Twilio Privacy Notice — Twilio

7 Total

0 High severity

6 Medium severity

1 Low severity

Summary

This is Twilio's privacy policy for its website, explaining what personal information Twilio collects when you visit twilio.com — including your name, email address, company details, browsing behavior, and device identifiers used for advertising and analytics. The most important thing to know is that Twilio shares your browsing and behavioral data with advertising and analytics partners including Google Tag Manager, Adobe, and its own Segment platform for targeted marketing purposes. If you are a California resident, you have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising by using the cookie consent tool on the site.

Technical Summary

This document is Twilio's Website Privacy Notice, governing the collection, use, and disclosure of personal data from visitors to twilio.com and related Twilio-branded websites, with legal basis rooted in consent, legitimate interests, and contractual necessity depending on jurisdiction. The notice creates obligations on Twilio to disclose data categories collected (including identifiers, usage data, device information, and inferred interests), to honor data subject rights requests, and to maintain appropriate data transfer mechanisms for cross-border transfers. Notably, the document is a website-only privacy notice and explicitly excludes Twilio's customer data processing activities (governed by separate agreements), which creates a potential gap in consumer understanding of how Twilio processes end-user communications data through its API products. The notice engages GDPR (EU/UK), CCPA/CPRA (California), and general FTC Act Section 5 obligations, with material considerations around the use of third-party analytics, advertising cookies, and cross-context behavioral advertising that trigger opt-out rights for California residents. Compliance teams should note the document references TrustArc for consent management and Segment (a Twilio subsidiary) for analytics, creating first-party/third-party data flow complexity that requires careful mapping.

Institutional Analysis

REGULATORY EXPOSURE: This notice directly engages GDPR Arts. 6, 13, and 17 (lawful basis, transparency, right to erasure) enforced by EU data protection authorities including the Irish DPC (Twilio's EU establishment); UK GDPR enforced by the ICO; CCPA/CPRA §§1798.100–1798.199 enforced by the Califo…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured March 28, 2026 06:06 UTC

Document ID CA-D-000252

Version ID CA-V-000352

Source URL https://www.twilio.com/en-us/legal/privacy

Wayback Machine View archived versions →

SHA-256 82f879e1032bd4d6547b34689e4c8e9f98456e9dbf6bcf2328c30e89128967aa

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

March 28, 2026 — Document updated low

Twilio fixed a typo in their Privacy Notice on March 28, 2026. The link to the privacy policy previously had a missing period, reading 'https://www/twilio.com/legal/privacy' instead of the correct 'https://www.twilio.com/legal/privacy'. This is a minor correction that ensures the URL is accurate and functional for users who want to find the latest version of the policy.

· 1 modified
View changes → View record →
82f879e1…
March 19, 2026 — Initial capture

First snapshot archived

53629b8f…

Analyzed Changes

1 change analyzed since monitoring began.

Updated March 28, 2026

low

What changed Twilio updated their Twilio Privacy Notice on March 28, 2026. Change detected: 1 sentence(s) modified. Document contained 270 sentences after update.

Consumer impact Twilio corrected a typographical error in their Privacy Notice — a broken URL ('https://www/twilio.com') has been fixed to the proper address ('https://www.twilio.com/legal/privacy'). This change has no impact on your data, rights, or privacy protections. It simply ensures the link to the current privacy policy is accurate and accessible.

Why it matters This is a minor typographical fix ensuring the privacy policy URL is accurate and functional. It has no material effect on consumer rights or data practices.

Medium Severity — 6 provisions

Third-Party Advertising and Analytics Data Sharing
Twilio shares your browsing behavior and device identifiers with third-party vendors including Google Tag Manager, Adobe Launch, Segment, and Visual Website Optimizer for advertising targeting and website analytics purposes.

Added April 1, 2026
Exclusion of Customer API Data from Notice Scope
This privacy notice explicitly covers only data collected on Twilio's website and does not apply to data processed through Twilio's API products — meaning the communications data of end-users of Twilio-powered apps is governed by separate contracts, not this notice.

Added April 1, 2026
Cross-Border Data Transfers
Twilio transfers personal data collected on its website to servers and vendors located in the United States and other countries, using Standard Contractual Clauses or other legal mechanisms to legitimize transfers from the EU and UK.

Added April 1, 2026
Cookie Consent and TrustArc Consent Management
Twilio uses TrustArc's consent management platform to obtain and record your preferences for cookies, including advertising and analytics cookies, and you can change your preferences at any time using the consent tool on the site.

Added April 1, 2026
Data Subject Rights (Access, Deletion, Portability)
Twilio states that individuals in the EU, UK, and California have rights to access, delete, correct, and port their personal data, and can submit requests through Twilio's privacy portal or by contacting privacy@twilio.com.

Added April 1, 2026
Use of Segment Analytics (First-Party Data Collection)
Twilio uses Segment, its own customer data platform subsidiary, to collect and analyze behavioral data from visitors to twilio.com, creating a direct pipeline between website visitor data and Twilio's broader marketing and customer data infrastructure.

Added April 1, 2026

Low Severity — 1 provision

Data Retention
Twilio retains personal data collected on its website for as long as necessary to fulfill the purposes described in the notice, or as required by law, without specifying fixed retention periods for most data categories.

Added April 1, 2026