Sinch expands to India through acquisition of ACL Mobile - Find out more today! Read more

Security & compliance

A hand holding a set of keys within a speech bubble graphic
Sinch Arc

The security, integrity, and availability of your data are our top priorities. We know how vital it is to your business success. To ensure you never have to worry, we use a multi-layered approach to protect and monitor all your information.

  • bullet point
    We strive to follow industry best practices when it comes to security and compliance using frameworks and guidelines such as OWASP, NIST, CIS, and CSA.
  • bullet point
    Data protection: Your data is protected in rest by AES256 encryption and in transfer using TLS 1.2
  • bullet point
    Our SOC, security operations center, is staffed 24/7 and is a centralized unit that deals with security issues on an organizational and technical level. Tasks include but not limited to: Weekly Vulnerability scans, Log analysis, anomaly detection, pattern deviation, threat hunting, firewall rule monitoring, deviation in port openings, and impossible logins.
  • bullet point
    Security penetrations tests are performed at least annually by a third party.
  • bullet point
    Continuous improvements are carried out by conduction security architecture review, threat intelligence & threat monitoring.
  • bullet point
    Security Awareness training​ - Mandatory yearly training for all users​ and additional specific training for operations, support and security staff
  • bullet point
    Crisis Management and Incident Management Training for staff are done with both tabletop exercises and different types of gamification.
Secure Verification

Vulnerability Disclosure


Sinch is committed to maintaining the safety and security of our services and our customers’ information. We encourage earnest, responsible reporting of potential vulnerabilities in any service, product, system, or asset made by or belonging to Sinch.

Security Vulnerability Submission Process

If you believe you have found a vulnerability in a Sinch service, product, system, or asset, please submit the vulnerability information to Sinch through an encrypted communication method. For submission via Email, please send an encrypted file detailing your submission. Encrypt your file using our public encryption key here.

To enable Sinch to remedy the vulnerability, please report it as soon as possible after discovering it and provide a detailed summary of the vulnerability, including the following if known:

  • bullet point
    A description of the finding and how it was discovered
  • bullet point
    The service(s), product(s), system(s), or asset(s) affected
  • bullet point
    Reproduction instructions to enable Sinch to validate the vulnerability (e.g., actions and results)
  • bullet point
    Provide detailed information about your findings (including available indications, for example, IP addresses, logs, screenshots).
  • bullet point
    Your contact information and PGP key. You can submit this information anonymously.

Personal data Sinch receives in connection with your submission will be retained and protected under the company’s privacy policies and any applicable laws.

A Sinch representative will acknowledge receipt as soon as possible, typically within 48 hours.

Submit any vulnerability information following these guidelines:

  • bullet point
    Do not engage in any activity that can potentially cause harm to Sinch, our customers, or our employees.
  • bullet point
    Do not engage in any activity that can potentially stop or degrade Sinch services, products, systems, or assets.
  • bullet point
    Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) Sinch data, services, assets or systems reside, (ii) Sinch data traffic is routed or (iii) the researcher is conducting research activity.
  • bullet point
    Do not store, share, compromise or destroy Sinch or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity and contact Sinch.
  • bullet point
    Do not initiate a fraudulent financial transaction.
  • bullet point
    Provide Sinch reasonable time to fix any reported issue, before such information is shared with a third party or disclosed publicly.

Contact details: security@sinch.com

Certifications

Sinch cloud communications platform for messaging, voice, and video and Sinch Operator Software is certified under the framework established by a Bureau Veritas Certification quality management system conforming to ISO 27001. Bureau Veritas Certification Certificate No: IND.20.1863/IS/U

Sinch believes certification is key to displaying our best practice in Information Security Management and our commitment to building customer trust.

What is ISO 27001?

The ISO 27001 certificate is the most globally recognized information security standard defined by the International Organization for Standardization (ISO). As the top certification for Information Security

Management Systems (ISMS), it prescribes a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process.

What does this mean for you as a customer?

We take the security of your information seriously and have implemented sophisticated security measures to safeguard it. We want our customers to rely on and fully trust our technology and services.

Getting ISO 27001 certified is a testament to the fact that Sinch prioritizes data security. But it also ensures that we:

  • bullet point
    Protect customer data rigorously
  • bullet point
    Assess, minimize, and eliminate risks and vulnerabilities
  • bullet point
    Work continuously with our security maturity
  • bullet point
    Achieve operational excellence regarding our IT, HR, and information processes
A padlock resting on a laptop keyboard

Continuous improvement

Our mission to security doesn’t end here. Information security is an ongoing process and we will keep working hard to maintain and exceed our standards to protect both company and customer data. Yearly audits will be performed by an external auditor to attest to our continuous compliance as we continue to develop and grow our business.

Business Continuity

Sinch has a business continuity plan in place that is tested and updated at least annually.

Benefits we have already realized in the process:

Sinch now has the freedom to operate without the use of its global office network. Through our business continuity planning, we have freed ourselves from the physical office and can securely offer Sinch services to our clients in the event of natural disasters or pandemics.

Related links

A set of padlocks locked in place on a big chain