If you're using Virgil Security's end-to-end encryption solution, any service that handles your application's encrypted data will not be able to access the plaintext data at all. However, some teams want to take the extra step of deleting encrypted data from messaging providers after delivery for added security or for compliance reasons.

With Twilio's Programmable Chat, it's possible to either delete a message entirely with all its metadata or to simply redact the body of the message. Both options are achievable using their REST API or Client SDKs.

For the REST API, use one of the links:

For the Client SDKs, use one of the links:

Healthcare applications that need to comply with HIPAA must use a two pronged approach for Twilio to be considered as a “conduit” and acceptable to send PHI through without a BAA:

  • end-to-end encrypt message data containing PHI using Virgil Security E3Kit
  • delete all messages and their metadata from Twilio upon delivery

Did this answer your question?