Trust is critical for cloud companies, particularly those that provide foundational infrastructure for Internet commerce. Twilio’s ISO 27001 certification fosters trust and demonstrates an ongoing commitment to safeguarding data.

Security at Twilio
We manage information security based on the ISO 27001 framework so you have the confidence to move communications to the cloud.
Best practices
Security is part us, and part you. That’s why we’ve developed best practices for securing your Twilio-powered application.
  • API security features

    We highly recommend that you use HTTP Authentication in conjunction with encryption. This way, you can protect communications between your application and Twilio. As an added measure, we suggest adding a validation step to make sure requests are indeed coming from Twilio and not a malicious third party.

  • Fighting fraud

    We’ve built, and continue to improve, our internal systems to detect fraudulent traffic on your account. We ask that you implement best practices to prevent hackers from compromising your app. Some of these steps are to lock down your account and some are dependent on the mode of communication you’re using.

  • Enterprise security features

    We suggest enabling the Enterprise Plan for added security on your Twilio Account. The plan includes capabilities such as Audit Events for change control, Role-Based Access Control (RBAC), and Single Sign-On (SSO) for access management.

  • Reporting vulnerabilities

    The Twilio disclosure program is managed through Bugcrowd and you’re welcome to sign up as a tester. Your help with identifying potential issues and ways to improve our service is always appreciated. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

Certifications
Third-party assurance that Twilio has implemented security best practices on your behalf.
ISO 27001
Privacy Shield
Cloud Security Alliance
SOC 2 for Authy
The Twilio advantage
  • Communicate reliably

    Experience a 99.95% uptime SLA made possible with automated failover and zero-maintenance windows.

  • Operate at scale

    Extend the same app you write once to new markets with configurable features for localization and compliance.

  • Many channels

    Use the same platform you know for voice, SMS, video, chat, two-factor authentication, and more.

  • No shenanigans

    Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.