The notice discloses that Twilio uses third-party services including Google Tag Manager, Adobe Launch, and Segment to collect and process visitor data, and that this data may be shared with advertising and analytics partners for targeting and measurement purposes.
This analysis describes what Segment's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that personal data collected on twilio.com is transmitted to multiple third-party vendors on page load via embedded scripts, creating data flows that require documented legal bases and data processing agreements under GDPR and CCPA.
Interpretive note: The exact scope of data transmitted to each named third-party vendor and the consent configuration applied by TrustArc are not fully described in the available document text.
The updated policy establishes a new opt-out mechanism allowing users to decline having their data disclosed to third parties (other than service providers) or used for purposes materially different from the original collection purpose. The policy also explicitly discloses that Twilio Inc. is subject to FTC investigatory and enforcement powers, providing users with notice of the regulatory authority overseeing the company's privacy practices. You can exercise this opt-out right by contacting Segment through the mechanism specified in their privacy policy.
View change record →The updated terms establish clearer disclosure of how Segment transfers personal data internationally. Segment now explicitly certifies its compliance with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, and states that these DPF Principles take precedence if they conflict with other policy terms. The updated policy also adds specific rights allowing you to opt out of: (i) disclosure of your personal data to third parties other than service providers acting under Segment's instructions, or (ii) use of your personal data for purposes materially different from the original purpose or your subsequent authorization. You can exercise these rights by contacting privacy@twilio.com.
View change record →Provision retained in both versions with identical name and positioning in the policy structure.
View full change record →Under this disclosure, visitor identifiers, behavioral data, and device information may be transmitted to advertising and analytics vendors including Google and Adobe when a user visits twilio.com. The agreement establishes that TrustArc consent preferences govern whether these scripts execute for users in applicable jurisdictions.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Segment has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 6 and 28 regarding lawful basis and processor contracts, the ePrivacy Directive regarding cookie consent, and CCPA/CPRA regarding data sharing for advertising purposes. The FTC and state attorneys general have jurisdiction over consumer data sharing practices in the US. Sharing data with advertising partners under a legitimate interests basis may require evaluation under GDPR's balancing test requirements. (2) GOVERNANCE EXPOSURE: Medium. The use of multiple third-party tracking scripts that transmit data to external vendors creates a distributed data sharing architecture that requires complete vendor mapping and confirmed data processing agreements. The practical scope of data transmitted depends on TrustArc consent configuration, which is not fully described in the notice itself. (3) JURISDICTION FLAGS: EU/EEA and UK users have the highest exposure given GDPR and ePrivacy Directive requirements for prior informed consent for non-essential cookies. California users have CPRA rights regarding opt-out of sharing for cross-context behavioral advertising. Illinois and other state-level privacy laws may also apply depending on the nature of data collected. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that data processing agreements are in place with each named third-party vendor, including Google, Adobe, and Segment, and that standard contractual clauses or equivalent transfer mechanisms cover any international data transfers. The notice does not describe the specific contractual terms governing these relationships. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit the TrustArc consent banner configuration to confirm it blocks third-party scripts prior to consent where required, review vendor DPA status for each named partner, and update data maps to reflect all third-party data flows disclosed in this notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that personal data collected on twilio.com is transmitted to multiple third-party vendors on page load via embedded scripts, creating data flows that require documented legal bases and data processing agreements under GDPR and CCPA.
Under this disclosure, visitor identifiers, behavioral data, and device information may be transmitted to advertising and analytics vendors including Google and Adobe when a user visits twilio.com. The agreement establishes that TrustArc consent preferences govern whether these scripts execute for users in applicable jurisdictions.
ConductAtlas has identified this type of provision across 24 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Segment.