Binding Corporate Rules (BCRs) are binding data protection policies that are approved by European data protection authorities after significant consultation with those authorities and enable multinational businesses, such as Twilio, to make intra-organisational transfers of personal data across borders in compliance with EU data protection law. BCRs function a code of conduct for Twilio’s data protection practices, based on strict principles established by EU data protection authorities.

Twilio’s BCRs were approved in May 2018 and demonstrate Twilio group members’ commitment to provide adequate protection of personal data throughout the organisation, regardless of the group members’ location in the world. Twilio’s BCRs enable the transfer of personal data to Twilio group members across borders in compliance with EU data protection law.


Twilio's Binding Corporate Rules

Controller Policy (Applicable When Twilio is Processing Personal Data As A Controller)
Processor Policy (Applicable When Twilio is Processing Personal Data As A Processor)