restrict: Oppose or limit data processing, including automated decisio |
| | | n making and related profiling. |
| | | Withdraw Consent: Rescind your consent for processing at any time. |
| | | Important Note: Account closure or deletion is permanent and results in immediat |
| | | e loss of access to some or all data. Requests are subject to limitations set fo |
| | | rth below. |
| | | How to Exercise Rights: |
| | | Self-service via Twilio console. |
| | | Customer Support for requests outside of self-service tools. |
| | | Marketing Communications & Targeted Advertising Rights |
| | | Opt out of marketing communications; update your communications preferences; upd |
| | | ate cookie preferences; opt out of targeted advertising. |
| | | Important Note: Marketing opt-outs may take up to three days to process. Essenti |
| | | al service communications— such as billing or password resets—will continue unle |
| | | ss your account is deactivated. |
| | | How to Exercise Rights: |
| | | Click “unsubscribe” at the bottom of any Twilio marketing email. |
| | | Update your communications preferences. |
| | | For targeted advertising, see Cookies & Tracking Technologies section of this No |
| | | tice. |
| | | Contact Customer Support. |
| | | Automated-Decision Making Rights |
| | | Object to and request a human review of decisions Twilio makes about you based s |
| | | olely on automated processing, which currently includes account approvals and ac |
| | | count suspensions related to abusive or fraudulent activity, or other decisions |
| | | that significantly affect you. |
| | | How to Exercise Rights: |
| | | Contact privacy@twilio.com. |
| | | Contact Customer Support. |
| | | Complaint Rights |
| | | Submit a complaint to Twilio; file an official complaint with a government data |
| | | protection regulator; take legal action through the relevant court system. |
| | | How to Exercise Rights: |
| | | See Resolving Complaints section in this Notice. |
| | | Additional Rights |
| | | Depending on your jurisdiction, you may exercise specific controls over your dat |
| | | a: |
| | | Sensitive Data: Restrict the use of sensitive personal data to what is strictly |
| | | necessary for Service delivery. Twilio currently limits processing to the specif |
| | | ic purposes in this Notice or as permitted by law. |
| | | EU Rights: If you believe data transfers from Europe to our U.S. headquarters or |
| | | other non-US companies breach our BCRs, you may lodge a complaint with the tran |
| | | sferring Twilio company or its local supervisory authority, or bring a court act |
| | | ion against the company. |
| | | U.S. CPNI: U.S. account holders can opt-out of the use of Customer Proprietary N |
| | | etwork Information (e.g., call quantity, type, and destination) for marketing ne |
| | | w services without affecting current services. |
| | | Brazil: Brazilian data subjects may exercise Article 18 rights by contacting our |
| | | Data Protection Officer at privacy@twilio.com. |
| | | Security & Verification |
| | | To protect your account, we must verify your identity before processing certain |
| | | requests (e.g. deletion). |
| | | Verification Process: We typically ask for proof of your recent interactions wit |
| | | h us or login verification. |
| | | Authorized Agents: If you use an authorized agent to make a request, we may requ |
| | | ire proof in the form of a power of attorney or written authority to act on your |
| | | behalf. |
| | | Limitations |
| | | In certain cases, these rights may be limited or an exemption may be applicable, |
| | | such as where Twilio can demonstrate that it has a legal requirement or legitim |
| | | ate interest to process your data. More information about these rights can be fo |
| | | und in our Binding Corporate Rules Controller Policy Rule 10 and Appendix 3. We |
| | | will not discriminate against you or change the price of our Services if you exe |
| | | rcise your rights, but if you ask us to delete your data, it may affect your abi |
| | | lity to use our Services. |
| If Twilio processes your personal data as a data processor on behalf of a custom | | Important Note: If Twilio processes your data as a data processor on behalf of a |
| er, we will either direct you to contact our customer to exercise your rights. | | customer, we will direct you to contact our customer to exercise your rights. |
| How To Exercise Your Rights and Choices | | Children’s Privacy |
| The following sections provide information about how to exercise certain rights | | An icon of a plus symbol |
| in relation to your personal data. To exercise any other rights, please contact | | |
| us at privacy@twilio.com. | | |
| Accessing and Controlling Account Data | | An icon of a minus symbol |
| As part of our Services, we provide you with a number of self-service features a | | Our Services are not directed to or intended to be used by children (under the a |
| t no additional cost within the Twilio console itself, including the ability to | | ge of 13 in the U.S. and UK, or 16 in the EEA). If we discover that a child has |
| access your data, update any incorrect data, download a copy of your data, delet | | created an account, we will deactivate it and delete the data as quickly as poss |
| e your data, or restrict the use of your data. You can make various choices abou | | ible. If you believe we have inadvertently collected data from a child, please c |
| t your Customer Account Data through the account portal when you log into your T | | ontact us at privacy@twilio.com with the subject line “Children”. |
| wilio account or through the marketing preferences center. Any other requests ab | | |
| out your data you cannot make through these self-service tools, you can request | | |
| by contacting Customer Support. | | |
| Closing Your Account and Deletion | | Cookies & Tracking Technologies |
| To request closure or deletion of your Twilio account, you can contact Customer | | An icon of a plus symbol |
| Support. Please be aware that closure or deletion of your Twilio account will re | | |
| sult in you permanently losing access to your account and the data in the accoun | | |
| t. After closure of your account, certain information associated with your accou | | |
| nt may remain on Twilio’s servers in an aggregated form that does not identify y | | |
| ou. Similarly, after you close your account, we will retain data — including per | | |
| sonal data — associated with your account that we are required to maintain for l | | |
| egal purposes or for necessary business operations (see “How Long We Retain Pers | | |
| onal Data” section above) until it’s no longer needed. | | |
| Identity Verification | | An icon of a minus symbol |
| In some instances, we will need to verify your identity before honoring your req | | We use cookies, pixels, web beacons, and similar tools to secure our website, an |
| uest. We will generally verify your identity by asking you to provide personal d | | alyze performance, and deliver relevant ads. These tools help us recognize your |
| ata related to your recent interactions with us. Thereafter, we will process you | | device to make your experience more secure, efficient and tailored to your inter |
| r request and inform you of any decisions we have made about your request. Addit | | ests. Under some U.S. state laws, this is considered "sharing" or "targeted adve |
| ionally, you may exercise your privacy rights through an authorized agent. If we | | rtising." |
| receive your request from an authorized agent, we may ask for evidence that you | | |
| have provided such agent with a power of attorney or that the agent otherwise h | | |
| as valid written authority to submit requests to exercise rights on your behalf. | | |
| If you are an authorized agent seeking to make a request, please contact us at | | |
| privacy@twilio.com. | | |
| We won’t discriminate against you or change the price of our services if you mak | | |
| e a request, but if you ask us to delete your data, it may affect your ability t | | |
| o use our Services. | | |
| Customer Proprietary Network Information (CPNI) | | |
| As an individual Twilio account holder or as an authorized representative of a T | | |
| wilio customer in the US, you have the right to restrict Twilio’s use of CPNI. T | | |
| o opt-out of the use of CPNI data related to your Twilio account to market other | | |
| Twilio Services based on your usage of our Services, click here. Please note th | | |
| at, if you have subscribed for the services on behalf of an organization, the CP | | |
| NI relates to the service usage by that organization and not you individually. O | | |
| pting-out of the use of CPNI for marketing will not unsubscribe you from other t | | |
| ypes of marketing contacts from Twilio and will not affect the status of the ser | | |
| vices you currently have with us. Your approval or opt-out of the use of your CP | | |
| NI outside of the services to which you are already subscribed is valid until yo | | |
| u affirmatively revoke or limit such approval. | | |
| Communication Preferences | | |
| You can opt out of receiving marketing communications from us at any time throug | | |
| h your marketing preferences page by clicking the “unsubscribe” link at the bott | | |
| om of any marketing email you receive from Twilio. You can also update your comm | | |
| unication preferences using our online form or contact our Customer Support Team | | |
| to communicate your choice to opt out. Please note that it may take up to three | | |
| days to remove your contact information from our marketing communications lists | | |
| , so you may receive correspondence from us for a short time after you make your | | |
| request. You will not be able to opt out of service emails from us, such as pas | | |
| sword reset emails, billing emails, or notifications of updates to our terms, un | | |
| less you deactivate your account. | | |
| How We Use Cookies and Other Tracking Technologies | | |
| Twilio uses common information gathering tools such as cookies, web beacons, pix | | |
| els and other similar tracking technologies to automatically collect information | | |
| as you navigate our websites, your account or when you interact with emails we | | |
| send to you. | | |
| Cookies | | Cookies |
| n | A cookie is a small text file that is stored in your browser or elsewhere on you | n | Cookies are small files stored on your device that help us recognize you, making |
| r hard drive. Cookies allow Twilio to identify your device as you navigate our w | | your experience more efficient and personalized. We use both session cookies (w |
| ebsites or your account. This makes navigating and interacting with our websites | | hich expire when you close your browser) and persistent cookies (which remain on |
| or your account more efficient, easy and meaningful for you. | | your device for a set period). Our cookies fall into three categories: |
| Twilio uses both session and persistent cookies. Session cookies are cookies tha | | Required: Essential for the website to function (e.g., secure log-in or remember |
| t disappear from your computer or browser when you turn off your computer. Persi | | ing where you are at in the order process. You cannot opt-out of required cookie |
| stent cookies stay on your computer even after you’ve turned it off. | | s. |
| The cookies on our websites fall into three categories: (1) Required Cookies, (2 | | Functional: Used to remember your choices (e.g, language or region) and analyze |
| ) Functional Cookies, and (3) Advertising Cookies. To learn more about each cate | | site usage to improve customer experience and site performance. You can opt-out |
| gory of cookie, you can visit our cookie consent tool by clicking on the “Cookie | | of functional cookies, however some site features may not work properly. |
| Preferences” link on the bottom right of the Twilio website you are visiting. | | |
| Manage Your Cookie Preferences | | Advertising: Used to show you content and ads that are relevant to your interest |
| | | s. You can opt-out of advertising cookies at any time. |
| Twilio uses a cookie consent tool, which you can utilize to customize your cooki | | Web Beacons (Pixels) |
| e preferences. When you visit our website for the first time, a cookie consent b | | |
| anner will pop up and ask you to customize your cookie preferences. If you decid | | |
| e to change your preferences at a later date, you can easily do so by clicking o | | |
| n the “Cookie Preferences” link on the bottom right of the Twilio website you ar | | |
| e visiting. Please note that Required Cookies cannot be disabled and if you deci | | |
| de to opt-out of Functional Cookies, certain functionality of our websites or yo | | |
| ur account may be impacted. Any choices concerning cookies are browser and/or de | | |
| vice specific. If you clear your cookies from your browser on any of your device | | |
| s, your choices will need to be reset. | | |
| Manage Cookies Using Your Browser | | Web beacons (or pixels) are 1x1 transparent images that can be embedded into our |
| | | marketing emails and allow us to see if you opened an email or clicked a link, |
| | | which helps us measure the effectiveness of our communications. |
| In addition to using our Cookie Consent tool, you can use your browser settings | | Your Controls: How to Manage Tracking Technologies |
| to opt out of Functional Cookies and Advertising Cookies. For more information o | | |
| n how to do that, click here. To manage privacy and storage settings for cookies | | |
| , click here. | | |
| Universal Opt-Out Mechanisms | | We provide multiple ways for you to manage tracking technologies: |
| | | Twilio Cookie Preferences Tool: The easiest way to manage your settings is by cl |
| | | icking the “Cookie Preferences” icon located in the footer of any Twilio website |
| | | . Any choices concerning cookies are browser and/or device specific. If you clea |
| | | r your cookies from your browser on any of your devices, your choices will need |
| | | to be reset. |
| | | Browser Settings: You can use your browser settings to opt out of Functional Coo |
| | | kies and Advertising Cookies. For more information on how to do that, click here |
| | | . To manage privacy and storage settings for cookies, click here. |
| Global Privacy Control (GPC) and Do Not Track (DNT) are tools that you can use t | | Universal Opt-Outs: Global Privacy Control (“GPC”) and Do Not Track (“DNT”) are |
| o inform websites of your privacy preferences in regard to ad trackers. To set u | | tools that you can use to inform websites of your privacy preferences in regard |
| p GPC, you can visit the Global Privacy Control page. To set DNT, you can visit | | to ad trackers. To set up GPC, you can visit the Global Privacy Control page. To |
| the All About DNT page. Please note that this may impact the functionality of ou | | set DNT, you can visit the All About DNT page. Please note that this may impact |
| r websites or your account. | | the functionality of our websites or your account. |
| Opt Out of Advertising Cookies | | Ad Industry Tools: To learn more about how to opt out of targeting and advertisi |
| | | ng cookies, you can visit Your Online Choices, the Network Advertising Initiativ |
| | | e, and the Digital Advertising Alliance. |
| To learn more about how to opt out of targeting and advertising cookies, you can | | Service Specific Privacy Notices |
| go to the Your Online Choices page, the Network Advertising Initiative page, an | | |
| d the Digital Advertising Alliance’s Consumer Choice page. These opt-out tools a | | |
| re provided by third parties, not Twilio. We do not control or operate these too | | |
| ls or the choices that advertisers and others provide through these tools. | | |
| Web Beacons | | An icon of a plus symbol |
| Twilio also uses web beacons to gather data about your use of our websites, your | | An icon of a minus symbol |
| account, and how you interact with emails we have sent to you. Web beacons are | | |
| clear electronic images that can recognize certain types of data on your compute | | |
| r, like when you view a particular website tied to the web beacon, and a descrip | | |
| tion of a website tied to the web beacon. Additionally, we may put web beacons i | | |
| n marketing emails that notify us when you click on a link in the email that dir | | |
| ects you to a Twilio website. | | |
| Children | | If you utilize any of the following Services, we are required to provide additio |
| | | nal details as to how we use the specified data categories and the purpose. Addi |
| | | tional information regarding the products can be found at the links below or in |
| | | the Twilio Docs. |
| Our Services are not directed to or intended to be used by children (under the a | | Authy |
| ge of 13 in the US and UK, or 16 in the EEA). We do not knowingly permit childre | | |
| n to sign up for a Twilio account. If we become aware that a child has signed up | | |
| for an account, we will take reasonable steps to deactivate the account and rem | | |
| ove their personal data from our records as quickly as possible. If you believe | | |
| an underage person has signed up for a Twilio account, please contact us at priv | | |
| acy@twilio.com with the subject line “Children”. | | |
| Automated Decision Making | | The Authy service is our standalone two-factor authentication (“2FA”) service fo |
| | | r desktop and mobile. The Authy apps generate one time passwords and push notifi |
| | | cations to provide an additional layer of security for your Authy-compatible acc |
| | | ounts. Authy’s 2FA can be used independently or with applications that integrate |
| | | directly with Authy 2FA API. |
| Automated decision-making occurs when an electronic system uses personal data to | | Due to the nature of the Authy service, Twilio collects the following additional |
| make a decision about you, without human involvement. Twilio uses automated dec | | personal data elements to our other Services: |
| ision-making leveraging a variety of signals derived from records we collect or | | |
| obtain from third party vendors, to help monitor, identify, and suspend accounts | | |
| sending spam or engaging in other abusive or fraudulent activity. We may also u | | |
| se this information to evaluate your account application and make decisions abou | | |
| t whether to approve or decline. If your account is suspended or not approved un | | |
| der these circumstances you will be notified and given an opportunity to request | | |
| human review of the decision. | | |
| We may rely on other automated decision-making where: | | Identifiers |
| We have notified you of the decision and provided you with the opportunity to re | | To create an Authy account, we require a phone number. We send a verification co |
| quest a human review of the decision | | de to that phone number to be sure that the person creating the Authy account ha |
| | | s control over the device. This phone number serves as your “primary device and |
| | | the unique identifier for your Authy account. We use that phone number to identi |
| | | fy you, provide 2FA services, and maintain security and anti-fraud logs. We also |
| | | collect your email address for identity verification and account recovery purpo |
| | | ses. |
| It is necessary to perform a contract with you and appropriate measures are in p | | Device Information |
| lace to safeguard your rights | | |
| We have your consent and we have put in place appropriate measures to safeguard | | When you download and open the Authy desktop or mobile app, we automatically col |
| your rights | | lect your device type and unique device identifier. This ensures we deliver the |
| | | correct version of the app, as well as the appropriate technical support. We als |
| | | o use your device information to ensure proper delivery, maintenance, and securi |
| | | ty of the Authy app. |
| | | Login History and Authy Account History |
| | | When you use an Authy token to log into an account, whether generated within the |
| | | app or sent to your phone, we collect information associated with that activity |
| | | . This includes your IP address, the application you accessed, and the timestamp |
| | | of the login. We also maintain a log of any changes made to the phone number or |
| | | email address associated with your account. We collect this information to moni |
| | | tor for suspicious activity and to verify your identity if we suspect your accou |
| | | nt may be compromised. |
| | | Geolocation information |
| | | If you have location services enabled, we collect your location based on your IP |
| | | address. We use this information for anti-fraud purposes, to detect suspicious |
| | | activity, and as an additional data point to verify your identity in the event o |
| | | f a suspected account compromise. |
| | | Frontline Services |
| | | To use the Frontline services, you must log in to the Frontline app using a thir |
| | | d party account through your Single Sign-On provider. Authentication is managed |
| | | by that third party, and we only collect the information you expressly authorize |
| | | when you link your account with the Frontline app. We only access the informati |
| | | on you or our customers provide, and we use it solely for the purposes for which |
| | | it was shared. Please see the Frontline App Terms for specific details about yo |
| | | ur relationship with us. |
| | | SendGrid Services |
| | | The SendGrid Services also collect additional data through web beacons placed in |
| | | the body of emails delivered via our platform. This allows us to track email en |
| | | gagement, including whether a message was delivered, opened, or clicked, bounced |
| | | , or marked as spam. You can learn more about our use of web beacons in the sect |
| | | ion titled “Cookies and Tracking Technologies” above. |
| | | Conversational Intelligence |
| | | Conversational Intelligence incorporates artificial intelligence and machine lea |
| | | rning to transcribe and analyze voice calls into a structured format that allows |
| | | our customers to drive their business processes. To translate voice calls into |
| | | structured content, Twilio processes certain data, including personal data withi |
| | | n voice calls, as an independent controller. This includes information provided |
| | | to us by our customers through their use of the Conversational Intelligence Serv |
| | | ice. |
| How to Contact Us | | How to Contact Us |
| n | If you have any questions, concerns or complaints about this Notice or our data | n | If you have questions about this Notice or our privacy practices, please contact |
| protection practices, please do not hesitate to contact our Data Protection Offi | | our Data Protection Officer (“DPO”) at privacy@twilio.com. |
| cer by emailing us at privacy@twilio.com or by writing to us at any of the follo | | |
| wing addresses: | | |
| | | You can also write to us at our global headquarters: |
| Worldwide Headquarters | | Worldwide Headquarters |
| Twilio Inc. | | Twilio Inc. |
| 101 Spear Street, 5th Floor | | 101 Spear Street, 5th Floor |
| San Francisco CA 94105 | | San Francisco CA 94105 |
| EEA Headquarters | | EEA Headquarters |
| Twilio Ireland Limited | | Twilio Ireland Limited |
| n | 70 Sir John Rogerson's Quay | n | 78 Sir John Rogerson’s Quay, |
| Dublin 2 | | Dublin 2 |
| D02 R296, Ireland | | D02 R296, Ireland |
| n | Complaints | n | Resolving Complaints |
| We will endeavor to resolve questions, concerns or complaints you raise with us | | We aim to resolve any questions or concerns in accordance with our Complaints Ha |
| in accordance with our Complaints Handling Procedure. In the unlikely event that | | ndling Procedure. If you have a question or wish to lodge a complaint (whether r |
| we are unable to resolve your concern, you can find information about your opti | | elated to our privacy practices or otherwise), please contact the Twilio Privacy |
| ons to seek assistance through independent dispute resolution mechanisms or comp | | Team at privacy@twilio.com or by mail at the physical addresses referenced unde |
| laints to your local data protection authority here. | | r “How to Contact Us.” |
| In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and t | | We encourage you to use these direct channels to ensure a prompt response, howev |
| he Swiss-U.S. DPF, Twilio commits to refer unresolved complaints concerning our | | er, we will address complaints received through any other means. If we are unabl |
| handling of personal data received in reliance on the EU-U.S. DPF and the UK Ext | | e to resolve your concern to your satisfaction, you may pursue further resolutio |
| ension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute | | n through the following channels: |
| resolution provider based in the United States, the European Union, the United | | |
| Kingdom, and/or Switzerland. If you do not receive timely acknowledgment of your | | |
| DPF Principles-related complaint from us, or if we have not addressed your DPF | | |
| Principles-related complaint to your satisfaction, please visit https://www.jams | | |
| adr.com/DPF-Dispute-Resolution for more information or to file a complaint. The | | |
| services of JAMS are provided at no cost to you. | | |
| You have the possibility, under certain conditions, to invoke binding arbitratio | | Data Protection Frameworks (“DPF”): For practices covered by our DPF certificati |
| n for complaints regarding DPF compliance that are not resolved by any of the ot | | on, contact our U.S.-based third party dispute resolution provider (free of char |
| her DPF mechanisms. You can find more information in the DPF ANNEX-I-introductio | | ge) at https://www.jamsadr.com/DPF-Dispute-Resolution. Under certain circumstanc |
| n. | | es, you may also invoke binding arbitration. For details, see Annex I of the EU- |
| | | U.S. Data Privacy Framework Principles. |
| If your question or complaint relates to personal data we process as a data proc | | Global CBPR and PRP Systems: For unresolved concerns related to our CBPR or PRP |
| essor on behalf of a customer, we will direct you to contact our customer to add | | certifications, contact our U.S.-based third-party dispute resolution provider ( |
| ress your question or complaint. | | free of charge) at https://feedback-form.truste.com/watchdog/request. |
| | | Data Protection Authorities: You may have the right to lodge a complaint with a |
| | | local data protection authority or commence court proceedings under your local l |
| | | aws. |
| | | EEA Residents: You have the right to lodge a complaint with the Data Protection |
| | | Commissioner in Ireland, where our EEA headquarters are located. |
| | | If your complaint relates to a company using our Services (e.g., you want to sto |
| | | p receiving emails from a specific brand), please contact that company directly. |
| | | As a data processor, we cannot resolve complaints about our customers' data pra |
| | | ctices. |
| Changes to Our Privacy Notice | | Changes to Our Privacy Notice |
| t | We will periodically review this Notice and may change it to address legal, tech | t | We periodically review and update this Notice to make clarifications or to refle |
| nical or business development requirements or make clarifications. When we chang | | ct legal, technical, or business changes. The latest version will always be post |
| e this Notice, the most current version will be available at https://www.twilio. | | ed at twilio.com/legal/privacy with the “Last Updated” date at the top. If we ma |
| com/legal/privacy with the date indicating when it was last updated. If we make | | ke significant changes that affect your rights, we will provide advance notice v |
| material changes that affect your rights, we will provide you with advance notic | | ia the Twilio console or by email and obtain your consent where legally required |
| e, such as by posting a message in the Twilio console or sending an email to the | | . |
| address we have on file for you. We will comply with applicable law with respec | | |
| t to any changes we make to this Notice. We will also seek your consent to mater | | |
| ial changes, where required by applicable law. | | |
| Twilio Product Privacy | | |
| Twilio offers a range of industry-leading communications and customer data platf | | |
| orm services to our customers. Depending on the Service, Twilio may be a data co | | |
| ntroller and data processor of personal data used to provide the Services. | | |
| Twilio processes personal data (Communications Usage Data and Customer Content) | | |
| for most of our Services as a data processor acting on the instruction of our cu | | |
| stomer and in accordance with the terms of our agreement with a customer, our Da | | |
| ta Protection Addendum, and service specific terms. Our Services provide custome | | |
| rs with ways to control, access and secure their data. | | |
| We also offer customers the ability to store, delete, access, or exercise other | | |
| choices about their personal data. The ability to make these choices depends on | | |
| the Service being used and how it is being used by a customer. Customers are ref | | |
| erred to our API docs for each of our Services, along with SendGrid’s documentat | | |
| ion and Segment’s documentation to find more detailed information about managing | | |
| personal data collected and stored in connection with their use of our Services | | |
| . We also provide an overview of our retention and deletion practices, including | | |
| how to delete data you control in our support documentation. We provide informa | | |
| tion about the security measures we use to protect our customer’s data in our Se | | |
| curity Overview, and if you are located in a country that requires you to obtain | | |
| information about our supplemental measures, you may read more about those meas | | |
| ures here. | | |
| For some of the Services we also act as a data controller where disclosed and ag | | |
| reed to by our customer in the agreement, Data Protection Addendum, product spec | | |
| ific terms or via the customers’ use and configuration of a product or feature.A | | |
| s a data controller, Twilio is responsible for the processing of the personal da | | |
| ta. | | |
| For more detail on our Services, please find information below or by visiting ou | | |
| r products page. | | |
| Authy | | |
| The Authy service is our standalone two-factor authentication (2FA) service for | | |
| desktop and mobile. The Authy apps generate one time passwords and push notifica | | |
| tions that can be used as a part of a two-step verification process with your Au | | |
| thy-compatible accounts to add another layer of security. Authy’s 2FA can be use | | |
| d on its own or with applications that directly integrate with Authy’s 2-factor | | |
| authentication API. | | |
| Due to the nature of the Authy service, Twilio collects the following additional | | |
| personal data elements to our other Services: | | |
| Identifiers | | |
| Once you open the Authy app, we ask you to provide us with a phone number to cre | | |
| ate your Authy account. We send a verification code to that phone number to be s | | |
| ure that the person creating the Authy account also has control over the phone n | | |
| umber entered. This phone number is considered your “primary device,” and will b | | |
| e the identifier for your Authy account. We use that phone number to identify yo | | |
| u, to provide you 2FA services, and to maintain logs for security and anti-fraud | | |
| purposes. We also collect your email address, and we use it for identity verifi | | |
| cation and account recovery purposes. | | |
| Device Information | | |
| When you download and open the Authy desktop or mobile app, we automatically col | | |
| lect information about the type of device you have downloaded the app on and you | | |
| r device identifier. We collect this to ensure we deliver the right version of t | | |
| he app for your device and so that we can provide appropriate follow up support | | |
| as necessary. We also use your device information to ensure proper delivery of o | | |
| ur service and to provide and deliver support and maintenance of the Authy app. | | |
| Login History and Authy Account History | | |
| When you use an Authy token to log into an account, whether the token was genera | | |
| ted on the app or one sent to you via your phone number, we collect and keep inf | | |
| ormation associated with your login activity including information like your IP | | |
| address, what application you logged in to, that you logged in, and when. If you | | |
| change your phone number or email associated with your Authy account, we will a | | |
| lso keep a log of that. We collect this information to monitor for suspicious ac | | |
| tivity and also as another piece of information that could be used to verify you | | |
| r identity if we suspect your account may be compromised. | | |
| Geolocation information | | |
| If you have location services turned on, we collect your location based on your | | |
| IP address. We use this information for anti-fraud purposes, to check for suspic | | |
| ious activity and as another piece of information we can use to verify your iden | | |
| tity if we suspect your account may be compromised. | | |
| Frontline Services | | |
| To use the Frontline services, you must log in to the Frontline app using a thir | | |
| d party account (through your Single Sign-On provider). The authentication of yo | | |
| ur login details is handled by that third party and we only collect the informat | | |
| ion you expressly agree to share with us at the time you give permission to link | | |
| the Frontline app with the third party account. We only gather the information | | |
| you and our customers give us access to, and we only use it for the purposes for | | |
| which you and our customers have provided it to us. Please see the Frontline Ap | | |
| p Terms for specific details about your relationship with us. | | |
| SendGrid Services | | |
| The SendGrid services also collect additional data in the form of web beacons pl | | |
| aced in the body of emails delivered using the SendGrid platform. This allows us | | |
| to keep track of whether or not an email has been delivered, opened, clicked on | | |
| , whether it bounced or was treated as spam. You can learn more about web beacon | | |
| s in the section titled “How We Use Cookies and Other Tracking Technologies” abo | | |
| ve. | | |
| Voice Intelligence | | |
| Voice Intelligence incorporates artificial intelligence and machine learning to | | |
| transcribe and analyze voice calls into a structured format that allows our cust | | |
| omers to drive their business processes. To translate voice calls into structure | | |
| d content, Twilio processes certain data as a controller, including personal dat | | |
| a contained in voice calls disclosed to us by our customer through their use of | | |
| the service. | | |
| Twilio | | Twilio |
| Twilio | | Twilio |
| Twilio careers | | Twilio careers |