Security | Twilio Segment

Internal Security

Data encryption

Your data is encrypted at rest and protected by TLS in transit. Your Segment password is hashed using bcrypt, and we manage our production secrets with AWS tools.

Rigorous product design and security testing

Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors. We also employ a public bug bounty for continuous assessment.

Time-bound access

We systematically limit internal access to critical tools and resources using time-based access.

For more details on security at Segment, download our Security Overview.

Security at Segment

Product Security

Manage access to your account

Centrally manage your policies for access with Single Sign-On (SSO) on the Business plan.

Control visibility with user access levels

Control access to your Sources and Workspaces with fine-grained permissions to manage how your users interact with your data.

System for Cross-domain Identity Management (SCIM)

SCIM allows your Identity Provider (IdP) to manage users and group membership within the Segment application.

Password guidance

When choosing a new password, we provide visual guidance to help customers pick strong passwords that have not been exposed in security breaches on other websites.

Multi-factor authentication (MFA)

MFA provides an additional layer of security beyond your username and password. When logging into Segment, you’ll also enter a code from your mobile phone.

Bug bounty program

Since August of 2017, Segment has run a bug bounty program on the Bugcrowd platform. This program has provided tremendous value, and has improved security for both Segment and our customers. We consider our bug bounty program one of the best investments for finding and fixing existing vulnerabilities in our applications and internet-facing assets. We’ve also built productive relationships with security researchers and see some as an extension of our team. If you’ve found a vulnerability, please read the rules of our bounty brief and submit here.

Happy Hunting!

Certifications and attestations

Segment’s security and privacy program is based on and aligned with industry-standard frameworks, and we maintain a comprehensive suite of certifications and attestations to further demonstrate our commitment to security and privacy.

View certificates

Segment’s commitment to data privacy

We take the responsibility of respecting privacy seriously. Here are a few initiatives Segment is committed to:

Data Processing Agreement

Our Data Processing Agreement (DPA) reflects the requirements of the GDPR.

Data Transfer Practices

We offer Standard Contractual Clauses for compliant user data transfer and storage outside of the EU.

Privacy by Design

Your data is yours to own. Segment does not sell our customers' user data.

Privacy Policy

Our Privacy Policy honors CCPA, the GDPR, the Privacy Shield Framework.

Data Protection Officer

Segment has appointed a Data Protection Officer to oversee our ongoing compliance efforts.

Articles by Security

How Twilio Segment proactively protects customer’s API tokens

Sal Olivares, Senior Software Engineer, Security

Changing of the guard: migrating an authorization service used by thousands of customers from Go to Typescript

Rex Chen, Staff Software Engineer, Security

Tracking Meaningful Security Product Metrics

Leif Dreizler, Senior Engineering Manager, Security

How to plan an SMS MFA migration that affects thousands of users

Jordan Kohl, Staff Software Engineer, Security

Redefining Threat Modeling: Security team goes on vacation

Jeevan Singh, Director of Product Security

Access Service: Temporary Access to the Cloud

Andy Li, Software Engineer, Security

Shifting Engineering Right: What security engineers can learn from DevSecOps