個人を特定できる情報 (PII = Personally Identifiable Information)


個人を特定できる情報 (PII = Personally Identifiable Information) または個人情報は、単一の個人に対応するデータを指します。 個人を特定できる情報としては電話番号、国民識別番号、メールアドレス、または個人に対してそれ単体、あるいは他の情報と組み合わせて連絡を取ったり、身元を特定したり、居所を割り出したりすることが可能なデータが考えられます。


In response to businesses collecting and storing more and more individuals’ PII (also known as personal data), individuals and regulators have been applying greater scrutiny to how businesses use and safeguard that data. As a result, various jurisdictions have passed legislation to limit the use, distribution, and accessibility of PII, while allowing companies who need it to manage the data safely.

As PII (or personal data) is a legal concept rather than a technical concept, legislation around PII varies across different jurisdictions. Global privacy laws like GDPR in the European Union, sectoral laws like HIPAA and PCI in the United States, state laws like CCPA, CPRA, CalOPPA, state and regional data breach laws, and other regulations control what defines PII. Which data is classified as PII may also differ by use case. For instance, depending on the jurisdiction or your use case, IP addresses may or may not be considered PII.


Twilioは弊社のお客様の情報の管理を重要なものとして位置付けています。 弊社内にはお客様のデータの安全を保つためのソフトウェア、構成、プロセス、そしてデータ管理に対するガイドラインがあります。 Twilioのシステム内においては、個人を特定できる情報に該当しうるデータを異なる方法で管理しています。

  • Twilioでは、システム内でどのデータが個人を特定できる情報として管理されているかを明確にし、お客様のデータが正しい方法で管理されていることを、お客様の管轄区域やユースケースに対して担保するために役立てられるようコミットしています。
  • Twilioでは弊社とお客様との法的な関係についての詳細を拡張するData Protection Addendumを用意しており、これはTwilioがお客様に代わってデータを管理する方法を明確にするうえで役立ちます。
  • If you are in Europe, explore Twilio’s GDPR Program. This page clarifies how we manage data where some parts of your data may originate in Europe. Note: While you may not be in Europe or a phone number may not be European, the person at the other end of the phone could be a European in Europe.


PII fields

Twilio manages fields marked PII in Twilio’s documentation as though they contain PII, also known as personal information or personal data. This means that Twilio implements appropriate technical and organizational security controls as appropriate to the risk associated with that data. For example, data will not be visible to Twilio’s employees unless they are acting as a surrogate for you (e.g., debugging on your behalf) or have some other legitimate businesses need to access it. As well, values are anonymized or removed when we need to hold on to information for statistical analysis, reporting, and capacity planning - none of which require the PII itself. Names, your end users’ phone numbers, or transcriptions of voice calls and chats are all examples of fields that Twilio treats as containing PII. Phone numbers that you rented from Twilio, whether a long code or short code, because they are owned by Twilio, are managed differently from non-Twilio numbers.

Each Twilio field marked as PII is also marked with an MTL - a Minimum Time to Live. This is the number of days after creation that data will be stored in Twilio's systems for carrier reconciliation, tax management, or other business purpose that requires us to hold the data. Outside of the MTL, deletions from a Twilio API will be applied immediately, however it may take up to 30 days to delete from backups and other interconnected systems. For example, if a resource has MTL of 90 days, and you delete it on day 1 after creation, information will be completely gone 91 days after creation, because of the MTL. If you delete it on day 90, it will be gone by day 120, taking 30 days. If you have special retention requirements, check with our support team or success manager for potential options.

PII management when you leave Twilio

When you leave Twilio following a reasonable grace period to allow you to change your mind, all PII data is anonymized or removed from Twilio’s systems where possible within 30 days except where the MTL is longer.
Please note that in addition to the MTL listed, we may also retain PII in connection with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse, or if required to do so in connection with legal matters such as litigation, law enforcement requests, or government investigations.

Fields marked “Not PII”

Fields marked with “Not PII” are stored in Twilio and may be used for counting or other operations as Twilio runs its systems. These fields generally cannot be redacted or removed.
In some instances, you might be able to control the data in these fields. You should take care not to place PII in fields with this designation. Twilio does not treat this data as PII, and its value may be visible to Twilio employees, stored long-term, and may continue to be stored after you’ve left Twilio’s platform.
If you think you need to put PII in these fields, please check with our support team to see if there’s a better way to manage your data.





Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!

Refer us and get $10 in 3 simple steps!


Get link

Get a free personal referral link here


Give $10

Your user signs up and upgrade using link


Get $10

1,250 free SMSes
OR 1,000 free voice mins
OR 12,000 chats
OR more