Pursuant to Law 1581 of 2012 — Version 1.0 · Effective since May 15, 2026
Notice: this version 1.0 is the first published revision. The described practices are updated periodically as Sibell SAS operations and Colombian data protection regulations evolve.
Sibell SAS — NIT 901.916.609-5
Version: 1.0
Effective Date: May 15, 2026
Last Updated: May 15, 2026
| Legal Name | Sibell SAS |
| NIT | 901.916.609-5 |
| Address | Calle 174 No. 57-30, Bogotá D.C., Colombia |
| Legal Representative | Elimar Sibelis Pontón Deluquez |
| General Contact | contacto@sibell.in |
| Privacy and Data Protection | privacidad@sibell.in |
| Phone | +57 311 841 4866 |
| Website | https://sibell.in |
This policy complies with the Political Constitution of Colombia (Article 15), Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015, circulars and resolutions issued by the Superintendent of Industry and Commerce (SIC), and other related regulations in force in Colombia on personal data protection.
This policy applies to all personal data recorded in databases administered by Sibell SAS in its capacity as Data Controller, including:
Important — operation as Data Processor: In its main business line (SMS 2FA authentication service and related services), Sibell SAS acts as Data Processor of data for which the Data Controller is its corporate client. The processing of such data is governed by the respective Data Processing Agreement signed with each client and by Law 1581 of 2012. Habeas Data requests regarding data processed under this arrangement must be directed to the corresponding corporate client; Sibell will collaborate in all cases as established in section 11 of this policy.
For purposes of this policy, the definitions in Article 3 of Law 1581 of 2012 and Article 3 of Decree 1377 of 2013 apply. In particular:
Sibell SAS applies the principles enshrined in Article 4 of Law 1581 of 2012:
Full name, identity document number, date of birth, nationality.
Email address, phone number, address, city, country.
Position, company, work area, professional experience.
Payment information, billing, consumption of contracted services.
IP address, browsing data, cookies, device identifiers, platform access logs.
Sibell SAS does not collect or process sensitive data from Data Subjects covered by this policy. If the Data Subject voluntarily provides sensitive data (for example, in a support communication), explicit authorization will be requested and enhanced processing will apply.
Sibell SAS does not direct its services to minors nor knowingly collect data from minors. If data from a minor is identified, it will be immediately deleted, unless authorization from the legal representative is provided pursuant to Article 7 of Law 1581 of 2012.
Sibell SAS processes personal data for the following purposes:
Pursuant to Article 8 of Law 1581 of 2012, every Data Subject has the right to:
The Data Subject may exercise their rights through any of the following channels:
Requests must contain:
Sibell SAS will handle queries within a maximum term of ten (10) business days from the date of receipt. When it is not possible to handle the query within said term, the interested party will be informed before expiration, stating the reasons for the delay and indicating the date on which the query will be handled, which in no case may exceed five (5) business days following the expiration of the first term.
Claims must be filed identifying the Data Subject, describing the facts giving rise to the claim, indicating the notification address, and attaching the documents to be considered.
If the claim is incomplete, Sibell SAS will require the interested party within five (5) business days following receipt to correct the deficiencies. After two (2) months from the requirement without the claimant presenting the required information, the claim will be deemed withdrawn.
The maximum term to handle the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to handle the claim within said term, the interested party will be informed of the reasons for the delay and the date on which it will be handled, which in no case may exceed eight (8) business days following the expiration of the first term.
Pursuant to the paragraph of Article 16 of Law 1581 of 2012, the Data Subject may only file a complaint with the SIC once they have exhausted the query or claim procedure with Sibell SAS.
When a Habeas Data request refers to personal data processed by Sibell SAS as Processor (for example, phone number of an end user of a client fintech), Sibell SAS will:
Sibell SAS applies reasonable and proportionate technical, administrative, and human measures to protect personal data against alteration, loss, query, use, or unauthorized or fraudulent access. These include:
More details on the technical architecture can be found on the Security & Compliance page.
Sibell SAS will retain personal data only for the reasonable time necessary to fulfill the processing purposes or as required by Colombian law (accounting, tax, labor obligations, and fraud prevention, among others).
Once the purposes are fulfilled and legal retention periods expire, data will be securely deleted or irreversibly anonymized.
For the provision of services, Sibell SAS relies on technology providers acting as Processors or sub-processors. The current list includes:
| Provider | Service | Country |
|---|---|---|
| Inalambria Internacional S.A.S. | SMS Message Routing | Colombia |
| Google LLC (Google Cloud Platform) | Cloud Infrastructure | United States |
| Bold Compañía de Financiamiento S.A. | Payment Gateway | Colombia |
| Hostinger International Ltd. | Transactional Email (SMTP) | European Union (Lithuania) |
This list may be updated. The current version can be requested at privacidad@sibell.in.
Sibell SAS carries out international data transfers due to the use of technology providers with infrastructure outside Colombia (for example, Google Cloud Platform). These transfers are made to countries that have an adequate level of data protection or, failing that, through contractual clauses that guarantee standards equivalent to those required by Colombian legislation.
By accepting this policy, the Data Subject authorizes such transfers.
The website sibell.in uses cookies and similar technologies to improve browsing experience, remember preferences, analyze site usage, and, where appropriate, perform targeted marketing. The specific cookie policy is available at sibell.in/cookies.
Authorization from the Data Subject will be obtained prior to processing, through:
Authorization may be revoked at any time through the channels in section 9.
When, by exception, it is not possible to obtain prior authorization, Sibell SAS will make available to the Data Subject a privacy notice pursuant to Article 14 of Decree 1377 of 2013.
Sibell SAS will periodically evaluate the obligation to register its personal databases with the National Database Registry administered by the SIC, pursuant to the thresholds defined by current regulations. In its main role as Data Processor, this obligation does not apply while Sibell does not retain end-user personal data under its own responsibility.
Sibell SAS may modify this policy at any time. Modifications will be communicated through the website sibell.in at least ten (10) calendar days before their effective date. Substantial changes will also be communicated by email to active clients.
This policy becomes effective on May 15, 2026 and will remain in force until modified or repealed by Sibell SAS. The administered databases will have indefinite validity as long as the processing purposes are fulfilled and legal or contractual obligations exist that justify their preservation.
For any query or claim regarding the processing of your personal data:
Email: privacidad@sibell.in
Address: Calle 174 No. 57-30, Bogotá D.C., Colombia
Phone: +57 311 841 4866
Sibell SAS — NIT 901.916.609-5