Skip to Main Content
Developers docs Support Login
Bandwidth Logo
  • What's New
    Enterprise Communications Landscape 2025 report thumbnail

    Enterprise Communications Landscape 2025

    2025 State of Messaging

      • BYOC Integrations
        • Direct Routing
          for Microsoft Teams
        • Operator Connect
          for Microsoft Teams
        • Webex Calling
        • Zoom Phone
        • Genesys Cloud CX
        • Five9
        • SIP Link for Google Voice
        • Global SIP Trunking
        • E911 & Emergency Calling
        • Insights
      • Trust Services
        • Pindrop
        • Call Verification
        • Number Reputation Management
      • Conversational AI
        • AIBridge
      See all integrations close
      • Communications APIs
        • Voice API
        • Messaging API
          SMS MMS RCS
        • Emergency Calling API
        • In-App Calling API
        • Authentication API
      • Developers Docs
        • Documentation
        • SDKs
        • API References
      • Wholesale channels
        • Voice
        • Toll-Free Services
        • Emergency Calling
        • 911 Access
        • SMS Messaging
        • International Long Distance
      • Tools & Services
        • Phone Number Management
        • Phone Number Porting
        • Caller ID Management
        • Voice & Messaging Insights
    • Explore Coverage
    • Enterprise communications Simplify your communications
      with Maestro
    • SaaS and Apps APIs for your omnichannel
      engagement strategy
    • Communication platforms Global PSTN connectivity
      with one provider
    • By use case
      • Migrate to UCaaS
      • Compose your CX
      • Embed communications in apps
      • Automate CX with APIs
      • Consolidate global providers
      • Level up toll-free resiliency
    • By industry
      • Healthcare
      • Finance
      • Telecommunications
      • Retail & Ecommerce
      • Hospitality & Tourism
  • 2025 Emergency Services Academy
    The State of Business Texting Podcast
    2025 STIR/SHAKEN updates for Third Party Authentication
    Contact Center AI: 2025 Guide
    • Blog and News
    • Customer Stories
    • Glossary
    • Partners
    • Resources
    • Webinars
    • Developer Docs
    • Compliance Hub
  • Coverage
  • Pricing
  • search
  • search
    • Portal Login
    • Support
    • Developer Docs
    1-800-808-5150
  • Talk to an expert
  • Request trial

Data protection and privacy

Legal
  • Law enforcement and legal compliance guide
  • Report a phone number
  • Rural Call Completion Inquiry
  • Communications Services Agreement
  • Reseller Services Agreement
  • Supplemental Legal Terms
  • Product Terms
  • Data protection and privacy
  • Acceptable Use Policy
  • Privacy Notice
  • 911 & VoIP
  • Trademark & Service Guide
  • Virtual patent marking
  • GPL Cooperation Commitment

As part of our mission to deliver exceptional experiences everywhere, Bandwidth is committed to maintaining and maturing a global privacy program that serves our customers, employees, and end users worldwide.

Our team

The Bandwidth Privacy Team work across time zones to design and implement a global privacy program that is tailored to our industry, responsive to our customers, and protective of their end users. In addition to our internal team, Bandwidth has appointed an external Data Protection Officer (DPO) to ensure the definition, assessment, and enforcement of our privacy program and policies under applicable data protection & privacy laws worldwide.

Global reach

Bandwidth services have a global reach, delivering exceptional experiences everywhere. Our global privacy program is built on the framework of GDPR principles and CCPA/CPRA imperatives that have served as the model for emerging privacy and data protection laws in other jurisdictions. Our team continuously monitors and updates our privacy program in accordance with applicable laws and regulations from around the world.

Continuous review

Bandwidth is always striving to improve, and our privacy program is no exception. We continuously review and update our approach to ensure meaningful compliance informed by industry best practices and applicable data protection and privacy laws and regulations.

Transparency

While privacy and data protection laws can be complicated, our commitment to transparency means it’s easier to do the right thing. Bandwidth publishes a transparency report related to government access requests on an annual basis as part of its Corporate Responsibility Report, available at investors.bandwidth.com.


Certification

Learn about ISO Certification


International data transfers

Bandwidth relies on Standard Contractual Clauses as the valid transfer mechanism for data transfers among our internal affiliates and with our customers in our standard global DPA. Our customers and prospective business partners may reference our Transfer Impact Assessment FAQ to gather relevant information for their independent assessment of Bandwidth as a vendor or partner.

Get the TIA FAQ


Quick links

  • Bandwidth’s Privacy Notice
  • Global DPA
  • Subprocessor List
  • Data Subject Rights
  • Security
  • Law Enforcement Guide

Frequently asked questions

Bandwidth services have a global reach, delivering exceptional experiences everywhere. Our global privacy program is built on the framework of GDPR principles and CCPA/CPRA imperatives that have served as the model for privacy and data protection laws worldwide.

Our team continuously monitors and updates our privacy program in accordance with applicable laws and regulations from around the world. As subject matter experts and engaged collaborators, we foster a culture of data protection and privacy within Bandwidth. We believe privacy is a team sport, and we work together with Bandmates across the company to mitigate risk and achieve meaningful compliance.

All Bandmates receive information security and privacy training yearly, including CPNI, GDPR & US State Privacy Laws, and HIPAA. Individual teams receive additional in-depth training in privacy topics relevant to their role at Bandwidth. And our cross-functional league of Privacy Champions helps us operationalize, evangelize, and deliver on our promises as boots on the ground throughout the year.

We offer our customers a clear and concise Global DPA in our contracting process, available at www.bandwidth.com/legal/dpa. This document reflects our attention to the roles and responsibilities we play in processing personal data through our products and services, as well as the key contractual provisions required by applicable data protection laws around the world.

In support of our commitment to data protection and privacy, Bandwidth maintains appropriate administrative, technical, and physical security measures to help safeguard against the accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the personal data we process or use. We are ISO 27001:20013 certified and SOC II compliant. We participate in yearly third-party information security audits to validate our continual progress. We’re proud to tell you more about our credentials at www.bandwidth.com/security.

As a communications service provider, Bandwidth generates, collects, and processes certain categories of personal data in order to provide our services and comply with our regulatory obligations.

In most cases, Bandwidth acts as a controller for essential data elements in the telecommunications ecosystem. As detailed in our DPA, this includes Customer Account Information, Communications Metadata, and Subscriber Data.

  1. Customer Account Information means (i) information used for Customer’s account billing and payment or to prevent fraud or misuse of the Services such as: name, email address, phone number of a Customer’s representative; and (ii) other information Bandwidth may Process in the context of creating or maintaining a business relationship with Customer for purposes of the Services. We use this information for billing and payment, to prevent fraud and misuse of our services, and to maintain or manage a business relationship with a customer.
  2. Communications Metadata means information generated in connection with the conveyance of communications via the Services, and used for the performance and billing thereof, such as source and destination information, IP address, time duration or completion status. This category includes traffic data (CDRs) and logs. We use Communications Metadata to provide, maintain, bill, and optimize the services; to prevent fraud and misuse of our services; and to comply with federal or local regulatory requirements.
  3. Subscriber Data means any identifying information about subscribers purchasing our services that Bandwidth may collect to comply with local regulatory requirements or provision of Services, such as name, birth date, physical address, nationality, identification card of the appointed representative of Subscriber. We use Subscriber Data to comply with local regulatory requirements, such as LAR and identity verification. We may also use Subscriber Data for telephone number assignments, number portability, or provision of emergency services.

In some cases, Bandwidth may also act as a processor at the direction of our customers purchasing certain product features.

For more information on Bandwidth’s roles and responsibilities with respect to personal data, please refer to our DPA

Across each category of data, our commitment to privacy and security is paramount to serve our customers, comply with regulatory requirements, and protect end users. You can learn more about our security measures at www.bandwidth.com/security.

Like most software service providers, Bandwidth uses a select number of third-party subprocessors to support our product offerings, including cloud-based hosting, storage, and infrastructure provider(s).

A current list of subprocessors is available here.

Together the Global Sourcing, Contracts, Privacy, and Vendor Risk Management teams perform an extensive assessment and approval process before licensing or using third-party vendors. In addition, the Privacy Team provides training to help ensure that data processing and cross-border data transfers are identified, considered, and addressed at each stage of review.

Bandwidth relies on Standard Contractual Clauses as the valid transfer mechanism for data transfers among our internal affiliates and with our customers in our DPA.

In support of the SCCs and in accordance with Schrems II, Bandwidth has conducted an internal transfer impact assessment for international data transfers that occur among our affiliates, in particular the transfer of personal data to the United States in connection with our products and services.

Our customers and prospective business partners may reference this Transfer Impact Assessment FAQ to gather relevant information for their independent assessment of Bandwidth as a vendor or partner.

While EU-US Privacy Shield is no longer recognized as a valid transfer mechanism, Bandwidth maintains Privacy Shield certification as part of our continued commitment to adhere to the attendant principles and EU standard of care.

Information on law enforcement requests may be found at the Law Enforcement Guide.

Our global regulatory operations teams implement and enforce a tailored review process for government access requests to ensure appropriate responsiveness in applicable jurisdictions and the protection of the personal data of our customers and their end users.

Bandwidth publishes a transparency report related to access requests on an annual basis as part of its Corporate Responsibility Report, available at https://investors.bandwidth.com/.

Privacy should never be more than a click away. Bandwidth offers an easy-to-use form for data subjects to exercise their rights, available through our Privacy Notice and at this direct link: DATA SUBJECT RIGHT REQUEST FORM

Bandwidth Logo Mark

Get monthly updates, insights, and strategies

Our company
  • Company
  • Contact
  • Newsroom
  • Careers
  • Investor Relations
  • Leadership
Quick links
  • Support
  • Service Status
  • Developers
  • Resources
  • Security
  • Partner Program
  • Blog
  • Customers
  • Release Notes
  • Glossary
  • Twilio Alternative
  • Sinch Alternative
  • Regulations
  • Coverage
Legal
  • General
  • Law Enforcement Guide
  • Bandwidth Privacy Notice
  • Report a Phone Number
  • Cookie Notice
  • Terms Of Use
  • Canada ACA Consultation Process
Request trial Talk to an expert
Call Us
+852 581 8800
Bandwidth.com CLEC, LLC is a wholly owned subsidiary of Bandwidth Inc. ©2025