The notice references GDPR as an applicable framework for EU/EEA users and discloses processing legal bases including consent and legitimate interests, along with user rights including access, deletion, correction, restriction, and data portability.
This analysis describes what Segment's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that EU/EEA visitors to twilio.com are covered by GDPR protections, and that Twilio asserts multiple legal bases for processing, including legitimate interests, which under GDPR requires a documented balancing test for each processing activity so claimed.
Interpretive note: The specific legitimate interests assessments and the full text of GDPR-related provisions are not directly quoted in the available document text.
The updated policy establishes a new opt-out mechanism allowing users to decline having their data disclosed to third parties (other than service providers) or used for purposes materially different from the original collection purpose. The policy also explicitly discloses that Twilio Inc. is subject to FTC investigatory and enforcement powers, providing users with notice of the regulatory authority overseeing the company's privacy practices. You can exercise this opt-out right by contacting Segment through the mechanism specified in their privacy policy.
View change record →The updated terms establish clearer disclosure of how Segment transfers personal data internationally. Segment now explicitly certifies its compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, and states that these DPF Principles take precedence if they conflict with other policy terms. The updated policy also adds specific rights allowing you to opt out of: (i) disclosure of your personal data to third parties other than service providers acting under Segment's instructions, or (ii) use of your personal data for purposes materially different from the original purpose or your subsequent authorization. You can exercise these rights by contacting privacy@twilio.com.
View change record →Provision renamed to emphasize 'Legal Basis' for GDPR processing and narrowed focus from 'EU and UK' to 'EU User Rights', reflecting potential policy clarifications around lawful processing grounds.
View full change record →Under these terms, EU/EEA users have rights to access, correct, delete, restrict, and port their personal data, and may object to processing based on legitimate interests. The agreement establishes that consent is the basis for cookie-based tracking, while other processing may be conducted under legitimate interests.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Segment has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 6, 12 through 22, and 30, as well as the ePrivacy Directive for cookie-based tracking. Enforcement is by EU/EEA national supervisory authorities and the UK Information Commissioner's Office for UK users. The assertion of legitimate interests as a legal basis requires a documented legitimate interests assessment for each applicable processing activity. (2) GOVERNANCE EXPOSURE: Medium. The use of legitimate interests as a basis for processing without disclosed documentation creates potential challenge risk from supervisory authorities, particularly for advertising-related processing where data subjects' interests may override those of the controller. (3) JURISDICTION FLAGS: All EU/EEA and UK users are within scope; Ireland and Luxembourg may have primary supervisory authority for Twilio given its European operations, though this depends on Twilio's establishment structure. (4) CONTRACT AND VENDOR IMPLICATIONS: International data transfers from EU/EEA to the US must be covered by standard contractual clauses or an equivalent transfer mechanism; compliance teams should confirm that all named third-party vendors have adequate transfer mechanisms in place. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should document legitimate interests assessments for each processing activity claiming that basis, ensure that data subject rights request procedures are operational and meet GDPR response timelines, and confirm that records of processing activities under Article 30 are current and reflect all disclosed processing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that EU/EEA visitors to twilio.com are covered by GDPR protections, and that Twilio asserts multiple legal bases for processing, including legitimate interests, which under GDPR requires a documented balancing test for each processing activity so claimed.
Under these terms, EU/EEA users have rights to access, correct, delete, restrict, and port their personal data, and may object to processing based on legitimate interests. The agreement establishes that consent is the basis for cookie-based tracking, while other processing may be conducted under legitimate interests.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Segment.