Skip to contentSkip to navigationSkip to topbar
On this page

Compliance Toolkit for Programmable Messaging


(new)

Public Beta

Programmable Messaging customers can activate the Public Beta of the Compliance Toolkit from the Twilio Console(link takes you to an external page).

This feature supports SMS messages terminating in the United States written in English and Spanish languages only.

Compliance Toolkit is available as a Public Beta release and the information contained in this document is subject to change. Some features are not yet implemented and others may be changed before the product is declared as Generally Available. Public Beta products are not covered by the Twilio Support Terms or the Twilio Service Level Agreement.

To learn how Twilio supports products in public beta, see Twilio Beta Product Support(link takes you to an external page).

(warning)

Legal notice

Compliance Toolkit is not a HIPAA Eligible Service and shouldn't be used in workflows that are subject to HIPAA.

(information)

Pricing

To learn about Compliance Toolkit pricing for Programmable Messaging, the SMS Pricing(link takes you to an external page) page or contact Sales(link takes you to an external page).

Compliance Toolkit helps you mitigate your compliance exposure by using artificial intelligence and machine learning to proactively detect possible regulatory violations and prevent or reschedule their transmission.


Get started with Compliance Toolkit

get-started-with-compliance-toolkit page anchor

To activate Compliance Toolkit, go to your account settings in the Twilio Console.


Twilio passes all US outbound SMS traffic through Compliance Toolkit to help you identify and resolve possible violations specific to the following regulations.

Quiet Hours enforcement

quiet-hours-enforcement page anchor

Quiet Hours check

When Twilio tries to send a message, Compliance Toolkit checks if it falls within Quiet Hours. The US Federal Communications Commission defines these hours under the Telephone Consumer Protection Act(link takes you to an external page)(TCPA) as 9:00 PM to 8:00 AM in the recipient's local time zone in the US. Twilio infers the time zone using the recipient's phone number area code.

(information)

Recommended

To improve accuracy, you can provide the most known zip codes of the your recipients with the Contact APIs. When used, Compliance Toolkit will use the zip codes as entered in the Contacts API to enforce Quiet Hours.

Message classification

If the message falls within Quiet Hours, Compliance Toolkit classifies the message as essential or non-essential. This classification is based on the message content and context.

If you want to override the defaults and bypass Compliance Toolkit's classification model and set specific messages as essential, use the MessageIntent parameter. See Consent Management API .

Examples of non-essential messages

  • Marketing and promotional campaigns like discounts, loyalty points, and flash sales
  • Charity or events-related broadcasts

Examples of essential messages

  • Fraud alerts or suspicious activity notifications
  • Shipping and delivery updates
  • Customer support messages
  • Emergency announcements
  • School alerts to parents and students
  • Receipts or confirmations requested through SMS
  • Replies to recent inbound messages
  • Opt-in and unsubscribe confirmations

Delivery behavior

If Compliance Toolkit reschedules non-essential messages for delivery after Quiet Hours, it changes the message metadata in the following ways:

  • The delivery status changes to scheduled.
  • It adds a ScheduledAt timestamp in the Message Logs that states when it plans to deliver the message.

You can track the scheduled status with existing webhooks, logs and Messaging Insights experience.

This feature delivers messages while respecting both compliance requirements and recipient experience.

You can set your preference for Quiet Hours message handling as one of two options:

  • Reschedule (default): The default behavior that reschedules the message with a new delivery time.
  • Block: This blocks the non-essential message sent during Quiet Hours and returns a 30610 error code.

To identify users who have opted out of receiving your messages, Twilio checks against its opt-out database.

These previous subscribers sent a reply to opt out with the standard keywords:

  • STOP
  • UNSUBSCRIBE
  • END
  • QUIT
  • STOPALL
  • REVOKE
  • OPTOUT
  • CANCEL

If the associated recipient had replied to a message with the appropriate opt-out command and on a date later than the recorded opt-in date, Twilio blocks the message and returns an error code(link takes you to an external page). To learn more about opt out, see Twilio support for opt-out keywords(link takes you to an external page).

Twilio also checks the recipient's consent status using the Consent Management API. If a recipient has set their consent status to opt-out, Twilio blocks your message to that specific user and returns an error code., regardless of keywords.

Re-assigned number check

re-assigned-number-check page anchor

Compliance Toolkit verifies that the intended recipient's phone number is still with the original subscriber who opted-in (consented) to communications by automatically tracking & updating customer's blocklist with reassigned phone numbers to make sure outbound messages destined for recipients with reassigned numbers are prevented from being sent. After the first Reassigned Number check on a particular phone number, this feature checks that number for new messages every 30 days.


Tune your Compliance Toolkit setup

tune-your-compliance-toolkit-setup page anchor

Twilio Compliance Toolkit provides you with customization options to meet your specific messaging needs. Compliance Toolkit offers three API resources to override its default behaviors .

  1. Consent Management API allows you to set each subscriber's opt-in or opt-out status. Twilio uses these up-to-date, verified preferences to block or permit messages.
  2. Contact API allows you to set the known ZIP code for each end user. This improves Quiet Hours accuracy by using the recipient's location instead of relying solely on their phone number's area code.
  3. Twilio Programmable Messaging API
  • The riskCheck parameter sets which messages the Compliance Toolkit evaluates. When set to disable, Compliance Toolkit doesn't evaluate that message. You don't incur associated charges for its use.
  • The messageIntent parameter sets the nature of the message as per your use case

If you set the messageintent as an essential use case value like otp and notifications using this parameter, Twilio exempts it from Quiet Hours checks and delivers it. If you set the messageintent as non-essential use case value like marketing using this parameter, Twilio reschedules its delivery after Quiet Hours.

The following table lists the use cases that can be configured for the MessageIntent parameter, Quiet Hours Mapping assigned for the use case.

Use caseMessageIntent parameter valueQuiet Hours Mapping
Two-factor auth (2FA) and one-time passcodes (OTP)otpEssential
Account notifications, two-way conversational messagingnotificationsEssential
Fraud alertsfraudEssential
Security alerts, emergencysecurityEssential
Customer carecustomercareEssential
Delivery notificationsdeliveryEssential
EducationeducationNon-Essential
Event marketingeventsNon-Essential
Polling and voting (non-political)pollingNon-Essential
Public service announcement (non-emergency)announcementsNon-Essential
General and campaign marketingmarketingNon-Essential

When Compliance Toolkit blocks an SMS delivery due to Opt-Out or Reassigned Phone Number identification, Twilio returns an error 21610 is displayed in the Twilio error logs and the API response.

When Compliance Toolkit detects a marketing message being sent during Quiet Hours, it doesn't deliver it. It sets the delivery status to scheduled and the ScheduledAt timestamp for after the end of Quiet Hours, up to 4 hours later When you opt to block, rather than reschedule these messages, Compliance Toolkit returns error 30610 is displayed in the Twilio error logs and the API response.

To analyze aggregate trends and drill into Compliance Toolkit outcomes, use the Messaging Logs and Insights on Twilio Console.


Q: Can I use Compliance Toolkit only for specific messages or subaccounts?

Yes. From the Twilio console, you can activate Compliance Toolkit only on specific subaccounts. To selectively invoke Compliance Toolkit per message, use the riskCheck parameter in the Twilio Programmable Messaging API. You control when to apply Compliance Toolkit.

Q: How does this differ from Twilio's Message Scheduling feature?

Twilio Message Scheduling (within the Engagement Suite) activates users to schedule messages for delivery at a future date and time. Twilio Message Scheduling doesn't analyze the message type nor prevent flagged messages from being sent during quiet hours.

Q: How does Compliance Toolkit determine a recipient's timezone for quiet hours?

By default, Compliance Toolkit infers the timezone from:

  • User phone number area code, or
  • If available, the latest known zipcode provided from the Twilio Contacts API.

Twilio AI Nutrition Facts provide an overview of the AI feature you're using, so you can better understand how AI is working with your data. The qualities of Compliance Toolkit are outlined in the following Nutrition Facts label. For more information, including the glossary regarding the AI Nutrition Facts label, refer to Twilio's AI Nutrition Facts page(link takes you to an external page).

AI Nutrition Facts

Compliance Toolkit for Programmable Messaging

Description
Compliance Toolkit is a product available to Twilio Messaging customers that uses Artificial Intelligence to help manage their obligations with respect to certain local regulatory or compliance requirements.
Privacy Ladder Level
3
Feature is Optional
Yes
Model Type
Machine Learning
Base Model
Logisitic Regression

Trust Ingredients

Base Model Trained with Customer Data
Yes

Customer messaging traffic metadata is used for model training.

Customer Data is Shared with Model Vendor
No
Training Data Anonymized
Yes
Data Deletion
Yes
Human in the Loop
Yes
Data Retention
30 days

Compliance

Logging & Auditing
Yes

Standard service logging is applied and logs are stored for future review.

Guardrails
Yes
Input/Output Consistency
Yes
Other Resources