Security
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Role-based access control (RBAC) with enforced MFA.
- Continuous monitoring of access patterns and anomalies.
- Quarterly rotation of credentials and secrets.
We operate with audit by default.
Every action a Xplouse agent runs is signed in an immutable audit ledger. Every integration, every data point and every decision is traceable and exportable.
Compliance
- Colombia Law 1581/2012. Personal Data Protection.
- Decree 1377/2013. Habeas Data regulations.
- GDPR for EU citizens' data.
- LGPD for Brazilian citizens' data.
- SARLAFT compatible for Colombian financial sector.
Sub-processors
- Google Cloud Platform. Hosting and infrastructure.
- Vertex AI / Gemini. Foundation language models.
- Anthropic Claude. Complementary language models.
- Meta Business. Official WhatsApp Cloud API.
- Resend. Transactional email delivery.
- Supabase. Encrypted operational database.
Data residency
- Regional deployments in us-east, us-south and europe-west.
- Customer chooses jurisdiction at onboarding.
- Data never leaves the agreed region without explicit consent.
- Encrypted backups stay in the same region; no cross-border replicas.
Report a vulnerability or request a DPA at Xplouselab@gmail.com