Facebook Icon Facebook Icon Twitter Icon Twitter Icon Linkedin Icon Linkedin Icon Blog Icon Blog Icon Checkmark Icon Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Clock Icon Clock Icon Cloud Icon Cloud Icon Cloud Upload Icon Cloud Upload Icon Compass Icon Compass Icon Medium count 1 Icon Medium count 1 Icon Medium count 2 Icon Medium count 2 Icon Medium count 3 Icon Medium count 3 Icon Medium count 4 Icon Medium count 4 Icon Medium count 5 Icon Medium count 5 Icon Medium count 6 Icon Medium count 6 Icon Medium count 7 Icon Medium count 7 Icon Medium count 8 Icon Medium count 8 Icon Medium count 9 Icon Medium count 9 Icon Medium count 10 Icon Medium count 10 Icon Medium count 11 Icon Medium count 11 Icon Medium count 12 Icon Medium count 12 Icon Medium count 13 Icon Medium count 13 Icon Medium count 14 Icon Medium count 14 Icon Medium count 15 Icon Medium count 15 Icon Device with a checkmark Icon Device with a checkmark Icon Device Icon Device Icon Documentation Icon Documentation Icon Dollar Sign Icon Dollar Sign Icon Extend Icon Extend Icon Eye Icon Eye Icon Gear Icon Gear Icon Globe Icon Globe Icon Graph Icon Graph Icon Guidelines Icon Guidelines Icon Laptop Icon Laptop Icon Layers with checkmark Icon Layers with checkmark Icon Key Icon Key Icon Lock Icon Lock Icon Paper Airplane Icon Paper Airplane Icon Pencil Icon Pencil Icon Phone Icon Phone Icon Reliability Icon Reliability Icon Reset Icon Reset Icon Shield with Checkmark Icon Shield with Checkmark Icon Timer Icon Timer Icon Tools Icon Tools Icon Tutorial Icon Tutorial Icon Upload Icon Upload Icon User with Checkmark Icon User with Checkmark Icon User Icon User Icon Wallet Icon Wallet Icon Case Study Icon Case Study Icon Video Icon Video Icon Webinar Icon Webinar Icon White Paper Icon White Paper Icon

Website Privacy Notice

Last Updated February 1, 2016

SUMMARY

(Read at your own risk. This isn’t the “legal version.” It is just a summary. If you want the legal version, find yourself a comfortable chair and read the full version below.)

FULL VERSION

Introduction

Below is a description of what data we gather from you as a visitor to our various publicly-accessible websites, which includes www.twilio.com, www.twilio.org, and www.authy.com, and other websites where this privacy policy is posted. For ease, we will call all these publicly-accessible websites collectively the “Twilio Site” for short. Also, included below is a description of why we collect and how we use the data we collect on the Twilio Site. The Twilio Site does not include our account portal which you access by signing up for an account with Twilio. If you are interested in learning more about our practices regarding data that we collect when you sign up for a Twilio account on our account portal and use our developer products and services, click here.

In this notice, the words “our,” “us,” “we,” and “Twilio” refer to Twilio Inc. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).

Before you submit any information on or through the Twilio Site, please carefully review this notice. By using any part of the Twilio Site, you consent to the collection, use, disclosure and sharing of your information as further outlined below in this notice.

What data we collect, how we collect it and why

Data you give to us directly. On some places on the Twilio Site, you can fill in a web form to share your data with us directly, such as on our “Talk to Sales” page or on our “Talk to Support” page. We collect the information you provide in response to those web forms. Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us in doing so.

We also include an “Ask the Community” link on our website. Clicking on this link takes you away from the Twilio Site to the Stack Overflow website. Stack Overflow and Twilio are not related, and Stack Overflow has its own terms and privacy policy (check them out--they’re a good read). So, your participation in discussions on Stack Overflow is subject to Stack Overflow’s terms and privacy policy, not Twilio’s.

Check out our Developer Products and Account Portal Privacy Policy for details about what data Twilio collects from you when you sign up for an account or login to your account and how we use with that data.

Data we collect from you automatically. When you visit the Twilio Site, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar technologies. Want more details on our use of cookies and tracking technologies, Click here.

What we use your data for

Data you give us directly. For data that you give to us directly through the “Talk to Sales” and “Talk to Support” pages, we will use that data to formulate a response to your inquiry and know how to get back to you with our response. Similarly, if you provide us information directly in response to a survey or when signing up for an event, we will use the data you provide for the reason that you provided it to us and for other purposes that we tell you about at the time when you provided that data.

Data we collect automatically. For data that we collect from you automatically through tracking technologies, we use this data to understand how visitors to the Twilio Site are using it and which pages and features of the Twilio Site are most popular. This helps us understand how we can improve our Site. In addition, tracking technologies are used to help improve the navigation experience on the Twilio Site. For more details on our use of cookies and tracking technologies, click here.

Who we may share your data with

Unless you give us your permission, we don’t share data we collect from you with third parties, except as described below:

  • Third-party service providers or consultants. We may share data collected from you on the Twilio Site with third-party service providers or consultants who need access to the data to perform their work on Twilio’s behalf, such as a website analytics company or our third party advertising partners. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  • Compliance with Laws. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or government request, (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of the Twilio Site or our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Twilio is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  • Affiliates. We may share data collected from you from the Twilio Site with our affiliates. We all will only use the data as described in this notice.
  • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you through our website may be part of the assets transferred or shared in connection with due diligence for any such transaction. Any acquirer or successor of Twilio may continue to use the data we collect from you through our Site as described in this notice.
  • Aggregated or de-identified data. We might also share data collected from you from the Twilio Site with a third party if that data has been de-identified or aggregated in a way that does not directly identify you.

We do not actively share your data with third party advertisers, unless you give us your consent to do so.

International Operations and Transfers Out of the EEA and Switzerland

Please note that when you visit the Twilio Site, your data may be sent to the United States and possibly other countries. We store data about Twilio Site visitors on servers located in the United States, and we may also store this data on servers and equipment in other countries.

Twilio employs appropriate mechanisms for cross-border transfers of personal data, as required by applicable local law. In addition, Twilio continues to abide by the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework, as provided by the U.S. Department of Commerce and regarding the collection, use, and retention of personal information received from European Union member countries and Switzerland. Twilio has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Twilio's certification, please visit http://www.export.gov/safeharbor/

How we secure your data

We use appropriate security measures to protect the security of your data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

How we treat Do-Not-Track Signals/California Do-Not-Track Disclosure

Twilio does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here.

How we tell you about changes to our privacy practices

We may change our Website Privacy Notice from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this notice, and we may provide additional notice such as on the Twilio Site homepage. If we make any material changes to this notice, Twilio will notify you of those changes through a notice on the Twilio Site or through other reasonable means of communication, such as email. We will comply with applicable law with respect to any changes we make to this notice.

How to make choices about your data

Deletion, access, and changes to your data. To request deletion of, access to, or to make changes to data we’ve collected from you via the Twilio Site, email us at [email protected] Please note that even if you request that we delete data we’ve collected from you, we may still retain data collected from you in an aggregated or anonymized form that does not identify you. We also will not delete your data if we are legally required to maintain it.

Promotional communications. If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support.

Cookies and tracking technologies. How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies, please check out our Cookie Notice.

How to resolve disputes relating to our privacy practices

If you have a dispute with us relating to our privacy practices, please contact our customer support or email us at [email protected]. Most disputes can be resolved that way. If we can’t resolve our dispute that way, please see Section 17 (Agreement to Arbitrate) of our Terms of Service, which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service, including Section 17, before you use any of our products and services.

How you contact us

You may contact via email at [email protected]. Or, you may write to us at the address listed below.

Twilio Inc.
645 Harrison Street, Third Floor,
San Francisco, CA 94107

Developer Products and Account Portal Privacy Notice

Last Updated February 1, 2016

SUMMARY

(Heads up! This isn’t the “legal version.” It’s just a summary. If you want the legal version, block your calendar and get comfy - you’ll have to read the full version below.)

FULL VERSION

Introduction

Below is a summary of our practices when it comes to your data collected when you use the Twilio account portal and our products and services. If you are interested in learning about our practices relating to data collected when you visit our publicly-accessible website www.twilio.com, click here.

Please note that some Twilio customers may have special agreements with us that specify the collection, use, and sharing of their data. If those special agreements and this notice conflict, those special agreements will apply.

For purposes of this notice, the words “our,” “us,” “we,” and “Twilio” refer to Twilio Inc. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).

Before you submit any information on or through the Twilio account portal or use Twilio products and services, please carefully review this Notice. By using any part of the Twilio Site, you consent to the collection, use, disclosure and sharing of your information as further outlined below in this Notice.

Let’s get oriented

What is Twilio? Twilio is a cloud communications company. Our customers are generally software application developers (or companies that have software application developers working for them). Our customers generally use Twilio’s products and services, which include APIs and SDKs, to build communications features and capabilities into their applications. Our customers then often have their own customers or users of the applications they build using Twilio’s products and services. To avoid confusion, we’ll call the individuals that use our customers’ applications the “end users.”

With the exception of individuals that download the Authy mobile or desktop app, Twilio generally does not interact directly with our customers’ end users. Instead, end users interact with our customers’ applications, which in turn interact with our products and services. So, if you’re an end user of an application that is integrated with Twilio’s products or services, you should check out that application’s terms of service and privacy policy to find out how that application collects, uses, stores and shares your data. We are not responsible for our customers’ privacy policies or privacy practices. If you are an individual that has downloaded the Authy mobile or desktop app, click here for more information about our privacy practices in connection with your use of that app.

Categories of Customer Data. There are three general categories of customer data that we collect or generate from our customers’ use of our products and services. We’ll call these “Customer Content,” “Customer Account Data,” and “Customer Usage Data.”

  • Customer Content. Customer Content consists of the communications that are sent through integration with certain of Twilio’s products and services, like the body of a message or voice communication.
  • Customer Account Data. Customer Account Data is all the data that relates to the relationship between Twilio and its customers, like our customers’ names, contact information, and billing information and records.
  • Customer Usage Data. Includes operational data like API requests, call or messaging logs, origination and termination points (i.e. to/from numbers), traffic routing information, or usage information. For Authy customers, Customer Usage Data also includes your end users’ phone number and email addresses so we can validate your end users as requested by your application.

What data we collect, how we collect it and why

Customer Account Data you share with us directly. When you sign up for an account with Twilio through our account portal, you’ll be asked to give us your name, email address, and optionally, your company name. You’ll also be asked to create a password. We collect this Customer Account Data so that we know who you are, we can communicate with you about your account, and we can recognize you when you communicate with us through the account portal or otherwise.

When you first sign up for an account, we’ll also ask you for a telephone number so that we can communicate a verification code to that telephone number and have you enter that code into our website. This helps us ensure that you’re actually a human being. You can then use this number as an outgoing caller id for voice calls, and you can text message it during your account trial period.

When you set up two-factor authentication for your account, we’ll ask you to enter a telephone number to which we will communicate verification codes to verify that it is you logging into your account.

We may also ask you for a telephone number to contact you, like when you ask to be contacted by our sales team.

When you upgrade your account from a trial or free account, we’ll ask you to provide our payment process with your payment method data like your credit card information or your Paypal account information. Our payment processor, acting on our behalf, gathers this so that we can bill you for your use of our products and services.

For some products, we may have to obtain a physical address from you. For example, to get a phone number in certain countries, local regulations may require us to have a physical address on file for you or your end user. We may also need this for tax purposes. We may have to share your physical address with the telecommunications carrier from whom Twilio obtained the phone number or local government authorities upon their request. Unless prohibited from doing so by law, we’ll let you know if we have to share your address like this.

Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product, like when you are interested in getting a short code. We’ll use this data for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.

Also, we gather information about you when you interact with our customer support team, sales team or account management team. For example, when you contact our customer support team, you will be asked to give your account data and tell us the question you have or any problem you’re experiencing. We gather this information so that we can help you with your question or problem. When you communicate with our sales team or account management team, we’ll gather data about you, such as your use case and your business requirements, so that these teams are better equipped to assist you. We may also use this data so that we can improve our products and services and train our team members.

Customer Account Data we generate and collect automatically when you create an account. When you sign up for an account with Twilio, we’ll assign you an Account SID, which acts as a username, and an Auth Token, which acts as a password. You will need to use these credentials in connection with making requests to our APIs. We keep a record of these credentials, so that when your application makes requests to our API using these credentials, we know that it is you making the requests.

Customer Usage Data we collect from you from your use of our products and services, like our APIs. When you use our products and services, we collect Customer Usage Data. This may include data like what commands your application has communicated to Twilio, your IP addresses, how many times you used a Twilio product or service, when the product or service was used by you or your end users, the number of calls or messages made or received, the length of calls or messages, where those calls or messages originated or terminated, how those calls or messages were routed, and whether or not the connection was successful or failed.

We collect Customer Usage Data so that you can view it in the account portal and can manage your use of our products and services. We also collect it so that we can properly bill you for your use of our products and services, appropriately manage and route customer traffic, analyze and improve our products and services, and identify and solve problems that arise.

In the case of applications that use Authy, in addition to the Customer Usage Data mentioned above, we will collect your end users’ telephone numbers and email addresses that you pass to us so we can validate those end users on your behalf as requested by your application and communicate with those end users about activity on their Authy account. (As well, when end users download the Authy app and set up an Authy account they are asked to provide their telephone number and email address directly to us. The email address they input may be different from the one that you pass to us, but the telephone number must be the same. In either case, we use that information for the same purpose of validating the end user and communicating with them about their account.)

Customer Content we collect from you from your use of our products and services, like our APIs. We also may collect Customer Content in connection with your use of certain products or services. For example, if you use our messaging services, we collect the messages being sent and received so that we can convey those messages to and from the carrier networks. Similarly, to transmit voice calls to and from the telecommunications carrier networks, we have to collect the voice communications being sent and received to route them appropriately. You can also use our products and services to record voice communications or have them transcribed, in which case, we will also collect those voice recordings or transcriptions.

You should not use Twilio’s products or services to receive, send or otherwise process Personal Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 as amended (HIPAA) unless you have either negotiated a Business Associate Agreement with Twilio or your use case for Twilio’s products and services does not require a Business Associate Agreement. Twilio disclaims all liability for PHI sent, received or processed through Twilio’s products or services without a Business Associate Agreement.

Customer Account Data we collect from other sources. From time to time, we gather publicly-available information about companies that are our customers, such as where they are located, their website URL, their industry, and their size. Sometimes this type of Customer Account Data is obtained through third-party service providers that specialize in pulling together publicly-available information about companies.

What we use your data for

Generally, we use all the data that you provide to us or that we collect from you to provide our products and services to you, to enable you to access and use our products and services, to analyze our customers’ use of our products and services, to improve our products and services, and to detect fraudulent or unlawful activity in connection with Twilio accounts.

Below are some additional details regarding how we use categories of data we collect.

Customer Content. We use Customer Content for the purposes that you allow us access to it, like conveying it to and from telecommunications carrier networks or recording and transcribing it per your instruction. We may also use it to troubleshoot issues such as call quality concerns.

Customer Account Information. We use your email address in connection with your account password to authenticate your account and allow you to access your account data through the account portal. And, we use your Account SID and Auth Token to authenticate that it is your application that is making requests to our APIs.

We also use contact information you provide to Twilio to communicate information regarding your account and the products and services you are using or to respond to an inquiry you have sent us. If you enable two-factor authentication, we’ll use the telephone number you provide in connection with that feature to send you verification codes.

In addition, we will use your email address to send you information about other Twilio products, services, or events that you might be interested in. You can choose not to receive marketing emails from Twilio. If you wish to stop receiving Twilio marketing emails you may click on the unsubscribe link that will appear at the bottom of any Twilio marketing emails or you can contact customer support.

We will use publicly-available Customer Account Data about your company, such as your industry, the size of your company, and your company’s website URL, to help us understand our customer base better and to tailor information we send you about other Twilio products, services, or events.

If you provide us with a physical address in order to obtain a number for which Twilio is required to have your physical address on file, we’ll use that address so that we can allow you to have that number and we may use this physical address to calculate taxes. We may also have to share that address with the telecommunications provider from whom Twilio obtained the phone number or local authorities upon their request. Unless prohibited from doing so by law, we’ll make an effort to let you know if we have to share your address information like this.

We use your payment information so we can bill you and be paid for your use of our products and services.

Your Customer Usage Data. We use your usage data so we can properly bill you for your use of our products and services, appropriately manage and route customer traffic, analyze and improve our products and services, and identify and solve problems with our products and services that arise. We also use certain usage data to support regulatory requirements, such as calculation and reporting of tax or similar obligations.

In the case of applications that use Authy, we use your end users’ telephone number that you pass to us so we can validate your end users on your behalf as requested by your application. For your end users that have downloaded the Authy desktop or mobile app, the phone number you pass to us is used to associate that end user with their Authy account in which their authentication tokens (aka one-time passwords) are generated. For end users that have not downloaded the Authy desktop or mobile app, we use the phone number you pass to us to communicate an authentication code for them to provide to your application. We also use your end users’ email addresses, both those that you have passed to us and those that end users who have downloaded the Authy app have provided to Twilio directly, to communicate with them about activity on their accounts, problems relating to their accounts, the availability of updates or upgrades to the Authy app or our services, or to communicate other information about their accounts.

Data collected through tracking technologies like cookies and web beacons. We collect data through tracking technologies so we can understand how customers are using our account portal and what regions our customers are coming from. This helps us understand our customers better and how we can improve our account portal. We also use this to improve our customer’s navigation experience with our account portal.

Who we may share your data with

Unless you give us your permission, we won’t share your Customer Content, Customer Account Data, or Customer Usage Data with third parties, except as described below:

  • Telephony operators as necessary for proper routing and connectivity. One of the things that Twilio provides is an easier way for developers to build applications that make use of the publicly switched telephone network (PSTN) to send communications. Therefore, Customer Content and certain Customer Usage Data is shared with and received from telephony operators to the extent necessary to route and connect those communications from the sender to the intended recipient. How those telephony operators handle your Customer Content and Customer Usage Data is generally determined by those operators’ own policies and local regulations.
  • Third-party service providers or consultants. We may share your data with third-party service providers or consultants who need access to the data to perform their work on Twilio’s behalf, like sharing relevant Customer Account Data with our payment processor so it can process payments on our behalf, or our storage provider for storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  • Compliance with Laws. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request, (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Twilio is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  • Affiliates. We may share your data with our affiliates. We all will only use the data as described in this notice.
  • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, customer data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Twilio may continue to use your data as set forth in this notice.
  • Aggregated or de-identified data. We might also share Customer Account Data or Customer Usage Data with third parties if that data has been de-identified or aggregated in a way that does not directly identify you or your end users.
  • Twilio Connect. If you have authorized a Twilio Connect App to access your Twilio Account, by the very nature of how the Twilio Connect program works, we will allow the third party developer of the Twilio Connect App access your Twilio account that you have given the Twilio Connect App access to. This access may include being able to read all your customer data, including your Customer Content. It may also include being able to perform actions on behalf of your account that charge your account.

We do not actively share your data with third party advertisers, unless you give us your consent to do so.

International Operations and Transfers Out of the EEA and Switzerland

Please note that when you use our account portal, or our other products and services, your Customer Content, Customer Account Data, or Customer Usage Data may be sent to the United States and possibly other countries. Some, but not all of this, may be in connection with routing your communications that are sent via our products and services in the most efficient way. We store customer data on servers located in the United States, and we may also store this data on servers and equipment in other countries.

Twilio employs appropriate mechanisms for cross-border transfers of personal data, as required by applicable local law. As appropriate, Twilio will enter into the Twilio Inc. Data Protection Agreement with customers, which incorporates standard contract clauses deemed by the European Commission to offer adequate data protection and safeguards in relation to any transfer of Personal Data out of the European Economic Area. Please see our Terms of Service for more information. In addition, Twilio continues to abide by the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework, as provided by the U.S. Department of Commerce and regarding the collection, use, and retention of personal information received from European Union member countries and Switzerland. Twilio has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Twilio's certification, please visit http://www.export.gov/safeharbor/

How we secure your data

We use appropriate security measures to protect the security of your customer data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

You may access your account through our account portal by using your email address and a password that you chose when you signed up for Twilio’s products and services. To protect the confidentiality of your customer data and protect from unauthorized use of your account, you must keep your password and Auth Token confidential and not disclose it to any other person. Please let us know right away if you think your password or Auth Token was compromised or misused. For instructions on changing your password, click here. For instructions on changing your Auth Token, click here.

For additional information regarding Twilio’s security practices, click here.

How we treat Do-Not-Track Signals/California Do-Not-Track Disclosure

Twilio does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here.

How we tell you about changes to our privacy practices

We may change our Product and Account Portal Privacy Notice from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this notice, and we may provide additional notice such as on the Twilio website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice.

How to make choices about your data

Deletion, access, and changes to Customer Data. You may access and make changes to certain of your Customer Account Data through the Account Dashboard in the Twilio account portal. You will also be able access Customer Content and various types of Customer Usage Data through the account portal as well.

To request deletion of your Twilio account, email us at [email protected]. You should know that deletion of your Twilio account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Twilio’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.

If you are an end user of an application that uses Twilio’s services, you should direct requests for access and/or deletion of your data associated with that application to the relevant application provider in accordance with that application provider’s own privacy policy.

Promotional communications. You can choose not to receive promotional emails from Twilio by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.

Cookies and tracking technologies. How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies, please check out our Cookie Notice.

How to resolve disputes relating to our privacy practices

If you have a dispute with us relating to our privacy practices, please contact our customer support or email us at [email protected]. Most disputes can be resolved that way. If we can’t resolve our dispute that way, please see Section 17 (Agreement to Arbitrate) of our Terms of Service, which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service, including Section 17, before you use any of our products and services.

How you contact us

You may contact via email at [email protected]. Or, you may write to us at the address listed below.

Twilio Inc.
645 Harrison Street, Third Floor,
San Francisco, CA 94107

Authy App Privacy Notice

Last Updated February 1, 2016

SHORT FORM

Welcome to Authy! As a courtesy, below is a quick summary of our privacy practices when you use the Authy desktop or mobile app. Please click here for the full version of our privacy notice. The full version is the one that is legally controlling.

When you use our app we collect:

FULL VERSION

Introduction

Authy, a Twilio service, offers a desktop and mobile app for two-step verification. The Authy apps generate one time passwords and push notifications on your desktop computer or mobile device that can be used as a part of a 2-step verification process with your Authy-compatible accounts to add another layer of security. Authy can be used as an alternative to programs such as Google Authenticator or as a provider of 2-factor authentication for applications or programs that directly integrate with Authy’s 2-factor authentication API.

Below is a summary of our practices when it comes to your data collected when you download and use the Authy desktop or mobile app.

If you are interested in our practices relating to data collected when you build an application that integrates with Authy’s API to add two-factor authentication to your application, click here.

For purposes of this notice, the words “our,” “us,” “we,” and “Authy,” “Twilio” refer to Twilio Inc. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees). If you are a user outside of the United States, this service is provided to you by Twilio Ireland Limited, located at 25-28 North Wall Quay, Dublin 1, Ireland. Twilio Ireland Limited is the controller of personal data processed in connection with your use of the Authy apps.

Before you submit any information on or through Authy, please carefully review this Notice. By using any part of the Authy apps, you consent to the collection, use, disclosure and sharing of your information as further outlined below in this Notice.

What data we collect, how we collect it and why

Device Information. When you download and open the Authy desktop or mobile app, we will automatically collect information about the type of device you have downloaded the app on and your device identifier. We collect this information to ensure we deliver the right version of the app for your device and so that we can provide appropriate follow up support as necessary.

Phone Number and Email Address. Once you open the Authy app, you will be asked to provide us with a phone number to create your Authy account. We will send a verification code to that phone number to ensure that the person creating the Authy account also has control over the phone number entered. After the phone number is verified, the phone number you use will serve as an identifier for your Authy account that allows you to add and associate additional devices to your same Authy account. The device on which you first created your Authy account is considered your “primary device.” You may also enter your email address.

If you are a user of an application or program that directly integrates with Authy’s 2-Factor Authentication API, those applications or programs will collect your phone number and email address and share that information with us so that we can use that information to associate your account on that application or program with your Authy account that you created when you downloaded the Authy app.

If you have not downloaded the Authy app, but use an application or program that directly integrates with Authy’s 2-Factor Authentication API, when that application or program shares your phone number and email address with us, we will create an Authy account for you. We will use your phone number to communicate to you verification codes so you can log into your account on that application or program.

We collect your email address as another piece of information to validate who you are if you need to recover your account or your account has been compromised, and also to communicate notices about your account to you such as suspicious logins or other activity that could be related to a compromise of your Authy account or one of your accounts in other applications or programs that integrate with the Authy 2-Factor Authentication API.

Login History and Authy Account History. Whenever you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we keep a record of what application or program you logged in to, that you logged in, and when. If you change your phone number or email associated with your Authy account, we will also keep a log of that. In both cases we collect this information to monitor for suspicious activity and also as another piece of information that could be used to verify your identity if your account is compromised or may be compromised.

Identity Confirmation Data. If you need to change your phone number associated with your account but are not able to access your Authy app to change your number in under Settings, you can submit a request to change your phone number here. In order to confirm that you are the rightful account holder of the Authy account associated with your old number, we will ask you for your phone account information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm with the phone carrier to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your Authy account, our support team may require you to provide identity information such as from a drivers’ license, national ID or passport.

What we use your data for

We use your phone number as an identifier for your Authy account. This allows you to download the Authy app onto various devices and associate those devices with your same Authy account. We may also use your phone number to send you verification codes as a second factor for authenticating a login for an application that integrates with the Authy 2-Factor Authentication API. We also use logs of any changes to your phone number to monitor for suspicious or unusual activity and as another piece of information that could be used, if necessary, to verify your identity if your account is or may be compromised.

We use your email address, and any history of email addresses associated with your Authy account, as another piece of information that could be used, if necessary, to verify your identity if your account is or may be compromised. We also use your email address to communicate notices to you about your account, such as suspicious logins or other activity that could indicate a compromise of your account. In addition, we may use your email address to send you information about other Authy and Twilio products, services, or events that you might be interested in. You can choose not to receive marketing emails from us. If you wish to stop receiving our marketing emails you may click on the unsubscribe link that will appear at the bottom of any of our marketing emails or you can contact customer support.

We use logs of your login activity, device information, and your IP address(es) to monitor for unusual or suspicious activity on your account and as another piece of information that could be used to help us verify your identity if your account is compromised or may be compromised.

In addition to using device information as described above, we also use your device information ensure proper delivery of our service and to provide and deliver support and maintenance of the Authy app.

Who we may share your data with

An application or program that integrates with the Authy 2-Factor API is able to access a record of the email address and phone number that it sent to Authy. It will also be able to access your primary device type and a record of your logins to that application or program. It may also retain this information on its own servers. It will not be able to see a record of your logins to other accounts for which you use Authy to provide 2-factor authentication.

In addition, we may share your data with third parties as follows:

  • Third-party service providers or consultants. We may share your data with third-party service providers or consultants who need access to the data to perform their work on our behalf, like sharing data with our storage provider for the purposes of storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  • Compliance with Laws. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If we are required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  • Affiliates. We may share your data with our affiliates. We all will only use the data as described in this notice.
  • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor may continue to use the data as described in this notice.
  • Aggregated or de-identified data. We might also share data with third parties if that data has been de-identified or aggregated in a way that does not directly identify you.

International Operations and Transfers Out of the EEA and Switzerland

Twilio employs appropriate mechanisms for cross-border transfers of personal data, as required by applicable local law. In addition, Twilio continues to abide by the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework, as provided by the U.S. Department of Commerce and regarding the collection, use, and retention of personal information received from European Union member countries and Switzerland. Twilio has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Twilio's certification, please visit http://www.export.gov/safeharbor/

How we secure your data

We use appropriate security measures to protect the security of your data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

There are also things you can do to add extra protection to your Authy account. First, you should password protect or activate biometrics (like Touch ID) for all devices on which you have downloaded the Authy app. This will prevent unauthorized users from accessing your Authy app. Further, you have the option of setting a protection pin for your Authy app. You can do this by going into your app and clicking on settings. In settings, you should click on “Protection Pin.” You can choose to include a Protection Pin which will require you to enter a pin number of your choosing before accessing settings and your Account Info. Depending on your device’s capabilities, you may also be able to add biometric protection. You can also choose to protect the entire app which will require you to enter your chosen Pin and/or use biometric to open the Authy app on your device. We recommend that if you have downloaded Authy onto a shared device, that you use this last option of protecting the entire app.

If you have multiple devices associated with your account and one of your devices is lost or stolen, you can remove that device from your circle of trusted devices by going into one of the other devices associated with your account, and over which you still control, and remove the lost or stolen device under Settings > Devices. If you only have a single device that is associated with your Authy account and that device is lost or stolen, you can alert us through customer service.

How we tell you about changes to our privacy practices

We may change this privacy notice from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this notice, and we may provide additional notice such as on the Twilio website homepage, in the app, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice.

How to make choices about your data

Deletion, access, and changes to your data. You can make changes to your information associated with your account by going into the settings in the Authy apps. You can also make a request to change your phone number associated with your account by clicking here.

To make a request for deletion of your Authy account or to make a request to access additional information associated with your account, you may email [email protected].

If you want to remove a program or application from your Authy account, but you do not want to delete your entire Authy account, you should contact the provider of the program or application that you want to remove.

Promotional communications. You can choose not to receive promotional emails from us by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.

How to resolve disputes relating to our privacy practices

If you have a dispute with us relating to our privacy practices, please contact our customer support or email us at [email protected] or contact our Customer Support. Most disputes can be resolved that way. If we can’t resolve our dispute that way, and you live in the U.S. or Canada, please see Section 16 (Agreement to Arbitrate) of our Terms of Service, which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service, including Section 16, before you use any of our products and services.

How you contact us

You may contact via email at [email protected]. Or you may write to us at the addresses listed below.

Twilio Inc.
645 Harrison Street, Third Floor,
San Francisco, CA 94107

Twilio Ireland Limited,
25-28 North Wall Quay,
Dublin 1, Ireland

Twilio Cookie Notice

Mmmm!! Cookies! Oh wait, not that kind of cookie... this kind of cookie:

When you visit Twilio’s website, twilio.com, or the Twilio Account Portal, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies and web beacons. This notice describes what tracking technologies we use and what we use them for.

What’s a Cookie?

A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow Twilio to identify your device as you navigate through our publicly-accessible website (the Twilio Site) or our account portal. We also use them to recognize return visitors to the Twilio Site. This helps make navigating and interacting with the Twilio Site and our account portal more efficient, easy and meaningful.

By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to Twilio, like signing into the account portal, we don’t know who you are just because you visited the Twilio Site.

Twilio uses both session and persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off.

You can turn off your web browser’s ability to accept cookies. But, if you do that, certain parts of the Twilio Site or account portal may not work for you.

Cookie Type Description Management Settings
Required cookies

Required cookies make it possible for you to access our account portal, navigate within the portal, and access information related to your account.

Each time you log into the account portal, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow Twilio to uniquely identify you when you are logged into the account portal and to process your online transactions and requests.

Required cookies are necessary to operate the account portal, so you can’t opt out of them.
Functionality cookies

Functionality cookies allow the Twilio Site and account portal to remember information you have entered or preferences you select, and provide enhanced, more personal features. These cookies allow you to optimize your use of Twilio’s account portal after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.

We may use Flash cookies to store preferences you set inside your Twilio Account.

You can use your browser settings to opt out of functionality cookies. For more information on how to do that, click here. Note that opting out may affect the functionality of our Site or account portal for you.

To manage privacy and storage settings for Flash cookies, click here.

Performance cookies

These cookies collect data about how visitors use the Twilio Site. This includes data like which pages visitors go to the most. These cookies don’t collect information that individually identifies visitors. The data these cookies collect is aggregated and intended to be anonymous and used to improve how the site functions and performs.

We may also have third party service providers help us track and analyze usage and volume statistical information from individuals who visit our Site. Or, we may use Flash cookies for this. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

Third party service providers that currently place performance cookies include:

Crazy Egg - Used to help analyze website page performance.

KissInsights - This tracking technology is placed by Qualaroo, a service provider we use for customer surveys and analytics about our website.

Mixpanel - We use Mixpanel to help analyze visitor behavior on our Twilio Site and account portal.

Google Analytics - We use Google Analytics to help analyze which pages on the Twilio Site visitors to the site viewed.

Heap Analytics- We use Heap Analytics to help analyze visitor behavior on our Twilio Site and account portal.

Optimizely – We use Optimizely to optimize page content on the Twilio Site.

Adobe Typekit – We use Typekit to enhance our Twilio Site typography. Adobe uses cookies to track usage statistics.

The above list of third party service providers that place cookies is subject to change and list may not include all such providers at any given time.

You can use your browser settings to opt out of performance cookies. For more information on how to do that, click here.

 

To manage privacy and storage settings for Flash cookies, click here.

 

To opt-out of Crazy Egg tracking technologies, click here.

 

For information about Qualaroo’s privacy policy, click here.

 

To opt-out of Mixpanel tracking technologies, click here.

 

For information on how to opt-out of tracking technologies from Google Analytics, click here.

 

For information on Heap Analytics’ privacy policy, click here.

 

For information on how to opt-out of tracking technologies from Optimizely, click here.

 

For information on Adobe Typekit’s privacy policy, click here.

Targeting or Advertising cookies

Twilio may have third party service providers track and analyze usage and volume statistical information from those who visit our Twilio Site. Twilio sometimes uses cookies placed by its third party service providers to track the performance of our advertisements. For example, these cookies remember which browsers have visited the Twilio Site. This data given to the third party service providers does not include information that identifies you specifically, but this data may be re-associated with information that identifies you specifically after Twilio receives it.

Twilio also uses third-party advertising networks that collect IP addresses and other data from web beacons (see below) on the Twilio Site, from emails, and on third-party websites. Ad networks follow your online activities over time through automated means, such as cookies and web beacons. They use this data to provide ads about products and services tailored to your interests. You may see these ads on other websites. This helps us manage and track the effectiveness of our marketing.

From time to time, Twilio works with third parties to provide certain features on our Twilio Site or to display ads based upon your web browsing activity. These third parties may use Flash cookies to collect and store data.

Below are third parties that currently place tracking technologies on the Twilio Site.

AdRoll - We use AdRoll to track how you use the Twilio Site to help us target ads to you on other websites.

AppNexus - We use AppNexus to track how you use the Twilio Site to help us target ads to you on other websites.

BidSwitch - BidSwitch, owned by IPONWEB, is used by several other third party advertising partners to manage ad supply and demand.

DoubleClick- We use DoubleClick to track how you use the Twilio Site to help us target ads to you on other websites.

Eloqua - We use Eloqua for marketing automation and lead management.

Facebook Custom Audience - We use Facebook Custom Audience to track how you use the Twilio Site and target ads to you on Facebook.

Google Adwords Conversion - We use Google Adwords Conversion to track our support conversion metrics for our search engine marketing campaigns.

Google Dynamic Remarketing - We use Google Dynamic Remarketing to target search engine marketing to users of the Google search engine

Google Tag Manager - We use Google Tag Manager to dynamically manage how and when all marketing cookie scripts are included or excluded from pages.

LiveRamp- We use LiveRamp to track how you use the Twilio Site to help us target ads to you on other websites.

Marin Search Marketer - We use the Marin Search Marketer help track the success of search engine marketing campaigns.

OpenX - We use OpenX to help measure the success of our display marketing campaigns.

PerfectAudience - We use PerfectAudience to track how you use the Twilio Site to help us target ads to you on other websites.

Right Media - We use Right Media to track how you use the Twilio Site to help us target ads to you on other websites.

Rubicon - We use Rubicon to track how you use the Twilio Site to help us target ads to you on other websites.

Twitter Advertising - We use Twitter Advertising to track the success of and target social ads placed on twitter.com.

To learn more about how to opt out of targeting and advertising cookies, you can go to the Network Advertising Initiative page, the Digital Advertising Alliance’s Consumer Choice page, and the Your Online Choices page. These opt-out tools are provided by third parties, not Twilio. We do not control or operate these tools or the choices that advertisers and others provide through these tools.

 

 

 

 

 

 

To manage privacy and storage settings for Flash cookies, click here.

 

For information on how to opt-out of AdRoll tracking technologies, click here.

 

For information on how to opt-out of AppNexus tracking technologies, click here.

 

For information on how to opt-out of the BidSwitch tracking technologies, click here.

 

For information on how to opt-out of DoubleClick tracking technologies, click here.

 

For information on how to opt-out of Eloqua tracking technologies, click here.

 

For information on how to opt-out of Facebook Custom Audience tracking technologies, click here.

 

For more information on opting out of Google advertising tracking technologies, click here.

 

For more information on opting out of LiveRamp tracking technologies, click here.

 

For information on opting out of Marin Search Marketer tracking technologies, click here.

 

For information on opting out of OpenX tracking technologies, click here.

 

For information on opting out of PerfectAudience tracking technologies, click here.

 

For information on opting out of Right Media tracking technologies, click here.

 

For information on opting out of Rubicon tracking technologies, click here.

 

For information on opting-out of Twitter Advertising tracking technologies, click here.

What’s a Web Beacon?

We use web beacons along with cookies to gather data about use of the Twilio Site and account portal and interaction with emails from Twilio. Web beacons are clear electronic images that can recognize certain types of data on your computer, like cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, we may put web beacons in marketing emails that notify us when you click on a link in the email that directs you to the Twilio Site or one of its pages. We use web beacons to operate and improve the Twilio Site and email communications.

What We Do With IP Addresses

When you visit the Twilio Site, account portal, or use our products and services, like our APIs, we collect your IP addresses to track and analyze information about the devices that are connecting to our systems and about where those devices are located. For example, we use IP addresses to track which regions visitors to our Twilio Site or Customers logging into our account portal come from and to detect possible fraud.

How We Treat Do Not Track Signals/California Do Not Track Disclosure

Various browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, there is no general agreement on how companies like Twilio should interpret Do Not Track signals. Therefore, Twilio does not currently commit to respond to DNT signals, whether that signal is received on a computer or on a mobile device. Twilio does, however provide meaningful choices to you about the information that is collected through cookies and web beacons through the various opt-out options set forth above. We will continue to monitor developments around DNT browser technology and the implementation of a standard.

How you contact us

You may contact via email at [email protected]. Or, you may write to us at the address listed below:

Twilio Inc.
645 Harrison Street, Third Floor,
San Francisco, CA 94107