Binding Corporate Rules (BCRs) are binding data protection policies that are approved by European data protection authorities after significant consultation with those authorities and enable multinational businesses, such as Twilio, to make intra-organisational transfers of personal data across borders in compliance with EU data protection law. BCRs function as a code of conduct for Twilio’s data protection practices, based on strict principles established by EU data protection authorities.
Twilio’s BCRs were approved in May 2018 and demonstrate Twilio group members’ commitment to provide adequate protection of personal data throughout the organisation, regardless of the group members’ location in the world. Twilio’s BCRs enable the transfer of personal data to Twilio group members across borders in compliance with EU data protection law.
From time to time, Twilio may update its BCRs, in accordance with the Binding Corporate Rules Updating Procedure. The links below reflect our most recent Binding Corporate Rules,which took effect on November 18th, 2022.
Twilio's Binding Corporate Rules
Controller Policy (Applicable When Twilio is Processing Personal Data as a Controller) Processor Policy (Applicable When Twilio is Processing Personal Data as a Processor)