Security at Twilio
We manage information security based on the ISO 27001 framework so you have the confidence to move communications to the cloud.
Best practices
Security is part us, and part you. That’s why we’ve developed best practices for securing your Twilio-powered application.
  • API security features

    We highly recommend that you use HTTP Authentication in conjunction with encryption. This way, you can protect communications between your application and Twilio. As an added measure, we suggest adding a validation step to make sure requests are indeed coming from Twilio and not a malicious third party.

  • Fighting fraud

    We’ve built, and continue to improve, our internal systems to detect fraudulent traffic on your account. We ask that you implement best practices to prevent hackers from compromising your app. Some of these steps are to lock down your account and some are dependent on the mode of communication you’re using.

  • Enterprise Edition security features

    We suggest enabling Enterprise Editions for added security on your Twilio account. The plan includes capabilities such as Audit Events for change control, Role-Based Access Control (RBAC), and Single Sign-On (SSO) for access management.

  • Reporting vulnerabilities

    The Twilio disclosure program is managed through Bugcrowd and you’re welcome to sign up as a tester. Your help with identifying potential issues and ways to improve our service is always appreciated. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

Certifications & Regulations
Third-party assurance that Twilio has implemented security best practices on your behalf.
ISO 27001
ISO 27017
ISO 27018
Privacy Shield
Cloud Security Alliance
SOC 2 Type II

The Twilio advantage

Communicate reliably

Experience a 99.95% uptime SLA made possible with automated failover and zero maintenance windows.

Operate at scale

Extend the same app you write once to new markets with configurable features for localization and compliance.

Many channels

Use the same platform you know for voice, SMS, video, chat, two-factor authentication, and more.

No shenanigans

Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.