Get Started

Keeping customer communications secure in the cloud

Twilio cloud communications security architecture

Security in the cloud is always a concern, but at Twilio, we take cloud security very seriously. Trust but verify, we say, so that you can have full confidence when moving your customer communications to the cloud. Twilio follows industry best practices for cloud security and global telecom connections and as a company, we are transparent about security policies, systems and operations.

Physical security

Strong physical security is at the very foundation of our practices. Twilio's cloud communications platform is hosted at Amazon Web Services (AWS), which are highly scalable, secure and reliable data centers. AWS physical security measures included round-the-clock surveillance, multi-factor authentication, multiple redundancy zones and security logging. AWS complies with leading security policies and frameworks, including SSAE 16, SOC, ISO 27001 and PCI DSS Level 1.

Network security

Strong security protects the perimeter. Twilio implements best practices for protecting the network between the Twilio cloud and thousands of carrier connections around the world. These preventive measures include network firewalls, denial-of-service (DoS) and distributed DoS prevention, and posture assessment.

Application security

The Twilio platform and customers' application are kept secure. As a multi-tenant platform, Twilio inherently ensures that each customer's applications are protected and run in isolation from every other customer's applications. In addition, Twilio uses encryption, strong password protection for TwiML URLs, and validates outbound requests to customers' applications. And of course, Twilio follows industry best practices such as role-based access and regular backups of customer data.

Transparent security operations

Twilio believes that our security practices should be transparent to customers so that customers can verify our security measures and practices to ensure the highest level of trust. Twilio has well-defined policies for audit, incident response and privacy.


Twilio complies with key government and industry regulations and policies, including US-EU Safe Harbor and PCI DSS. Twilio also supports a variety of customer use cases for HIPAA.