Customer privacy is a big deal to us here at Twilio. In March, we increased SMS privacy with Message Body Redaction, which redacts the content of your texts before they’re stored anywhere in Twilio’s infrastructure. Today, we’re excited to introduce our latest SMS feature to further protect customer data: Phone Number Redaction. Phone Number Redaction takes privacy a step further by redacting the last four digits of non-Twilio phone numbers before they’re ever stored in Twilio.
It’s not just what you say, it’s who you say it to
Many developers use Programmable SMS to create one-on-one conversations with their customers. Limiting where these messages are stored is a great way to secure customer data. However, for certain conversations, just knowing who someone is talking to could be enough to reveal sensitive information. For example, if you know a CEO is confirming an appointment with a mergers and acquisitions lawyer, or a patient is rescheduling a visit to a lung cancer clinic, it’s already a breach of privacy. Phone Number Redaction makes sure that Twilio never stores those phone numbers, so the privacy of the participants is protected.
Starting today, we’re rolling out Phone Number Redaction in developer preview. At this stage, access will be limited to companies with existing SMS usage that want to further protect their customer conversations. If that’s you, then provide us with some information about your SMS use case and we’ll get back to you with more details and pricing.
Getting started with Phone Number Redaction
Once you have Phone Number Redaction enabled on your Twilio account, simply specify data handling preferences for the destination phone number of outgoing messages by setting AddressRetention=obfuscate. This works the same way as Message Body Redaction which you use by setting ContentRetention=discard.
You can also set the account default so that every message you send or receive through Twilio is retained with a redacted phone number. Once activated, Twilio will retain the full number only as long as required to deliver the message. Any downstream systems and services (such as long-term storage) will only have access to the redacted phone numbers.
If you have any questions, you can find me in the Twittersphere @ari_sigal. We can’t wait to see what you build with Phone Number and Message Body Redaction!