We are excited to announce Trustpage has been acquired by Vanta!

Read the press release →
Company logo


With Twilio, unite communications and strengthen customer relationships across your business – from marketing and sales to customer service and operations.
  • Website

  • Compliance

    • CSA STAR - Level 1
    • 8 more topics

  • Product Security

    • Multi-Factor Authentication
    • Role-Based Access Control (RBAC)

      Twilio provides its customers with a Role Based Access Control (RBAC) feature to limit each user's access and capabilities in Console. Customers can use this feature to secure their Twilio investments by limiting Console access for their projects.

  • Data Security

    • Data Encrypted In-Transit

      Twilio supports TLS 1.0, 1.1 and 1.2 to encrypt network traffic between the customer application and Twilio.

  • Privacy

    • Privacy Policy
    • Data Retention Policy

      Twilio will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask Twilio to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

  • Incident Management & Response

    • Incident Response Plan (IRP)

      Twilio maintains an incident response program in accordance to NIST SP 800-61. The program defines conditions under which security incidents are classified and triaged. Twilio Security Incident Response Team, or T-SIRT, assesses the threat of all relevant vulnerabilities or security incidents and establishes remediation and mitigation actions for all events.

  • Availability & Reliability

    • Infrastructure Redundancy

      The Twilio platform was designed and built on a high-availability infrastructure that ensures redundancy.

  • Organizational Security

    • Employee Background Checks

      All candidates in the USA must pass stringent background checks by a specialized thirdparty before being offered a position. For domestic candidates, these checks include: SSN trace, criminal county search (7-Year address history), multi-state instant criminal, National Sex Offenders Public Registry, OFAC, professional references, and education verification. For international new hires, the background check includes (where legal): international criminal search and education verification.

    • Employee Security Training

      All new Twilio employees attend a “Security 101” training during the onboarding process. In addition, all Twilio employees must take the Twilio Security and Privacy training once a year, which covers the Information Security Policies, security best practices, and privacy principles.

      The Twilio Security Team provides continuous communication on emerging threats, performs phishing awareness campaigns, and communicates with the company regularly.

    • 1 more topic

  • Business Continuity

    • Disaster Recovery Plan

      Twilio maintains formal Business Continuity and Disaster Recovery plans that are regularly reviewed and updated.

    • Data Backups

      Twilio performs regular backups of Twilio account information, call records, call recordings and other critical data using Amazon S3 cloud storage. All backups are encrypted in transit and at rest using strong encryption. Backup files are stored redundantly across multiple availability zones and are encrypted.

  • Threat Management

    • Bug Bounty
  • Subprocessors

    • Sign up to view Twilio's Subprocessors

Sign up to see the rest of Twilio's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
Copyright © 2023 Vanta. All rights reserved.
Logos provided in part by Clearbit.
Following the acquisition of Trustpage by Vanta, the information collected by Trustpage is now governed by Vanta's Privacy Policy.