Twilio
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II SOC 2 Type I and Type II both listed; documentation via security.twilio.com. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 ISO/IEC 27001:2013 certified (Coalfire certification logo shown). | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27017 ISO/IEC 27017 cloud security controls. | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27018 ISO/IEC 27018:2019 — PII protection in public cloud. | Verified | vendor source ↗ | June 10, 2026 |
| PCI DSS Level 1 PCI DSS Level 1 and Level 4 listed. | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA HIPAA-eligible products and services list published; architectural responsibility shared with customer. | Verified | vendor source ↗ | June 10, 2026 |
| Binding Corporate Rules EU Binding Corporate Rules for cross-border transfers. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Twilio have SOC 2?
Subprocessors
Subprocessor extraction for Twilio is pending.
Hosting & data residency
- Infrastructurenot yet recorded
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://trust.twilio.com
- Security pagehttps://www.twilio.com/en-us/security
- DPAhttps://www.twilio.com/en-us/legal/data-protection-addendum
- Status pagehttps://status.twilio.com
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added with a verified initial snapshot: SOC 2 Type I/II, ISO/IEC 27001:2013, ISO 27017, ISO 27018:2019, PCI DSS Level 1 & 4, HIPAA-eligible product list, and EU Binding Corporate Rules confirmed against Twilio's security page (twilio.com/en-us/security, fetched 2026-06-10). The trust portal (security.twilio.com / trust.twilio.com) requires access requests for report downloads.