Twilio respects the interests and rights of our customers with respect to data retention and deletion. To that end, we provide controls for our customers to manage their own personal data, and also for our customers to delete the personal data relating to their downstream users (such as the recipients of their messages). This guide explains Twilio's policies and user controls for retaining and deleting data.
Generally speaking, you have the ability to manage your own data deletion requests in the following ways:
|Twilio customers||As a Twilio customer, you have the ability to delete the data you control through normal use of the Twilio services. This includes managing your own data subject requests. For example, you can use our REST API to delete messages or delete call recordings.
If you are unable to use our API, you can always use the API explorer (for example, for SMS messages or for voice calls).
If you would like us to delete all of your personal data, you can manage that through the console as well. We do require you to log in — we cannot delete data on your behalf because we cannot authenticate your request by email.
|Twilio SendGrid customers||If you’re using the SendGrid service, we delete most data automatically according to our retention schedule, and we provide UIs and APIs that allow you to manage or delete from our service (see “Twilio SendGrid Marketing Campaigns customers” below).
SendGrid does retain some data in pseudonymized form for up to a year. This data is capable of being reidentified with the recipient. We retain backup data for network protection, disaster recovery, and business continuity purposes. Please see the section on data retention below. For data in backups, we provide an automated process that will handle the deletion for you. Just email your request to firstname.lastname@example.org. Please include your account ID (or subaccount if applicable), along with the recipient email address you would like us to delete. At your convenience, you can send this in the body of an email or in CSV (comma-separated value) format, such as by attaching a spreadsheet with two delineated columns. Your deletion request will be completed within 30 days.
|Twilio SendGrid Marketing Campaigns customers||If you’re using the SendGrid Marketing Campaigns service, SendGrid offers a number of self-service features that enable you to control your data, such as deleting a recipient or deleting an address on your contact list.
Please note: these tools will only delete content that you have uploaded to SendGrid, such as contact lists. Please use the email address above for other content.
|Mailing lists||If you are on Twilio’s mailing list and would like to opt out, please click the unsubscribe link or contact our Support team.
If you are on one of our customers’ mailing lists and would like to opt out, please contact the customer mailing you. All mail sent via SendGrid must contain a valid unsubscribe link. Because we are a processor, we are not able to remove you from our customers’ mailing lists, and we do not provide a way for you to opt out of receiving mail from SendGrid entirely. If you have received spam or abusive email through SendGrid, please report it to our abuse team.
|Non customers||We are a processor (or a service provider) for all communications content our customers send through Twilio. This means we’re not able to respond to deletion requests from individuals who aren’t our customers. If you are not a Twilio customer and would like us to delete the data we hold about you, please reach out to the Twilio customer with whom you have a relationship (the “controller” of your data) and ask them to delete data on your behalf.
We are unable to respond to requests sent by third party data subject request agents. If you’re a Twilio customer, please follow the process above.
Twilio does not sell personal data. Therefore, we do not provide a “Do Not Sell” link.
Data retention — Twilio services
What about the data that you cannot control via the tools we provide, or, when you self-delete data, or close your account, how long before the data is gone? That’s where data retention comes into play.
How long we store data depends on the service, the type of data in question, and your configuration. For example, we provide storage for messages and media for up to 13 months by default. However, you’re able to configure that storage setting yourself, if you’d rather us keep it for less time, and you can even turn off backup storage.
If that’s not enough, and you’re looking for even more control over what we store — or you’d like us to store nothing at all — we provide Message Redaction, which prevents us from storing your recipients’ phone numbers and messages altogether.
After you close your account with us, we will delete any Customer Content remaining on our servers after 30 days. We hold Customer Account Data a little longer — generally speaking, we delete it 60 days after you close your account, unless there is a specific need to retain your information longer. We’ll anonymize or delete Customer Usage Data when we no longer require it for the purposes outlined in our Data Protection Addendum.
Twilio will immediately process any data deletion requests. However, the timeline for the actual deletion of data will vary depending on several factors, including the type of data, the service you’re using, and any security or legal requirements. Our online documentation for each service provides a detailed list of the properties of each API function — for example, you can see this list for our SMS messaging service. Our documentation will identify, for each of these message properties, whether or not that property is classed as personal information (which we refer to as “PII” — this is personal data, but it’s easier to abbreviate!). We provide a flag: each resource has a flag of either “NOT PII” or “PII MTL: x DAYS.”
If a message property is PII, that “MTL” is the minimum time to live, or the minimum time we must hold that piece of data before deleting it. For the vast majority of our data, our MTL is 30 days.
Data retention — SendGrid service
If you’re using the Twilio SendGrid service, we only hold email message bodies for as long as it takes to send them. Other than your account data, we retain most other personal data, including email recipient data, for a maximum of 37 days (30 days, plus a little extra to finalize the deletion process), except for the purposes of fraud detection, security purposes, troubleshooting, or disaster recovery.
For fraud detection and security purposes, or for troubleshooting, we may take random content samples, which we hold for seven days. Those samples will include end users’ personal information.
For network protection and disaster recovery purposes, we will retain events associated with the email you have sent that can be reidentified with the recipient for up to a year.
As described above, when you ask us to delete your recipient’s data, it takes us about 30 days to complete that process (the data has a 30 day minimum time to live).
For more detail on how we retain and process SendGrid data please see the table below:
|SendGrid Data type||Retention period||Why?|
|Email message bodies||72 hours*||We retain email message bodies only as long as it takes for us to deliver the email. This can take up to 72 hours if we need to retry due to delivery failure.
* Please note that if you choose to use our Scheduled Sending features, we will retain email message bodies for as long as you tell us to (up to 6 days) based on your schedule. However, once the message is sent, we retain the message only as long as it takes to deliver the email.
|Content samples||7 days||SendGrid uses a process that takes random content samples of emails, which could include personal data such as recipient email address or the content of emails. We retain this information for 7 days, and we use it for both anti-fraud purposes and for troubleshooting.|
|SendGrid service, generally||~30 days||Email message activity, email recipient data, and metadata automatically times out after around 30 days (specifically, it times out after 37 days; it takes a little while for the deletion to process).|
|Short links||60 days||If you're using our Short Links product, the email addresses stored within the short link will be automatically deleted within 60 days.|
|Data in backups and email event data||~1 year||Although most data times out after a maximum of 37 days, SendGrid does retain some data in pseudonymized form for up to a year. This data is capable of being reidentified with the recipient. We retain backup data for network protection, disaster recovery, and business continuity purposes. Additionally, SendGrid retains some email event data for up to a year for anti-abuse purposes.|
|Customer-controlled data||As long as your account is active||There is some data that we retain as long as your account is active, and we will not delete. For example, if you're using the Marketing Campaigns service, SendGrid will retain the contact lists you have uploaded for as long as your account is active, unless you use the tools we have provided to delete the information in those lists.
Additionally, we will not delete your suppression list (also known as your opt out or unsubscribe list), and we will not remove an individual's name or email from your suppression list. You are responsible for managing your own suppression list. This is because a suppression list tells an organization who not to email, and it might cause the organization to violate spam laws if they delete data from their suppression lists, just to start emailing individuals who have opted out.
|Data we must retain for legal, security, or anti-fraud / anti-spam reasons||Indefinite, or as required||Additionally, we may retain data longer than these posted retention periods as needed for security, legal, and anti-fraud or anti-spam reasons. We won't be able to delete data that we're retaining for these purposes.|
As above, if you would like us to delete the data we're holding in backups, please email email@example.com. Note, again, that we cannot delete data we're retaining for anti-abuse or legal purposes.