With Twilio's Message Redaction feature, you protect customers' messaging privacy by redacting the message body and phone number. You can enable this privacy feature at the account level so that Twilio does not retain sensitive customer information by default.
If you are building for highly regulated industries, such as health care, financial services, and education, content redaction may be required to ensure your application's regulatory compliance. Privacy and anonymous communications may also be a value proposition for your application.
This guide shows you how to set up your Twilio account correctly for content and phone number redaction, and includes code samples that retain this information at an individual message level.
With message body redaction, you ensure that Twilio never retains message bodies that may contain sensitive information. Phone number redaction will obfuscate the last four digits of the non-Twilio phone number in the message request.
SMS/MMS and WhatsApp redaction vary slightly in implementation. For more information about WhatsApp message redaction, please continue to the next section.
stop
message, the built-in STOP filtering saves the incoming phone number to Twilio's internal list of blocked numbers for that account. Therefore, using Twilio's built-in STOP filtering could potentially violate the phone number redaction guarantee for customers who choose to opt-out of messages.Please note that if you disable this feature, you will need to build STOP filtering yourself as this is generally required by telecommunications carriers as well as anti-spam laws.
To disable automatic STOP filtering, contact Support.
Twilio logs GET
request parameters for up to seven days. When setting the A Message Comes In webhook on a Phone Number or Messaging Service, make sure that the method is set to POST
, not GET
. You must use POST
on both the primary and fallback webhooks to ensure redaction.