Developer Products and Account Portal Privacy
Last Updated September 26, 2016
Click here for prior version.
Heads up! This isn’t the “legal version.” It’s just a summary. If you want the legal version, block your calendar and get comfy - you’ll have to read the full version below.
- This privacy notice relates to Twilio’s developer products and services and our account portal. Go here for the website privacy notice. Or, if you use the Authy app, go here.
- We collect data from you when you set up an account with Twilio, like your name, email address, and billing information. We use that data to do things like communicate with you about your account and bill you for using our products and services. If you don’t want to get marketing emails from us, you can opt-out by following the instructions in those emails or contacting customer service.
- When you use our products and services, we collect data relating to and about your use, like the API calls you make, how many calls you make or receive, the contents of the communications, and where calls come from or go to. We show you this information in the account portal so you can manage your account. We also use this to complete calls, route communications traffic, bill you for your use of our products and services, watch out for fraud, and improve our products and services.
- We share the data we collect from you with telecommunications providers as necessary to complete the communication. We also share data we collect from you with Twilio’s third party service providers as necessary for those service providers to perform their services for us. We will also share your data with third parties, if we’re legally required to do so.
- If you use Add-ons, the relevant Add-on Partners’ policies will apply to their handling of your data.
- Your data is transferred to the U.S.
- Check out Section 17 of our Terms of Service if you have a dispute with us.
- If you want to ask how to delete or access your data, email email@example.com.
IntroductionLet’s get orientedWhat data we collect, how we collect it and whyWhat we use your data forWho we may share your data withAdd-onsInternational Operations and Transfers Out of the EEA and SwitzerlandInformation from ChildrenHow we secure your dataHow we treat Do-Not-Track SignalsHow we tell you about changes to our privacy practicesHow to make choices about your dataHow to resolve disputes relating to our privacy practicesHow you contact us
Below is a summary of our practices when it comes to your data collected when you use the Twilio account portal and our products and services. If you are interested in learning about our practices relating to data collected when you visit our publicly-accessible website www.twilio.com, click here.
Please note that some Twilio customers may have special agreements with us that specify the collection, use, and sharing of their data. If those special agreements and this notice conflict, those special agreements will apply.
For purposes of this notice, the words “our,” “us,” “we,” and “Twilio" refer to Twilio Inc. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
Before you submit any information on or through the Twilio account portal or use Twilio products and services, please carefully review this Notice. By using any part of the Twilio Site, you consent to the collection, use, disclosure and sharing of your information as further outlined below in this Notice.
What is Twilio? Twilio is a cloud communications company. Our customers are generally software application developers (or companies that have software application developers working for them). Our customers generally use Twilio’s products and services, which include APIs and SDKs, to build communications features and capabilities into their applications. Our customers then often have their own customers or users of the applications they build using Twilio’s products and services. To avoid confusion, we’ll call the individuals that use our customers’ applications the “end users.”
Categories of Customer Data. There are three general categories of customer data that we collect or generate from our customers’ use of our products and services. We’ll call these “Customer Content,” “Customer Account Data,” and “Customer Usage Data.”
- Customer Content. Customer Content consists of the communications that are sent through integration with certain of Twilio’s products and services, like the body of a message or voice communication.
- Customer Account Data. Customer Account Data is all the data that relates to the relationship between Twilio and its customers, like our customers’ names, contact information, and billing information and records.
- Customer Usage Data. Includes operational data like API requests, call or messaging logs, origination and termination points (i.e. to/from numbers), traffic routing information, or usage information. For Authy customers, Customer Usage Data also includes your end users’ phone number and email addresses so we can validate your end users as requested by your application.
Customer Account Data you share with us directly. When you sign up for an account with Twilio through our account portal, you’ll be asked to give us your name, email address, and optionally, your company name. You’ll also be asked to create a password. We collect this Customer Account Data so that we know who you are, we can communicate with you about your account, and we can recognize you when you communicate with us through the account portal or otherwise.
When you first sign up for an account, we’ll also ask you for a telephone number so that we can communicate a verification code to that telephone number and have you enter that code into our website. This helps us ensure that you’re actually a human being. You can then use this number as an outgoing caller id for voice calls, and you can text message it during your account trial period.
When you set up two-factor authentication for your account, we’ll ask you to enter a telephone number to which we will communicate verification codes to verify that it is you logging into your account.
We may also ask you for a telephone number to contact you, like when you ask to be contacted by our sales team.
When you upgrade your account from a trial or free account, we’ll ask you to provide our payment processor with your payment method data like your credit card information or your Paypal account information, and/or your billing address. Our payment processor, acting on our behalf, gathers this so that we can bill you for your use of our products and services. Our payment processor will generally share your billing address with Twilio.
For some products, we may have to obtain a physical address from you. For example, to get a phone number in certain countries, local regulations may require us to have a physical address on file for you or your end user. We may also need your physical address or billing address this for tax purposes. We may have to share your physical or billing address with the telecommunications carrier from whom Twilio obtained the phone number or local government authorities upon their request. Unless prohibited from doing so by law, we’ll let you know if we have to share your address like this.
Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this data for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.
Also, we gather information about you when you interact with our customer support team, sales team or account management team. For example, when you contact our customer support team, you will be asked to give your account data and tell us the question you have or any problem you’re experiencing. We gather this information so that we can help you with your question or problem. When you communicate with our sales team or account management team, we’ll gather data about you, such as your use case and your business requirements, so that these teams are better equipped to assist you. We may also use this data so that we can improve our products and services and train our team members.
Customer Account Data we generate and collect automatically when you create an account. When you sign up for an account with Twilio, we’ll assign you an Account SID, which acts as a username, and an Auth Token, which acts as a password. You will need to use these credentials in connection with making requests to our APIs. We keep a record of these credentials, so that when your application makes requests to our API using these credentials, we know that it is you making the requests.
Customer Usage Data we collect from you from your use of our products and services, like our APIs. When you use our products and services, we collect Customer Usage Data. This may include data like what commands your application has communicated to Twilio, your IP addresses, how many times you used a Twilio product or service, when the product or service was used by you or your end users, the number of calls or messages made or received, the length of calls or messages, where those calls or messages originated or terminated, how those calls or messages were routed, and whether or not the connection was successful or failed.
We collect Customer Usage Data so that you can view it in the account portal and can manage your use of our products and services. We also collect it so that we can properly bill you for your use of our products and services, appropriately manage and route customer traffic, analyze and improve our products and services, and identify and solve problems that arise.
In the case of applications that use Authy, in addition to the Customer Usage Data mentioned above, we will collect your end users’ telephone numbers and email addresses that you pass to us so we can validate those end users on your behalf as requested by your application and communicate with those end users about activity on their Authy account. (As well, when end users download the Authy app and set up an Authy account they are asked to provide their telephone number and email address directly to us. The email address they input may be different from the one that you pass to us, but the telephone number must be the same. In either case, we use that information for the same purpose of validating the end user and communicating with them about their account.)
Customer Content we collect from you from your use of our products and services, like our APIs. We also may collect Customer Content in connection with your use of certain products or services. For example, if you use our messaging services, we collect the messages being sent and received so that we can convey those messages to and from the carrier networks. Similarly, to transmit voice calls to and from the telecommunications carrier networks, we have to collect the voice communications being sent and received to route them appropriately. You can also use our products and services to record voice communications or have them transcribed, in which case, we will also collect those voice recordings or transcriptions.
You should not use Twilio’s products or services to receive, send or otherwise process Personal Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 as amended (HIPAA) unless you have either negotiated a Business Associate Agreement (BAA) with Twilio or your use case for Twilio’s products and services does not require a BAA. Twilio disclaims all liability for PHI sent, received or processed through Twilio’s products or services without a Business Associate Agreement. Just to be clear, Twilio may not necessarily sign a BAA in connection with your use of any Twilio product or service. Please contact our sales team to speak further regarding HIPAA-compliant uses of Twilio’s products and service.
Customer Account Data we collect from other sources. From time to time, we gather publicly-available information about companies that are our customers, such as where they are located, their website URL, their industry, and their size. Sometimes this type of Customer Account Data is obtained through third-party service providers that specialize in pulling together publicly-available information about companies.
Generally, we use all the data that you provide to us or that we collect from you to provide our products and services to you, to enable you to access and use our products and services, to deliver your communications to their intended destination, and to analyze our customers’ use of our products and services, to improve our products and services, and to detect fraudulent or unlawful activity in connection with Twilio accounts.
Below are some additional details regarding how we use categories of data we collect.
Customer Content. We use Customer Content for the purposes that you allow us access to it, like conveying it to and from telecommunications carrier networks or recording and transcribing it per your instruction. We may also use it to troubleshoot issues such as call quality concerns.
Customer Account Information. We use your email address in connection with your account password to authenticate your account and allow you to access your account data through the account portal. And, we use your Account SID and Auth Token to authenticate that it is your application that is making requests to our APIs.
We also use contact information you provide to Twilio to communicate information regarding your account and the products and services you are using or to respond to an inquiry you have sent us. If you enable two-factor authentication, we’ll use the telephone number you provide in connection with that feature to send you verification codes.
In addition, we will use your email address to send you information about other Twilio products, services, or events that you might be interested in. You can choose not to receive marketing emails from Twilio. If you wish to stop receiving Twilio marketing emails you may click on the unsubscribe link that will appear at the bottom of any Twilio marketing emails or you can contact customer support.
We will use publicly-available Customer Account Data about your company, such as your industry, the size of your company, and your company’s website URL, to help us understand our customer base better and to tailor information we send you about other Twilio products, services, or events.
If you provide us with a physical address in order to obtain a number for which Twilio is required to have your physical address on file, we’ll use that address so that we can confirm we can allow you to have that number. We may also check the physical address you provide and/or your billing address, as well as other information you provide or that we obtained from your use of our service about your identity such as your name, email address, and IP address, with our fraud prevention and identity validation providers (to confirm you have provided us with accurate details). We may also use your address information to calculate taxes. We may also have to share these addresses with the telecommunications provider from whom Twilio obtained the phone number or local authorities upon their request. Unless prohibited from doing so by law, we’ll let you know if we have to share your address information like this.
We use your payment information so we can bill you and be paid for your use of our products and services.
Your Customer Usage Data. We use your usage data so we can properly bill you for your use of our products and services, appropriately manage and route customer traffic, analyze and improve our products and services, and identify and solve problems with our products and services that arise. We also use certain usage data to support regulatory requirements, such as calculation and reporting of tax or similar obligations.
In the case of applications that use Authy, we use your end users’ telephone number that you pass to us so we can validate your end users on your behalf as requested by your application. For your end users that have downloaded the Authy desktop or mobile app, the phone number you pass to us is used to associate that end user with their Authy account in which their authentication tokens (aka one-time passwords) are generated. For end users that have not downloaded the Authy desktop or mobile app, we use the phone number you pass to us to communicate an authentication code for them to provide to your application. We also use your end users’ email addresses, both those that you have passed to us and those that end users who have downloaded the Authy app have provided to Twilio directly, to communicate with them about activity on their accounts, problems relating to their accounts, the availability of updates or upgrades to the Authy app or our services, or to communicate other information about their accounts.
Data collected through tracking technologies like cookies and web beacons. We collect data through tracking technologies so we can understand how customers are using our account portal and what regions our customers are coming from. This helps us understand our customers better and how we can improve our account portal. We also use this to improve our customer’s navigation experience with our account portal.
Unless you give us your permission, we won’t share your Customer Content, Customer Account Data, or Customer Usage Data with third parties, except as described below:
- Telephony operators as necessary for proper routing and connectivity. One of the things that Twilio provides is an easier way for developers to build applications that make use of the publicly switched telephone network (PSTN) to send communications. Therefore, Customer Content and certain Customer Usage Data is shared with and received from telephony operators to the extent necessary to route and connect those communications from the sender to the intended recipient. How those telephony operators handle your Customer Content and Customer Usage Data is generally determined by those operators’ own policies and local regulations.
- Other communications service providers for proper routing and connectivity. Twilio also allows you to use its products and services to send or receive communications through communications service providers that do not use the PSTN, such as Viber and Facebook Messenger (often referred to as Over-the-Top (OTT) communications service providers). If you choose to use Twilio’s products and services to send or receive communications by way of these providers, Twilio will share and receive Customer Content and Customer Usage data with these providers to the extent necessary to route and connect those communications from the sender to the intended recipient. How those communications service providers handle your Customer Content and Customer Usage data is determined their own policies.
- Third-party service providers or consultants. We may share your data with third-party service providers or consultants who need access to the data to perform their work on Twilio’s behalf, like sharing relevant Customer Account Data with our payment processor so it can process payments on our behalf, or our storage provider for storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
- Compliance with Laws. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Twilio is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
- Affiliates. We may share your data with our affiliates. We all will only use the data as described in this notice.
- Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, customer data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Twilio may continue to use your data as set forth in this notice.
- Aggregated or de-identified data. We might also share Customer Account Data or Customer Usage Data with third parties if that data has been de-identified or aggregated in a way that does not directly identify you or your end users.
- Twilio Connect. If you have authorized a Twilio Connect App to access your Twilio Account, by the very nature of how the Twilio Connect program works, we will allow the third party developer of the Twilio Connect App access your Twilio account that you have given the Twilio Connect App access to. This access may include being able to read all your customer data, including your Customer Content. It may also include being able to perform actions on behalf of your account that charge your account.
We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct marketing purposes, unless you give us your consent to do so.
Add-ons are additional features, functionality or services offered by Twilio’s Add-on Partners (third parties not affiliated with Twilio). Twilio may make Add-ons available to you through the Twilio Marketplace. Some Add-ons may need to access or collect some of your Customer Data. If you choose to use an Add-on, Twilio will share your data with the Add-on Partner as necessary in order for you to be able to use the Add-on. Twilio does not control Add-on Partners use of your data, and their use of your data will be in accordance with their own policies. If you do not want your data to be shared with an Add-on Partner, then you should not to use the Add-on.
Please note that when you use our account portal, or our other products and services, your Customer Content, Customer Account Data, or Customer Usage Data may be sent to the United States and possibly other countries. Some, but not all of this, may be in connection with routing your communications that are sent via our products and services in the most efficient way. We store customer data on servers located in the United States, and we may also store this data on servers and equipment in other countries.
Twilio employs appropriate mechanisms for cross-border transfers of personal data, as required by applicable local law.
Twilio has certified with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Twilio may process some personal data from individuals or companies in Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the U.S.-Swiss Safe Harbor program, and to view Twilio’s certification, please visit http://export.gov/safeharbor. Twilio has further certified with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) from applicable European Union member countries. You can access our Privacy Shield Statement here.
We do not knowingly collect any personal information directly from children under the age of 13. If we discover we have received any personal information from a child under the age of 13 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone under the age of 13, please contact us at firstname.lastname@example.org.
We use appropriate security measures to protect the security of your customer data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
You may access your account through our account portal by using your email address and a password that you chose when you signed up for Twilio’s products and services. To protect the confidentiality of your customer data and protect from unauthorized use of your account, you must keep your password and Auth Token confidential and not disclose it to any other person. Please let us know right away if you think your password or Auth Token was compromised or misused. For instructions on changing your password, click here. For instructions on changing your Auth Token, click here.
For additional information regarding Twilio’s security practices, click here.
Twilio does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here.
We may change our Product and Account Portal Privacy Notice from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this notice, and we may provide additional notice such as on the Twilio website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice.
Deletion, access, and changes to Customer Data. You may access and make changes to certain of your Customer Account Data through the Account Dashboard in the Twilio account portal. You will also be able access Customer Content and various types of Customer Usage Data through the account portal as well.
To request deletion of your Twilio account, email us at email@example.com. You should know that deletion of your Twilio account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Twilio’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.
Promotional communications. You can choose not to receive promotional emails from Twilio by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services. European residents with disputes regarding our privacy practices should refer to our Privacy Shield Statement for information on resolving such disputes.
Cookies and tracking technologies. How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies, please check out our Cookie Notice.
Except for residents of the European Union, if you have a dispute with us relating to our privacy practices, please contact our customer support or email us at firstname.lastname@example.org. Most disputes can be resolved that way. If we can’t resolve our dispute that way, please see Section 18 (Agreement to Arbitrate) of our Terms of Service, which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (http://www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service, including Section 18, before you use any of our products and services.
You may contact via email at email@example.com. Or, you may write to us at the address listed below.
Twilio Inc. 375 Beale Street, Suite 300 San Francisco, CA 94105