Security & Compliance

We built Sibell to withstand scrutiny from CISO, Compliance and Procurement teams from day one. Here you'll find our Trust Pack: the document that answers the questions your legal and security team will ask.

TLS 1.2+ end-to-end AES-256 at rest OTP with SHA-256 + salt Ley 1581 / Habeas Data

What We Deliver by Default

Data Processor

We operate as Processor under Ley 1581 of 2012. The client remains the Controller of their end users' data.

Encryption & OTP Hashing

TLS 1.2+ in transit, AES-256 at rest, OTPs with SHA-256 + salt — never in plaintext.

DPA Ready from Day One

Data Processing Agreement as an approved template, without heavy negotiation. Available upon request.

Transparent Sub-processors

Public list of sub-processors with 15-day notice for changes. No surprises.

Incident Notification ≤ 72h

Internal incident management policy with P1-P4 classification and notification to affected client within 72 hours.

Operational Auditability

Persistent logs per verification, endpoint /metrics/providers and CSV exportable reports from the Dashboard.

What's Included in the Trust Pack

Eleven sections covering what your security team will ask about:

Corporate identification and service lines
Legal framework and Processor positioning
Security architecture (infra, encryption, access control, abuse protection, observability)
Current list of sub-processors
Incident management policy (classification, notification, continuity)
Data retention and deletion by category
Availability, latency and delivery SLA
Certifications, audits and compliance roadmap
Business continuity plan
Contacts and onboarding procedure
Appendices: applicable regulatory framework and related documents

Talk to Our Team

Do you have specific questions the Pack doesn't cover? Write to us:

Privacy and security: privacidad@sibell.in
Legal matters: legal@sibell.in
Commercial: contacto@sibell.in