What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This notice engages GDPR and UK GDPR for EU/EEA and UK users, CCPA and CPRA for California residents, and references additional US state privacy laws. The FTC exercises general oversight over consumer data practices in the US. The notice invokes legitimate interests as a legal basis for certain processing, which under GDPR may require a documented balancing test; compliance teams should assess whether the stated legitimate interests basis is adequately supported for ea…

How does Segment's Segment Privacy Policy affect users?

The agreement establishes that Twilio collects identifiers, IP addresses, device and browser information, and behavioral data from website visitors, and authorizes sharing this data with third-party advertising and analytics vendors. Under these terms, personal data may be used to deliver targeted advertising and to build profiles based on inferred interests and demographics. You can opt out of certain data sharing for advertising purposes using the cookie consent tool provided by TrustArc, acc…

How often is Segment's Segment Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Segment updates this document?

Yes. Monitor subscribers ($19/month) can add Segment to their watchlist and receive same-day email alerts whenever this document or any other Segment document changes.

CA-D-000700

Segment Privacy Policy

Segment

Last change detected May 22, 2026 Privacy policy

SHA-256: 7554b23ee0883f0de4b… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Segment ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

5 Total

0 High severity

5 Medium severity

0 Low severity

Summary

This is Twilio's Website Privacy Notice, covering how Twilio collects and uses personal data from visitors to twilio.com, including identifiers, contact details, device information, browsing activity, IP addresses, and inferred data. The notice authorizes sharing personal data with advertising, analytics, and marketing partners including Google Tag Manager, Adobe Launch, and Segment, and states that this data may be used to deliver targeted advertising across platforms. California residents and EU/EEA users are provided jurisdiction-specific rights including the ability to opt out of data sharing for advertising purposes and to request access or deletion of their personal data.

Technical / Legal Breakdown

This document is Twilio's Website Privacy Notice, governing personal data collection and processing on twilio.com and related websites, with stated legal bases including consent, legitimate interests, and contractual necessity depending on jurisdiction. The notice states that Twilio collects identifiers, contact information, device and browser data, usage and interaction data, IP addresses, and inferred demographic data; the terms authorize use of this data for marketing, analytics, advertising personalization, and sharing with third-party advertising and analytics partners including Google, Adobe, and Meta. The notice discloses deployment of cookies, tracking pixels, and third-party scripts from advertising and analytics vendors, and states that Twilio uses TrustArc for consent management, which is a disclosed but operationally significant dependency on a third-party consent framework. The notice references GDPR for EU/EEA users, CCPA/CPRA for California residents, and similar state privacy laws, with jurisdiction-specific rights including access, deletion, correction, and opt-out of data sale or sharing; the applicability of these rights and the adequacy of the consent mechanisms may require evaluation under applicable law in each relevant jurisdiction. Material compliance considerations include the breadth of third-party data sharing disclosed for advertising purposes, the reliance on cookie-based consent management, and the potential interaction between stated legitimate interests processing and GDPR Article 6 requirements.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

2 important changes detected

3 versions captured · Last updated: May 2026

May 22, 2026

medium

What changed Segment updated its privacy policy on May 22, 2026 to add two new provisions and clarify one existing process. The company added explicit notice that Twilio Inc. (Segment's parent company) is subject to FTC investigatory and enforcement powers, and introduced a new opt-out right allowing users to decline disclosure of their data to third parties or use for materially different purposes than originally authorized. The policy also revised its dispute resolution language to refer to 'Data Privacy Frameworks' instead of 'Data Protection Frameworks' in the context of JAMS arbitration. These changes establish new user controls and regulatory transparency without removing existing protections.

Why this matters The updated policy establishes a new opt-out mechanism allowing users to decline having their data disclosed to third parties (other than service providers) or used for purposes materially different from the original collection purpose. The policy also explicitly discloses that Twilio Inc. is subject to FTC investigatory and enforcement powers, providing users with notice of the regulatory authority overseeing the company's privacy practices. You can exercise this opt-out right by contacting Segment through the mechanism specified in their privacy policy.

View full change record →

May 19, 2026

medium

What changed Segment updated its privacy policy on May 19, 2026 to provide more detailed disclosure of its Data Privacy Framework (DPF) compliance certifications and mechanisms. The policy now explicitly states that Twilio Inc. and subsidiary Stytch Inc. have certified compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF frameworks, and clarifies that if these frameworks conflict with other policy terms, the DPF Principles govern. The policy also added specific opt-out rights for third-party disclosure and non-originally-authorized uses of personal data, and replaced a reference to a dispute resolution provider with the named provider JAMS.

Why this matters The updated terms establish clearer disclosure of how Segment transfers personal data internationally. Segment now explicitly certifies its compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, and states that these DPF Principles take precedence if they conflict with other policy terms. The updated policy also adds specific rights allowing you to opt out of: (i) disclosure of your personal data to third parties other than service providers acting under Segment's instructions, or (ii) use of your personal data for purposes materially different from the original purpose or your subsequent authorization. You can exercise these rights by contacting privacy@twilio.com.

View full change record →

Recent Provision Changes May 22, 2026

Added (1)

Segment Analytics Tracking Medium

New provision specifically documenting Segment's own analytics tracking practices, distinguishing company tracking from third-party tracking handled through its platform.

Removed (1)

Cookie and Tracking Technology Collection

Removal of this broad provision may indicate that cookie and tracking practices have been reorganized into more specific provisions like 'Segment Analytics Tracking' or consolidated into other sections.

Modified (4)

Third-Party Advertising and Analytics Data Sharing

Provision retained in both versions with identical name and positioning in the policy structure.

TrustArc Cookie Consent Mechanism

Provision renamed from 'TrustArc Consent Management' to 'TrustArc Cookie Consent Mechanism' to provide more specific clarification of the consent type managed.

California Resident Rights and Opt-Out

Provision renamed from 'California Resident Privacy Rights' to 'California Resident Rights and Opt-Out' to explicitly highlight opt-out mechanisms available to California residents.

GDPR Legal Basis and EU User Rights

Provision renamed to emphasize 'Legal Basis' for GDPR processing and narrowed focus from 'EU and UK' to 'EU User Rights', reflecting potential policy clarifications around lawful processing grounds.

1 provision unchanged.

View full change record →

Medium — 5 provisions

Third-Party Advertising and Analytics Data Sharing Compare →

The notice discloses that Twilio uses third-party services including Google Tag Manager, Adobe Launch, and Segment to collect and process visitor data, and that this data may be shared with advertising and analytics partners for targeting and measurement purposes.

Added May 12, 2026 Standard Seen across 284 platforms
TrustArc Cookie Consent Mechanism Compare →

The notice discloses that Twilio uses TrustArc to manage cookie consent, and that a consent banner is presented to users, with Segment analytics configured to load subject to TrustArc consent state via a TrustArc-Segment wrapper.

Added May 21, 2026 Standard Seen across 262 platforms
Segment Analytics Tracking Compare →

The notice discloses that Segment analytics is deployed on twilio.com using a write key, configured with cookie parameters including a 90-day maxage, and loaded conditionally via the TrustArc consent wrapper, with page-level tracking and user identification methods enabled.

Added May 21, 2026 Standard Seen across 284 platforms
California Resident Rights and Opt-Out Compare →

The notice references CCPA and CPRA rights for California residents, including the right to know, delete, correct, and opt out of the sale or sharing of personal data for cross-context behavioral advertising purposes.

Added May 21, 2026 Standard Seen across 284 platforms
GDPR Legal Basis and EU User Rights Compare →

The notice references GDPR as an applicable framework for EU/EEA users and discloses processing legal bases including consent and legitimate interests, along with user rights including access, deletion, correction, restriction, and data portability.

Added May 21, 2026 Standard Seen across 284 platforms

Monitoring

Segment has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Segment Analytics with alwaysLoadSegment Flag and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

ePrivacy Directive

European Union

View official text ↗

Archival ProvenanceSource & Archival Record

Last Captured May 22, 2026 01:23 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000700

Version ID CA-V-002888

Source URL https://segment.com/legal/privacy/

Wayback Machine View external archival references →

SHA-256 7554b23ee0883f0de4baef7ca9a4749334390d0418fd7f94527bffe7ead5044e

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Segment Privacy Policy

May 22, 2026

May 19, 2026

Recent Provision Changes May 22, 2026

Mapped Governance Frameworks

Monitor governance changes across the platforms you rely on.