Sinch

Sinch

Search the Trust Center...
Ctrl +K

Sinch | Trust Center

Everything you need to complete your security review is here. Browse documents, certifications, and compliance details with confidence. Our Trust Center is regularly updated to reflect the latest audit results, and subprocessor disclosures.


Our Philosophy

At Sinch, security is not a feature, a department, or a line item—it is the unshakeable foundation of our entire platform. We believe that in a world built on digital connections, the trust our customers place in us to carry their most critical communications is sacred. We honor that trust not with promises, but with an unrelenting, engineering-first commitment to security that is embedded in our DNA.

Sinch Security team

Sinch is fully compliant with Ireland's SMS Sender ID Registry


Badges

gdpr
GDPR
hecvat
HECVAT

Quick Summary

One or more annual third-party audit(s)

Has a formal mobile device management (MDM) program

Annual third-party penetration testing

Has a disaster recovery plan

Has cyber insurance

Deletes customer data on request


Documents & Knowledge Base FAQs


What we offer

Sinch Messaging

Provides powerful APIs and platforms for businesses to communicate with customers via SMS, MMS, and popular social messaging apps like WhatsApp for everything from automated alerts to AI-powered conversations. This category includes the following products:
• Sinch Campaigns
• Sinch Chatlayer
• Sinch ContactPro
• Sinch MessengerPeople
• Sinch Nova
• Sinch NovaMMS
• Sinch SDI
• Sinch4marketing
• Sinch Wavy (LATAM)
• Sinch Xura
Certifications may apply to specific products

Sinch Engage (MessageMedia)

Provides easy-to-use, web-based software for small and medium-sized businesses to run SMS marketing campaigns, send appointment reminders, and have two-way conversations with their customers. This category includes the following products:
• Sinch MessageMedia
• Sinch ClickSend
• Sinch Bulletin
• Sinch SimpleTexting
• Sinch Engage
Certifications may apply to specific products

Sinch Email

Offers a developer-first, scalable, and reliable infrastructure for sending transactional and marketing emails, focused on ensuring high deliverability and providing advanced analytics. This includes our industry-leading Mailgun and Mailjet platforms. This category includes the following products:
• Sinch Mailgun
• Sinch Mailjet
• Sinch Email on Acid
Certifications may apply to specific products

Sinch Voice

Delivers a full range of voice services, including programmable voice APIs, in-app voice & video, user verification, and carrier-grade SIP trunking, all on a global, interconnected network. This category includes the following products:
• Inteliquent
• UCaaS
• Phaxio
• Acrobits
• Voice API and In-app Calling (Voice & Video)
• Verification
• Number Lookup
• Fax API
• Elastic SIP Trunk
Certifications may apply to specific products


Announcements

Sinch is fully compliant with Ireland's SMS Sender ID Registry

Sinch has been recognized by Ireland's communications regulator, ComReg, as a fully compliant Mobile Service Provider under the SMS Sender ID Registry. The registry has been a requirement since July 2025, and Sinch now sits on ComReg's public list of compliant providers.

We scored a perfect 4/4 on ComReg's Sender ID Conformity Index, which checks providers against four compliance criteria. Sinch met every one.

If you send SMS to customers in Ireland, this matters to you. Messages from unregistered sender IDs can be flagged to recipients as "Likely Scam." Working with a fully compliant provider helps keep your sender IDs trusted, not flagged.

Want to learn more about the Irish Sender ID Registry and what it means for your business? Get in touch.

See details here


Third-party Salesforce Gainsight Event

At Sinch, the security of our systems and the protection of your data are our highest priorities. We are writing to provide a status of the recent Security incident involving Salesforce Gainsight apps which affected some Salesforce customers.

After a comprehensive review, we have confirmed that our organization was not impacted by this incident. Until now, our investigation has identified the following:

  • We did not receive any notification from Salesforce or other vendors indicating that our environment was affected.
  • Salesforce also disabled the integration during their investigation (according to Salesforce status page)

Our Information Security team is still monitoring all the news about this case to ensure that no impact to Sinch and customers exists. We remain committed to using a proactive security posture. We will continue to diligently monitor our critical vendors through our established third-party risk management program, which includes continues security monitoring and regular assessments.

We appreciate your trust in us, and we are committed to maintaining the highest standards of security and transparency.

Sinch Information Security Team


SOC2 Type I Reports now available for Message4U Ltd.'s Sinch Engage/MessageMedia Platform & Sinch Brasil SA's Wavy MM2 Messaging Platform

#Compliance
We are pleased to announce our SOC2 Type I Reports are now available for Message4U Ltd.'s Sinch Engage/MessageMedia Platform & Sinch Brasil SA's Wavy MM2 Messaging Platform on our Trust Center. The Wavy report can be downloaded under the Sinch Messaging Product and the MessageMedia report can be downloaded under the Sinch Engage (MessageMedia) product.


Salesloft/Drift Salesforce Integration Investigation

#Vulnerabilities
Update on the Third-Party Salesloft/Drift Security Incident

At Sinch, the security of our systems and the protection of your data are our highest priorities. We are writing to provide an update regarding the recent security incident involving a third-party vendor, Salesloft/Drift, which affected some Salesforce customers.

After a comprehensive review, we have confirmed that our organization was not impacted by this incident.

Our investigation concluded the following:

• We have found no evidence of any unauthorized access, data exfiltration, or anomalous activity within our Salesforce environment.

• We have verified that no customer records, personally identifiable information (PII), or other sensitive data were exposed or compromised.

• We did not receive any notification from Salesforce or other vendors indicating that our environment was affected.
While we have determined there was no impact on Sinch from this event, we remain committed to a proactive security posture. We will continue to diligently monitor our critical vendors through our established third-party risk management program, which includes continuous security monitoring and regular assessments.

We appreciate your trust in us and are committed to maintaining the highest standards of security and transparency.


Salesloft/Drift Salesforce Integration Investigation

#Vulnerabilities
Sinch is aware of the potential Salesforce data theft via Salesloft/Drift. Our investigation is ongoing and at this time, there is no indication of compromise or customer information lost. We will continue our thorough investigation and will update the Trust Center when the review is complete. Thanks for your patience.


SOC2 Type II for Mailgun Technologies (Mailgun, Mailjet and Email on Acid services) is now available!

#Compliance
Mailgun Technologies, Inc has completed its SOC2 Type II for Sinch Mailgun, Mailjet and Email on Acid Services for the August 1, 2024 to July 31, 2025 period.

The report is now available for download from our Trust Center by selecting Mailgun


SOC2 Type II for Mailgun Technologies (Mailgun, Mailjet and Email on Acid services) is now available!

#Compliance
Mailgun Technologies, Inc has completed its SOC2 Type II for Mailgun, Mailjet and Email on Acid Services for the August 1, 2023 to July 31, 2024 period. The report is now available for download from our Trust Center.


SharePoint Zero Day - OnPrem CVE-2025-53770

#Vulnerabilities
(CVE-2025-53770) = No known impact


NOW AVAILABLE! SOC2 Type II for Sinch Messaging API - SMS, Sinch Messaging API - MAD, Nobill, Rialto services

#Compliance
Sinch has completed its SOC2 Type 2 for Sinch Messaging API - SMS, Sinch Messaging API - MAD, Nobill, and Rialto. The report is now available for download from our Trust Center


Check out our UpGuard Trust Center

#General
We are thrilled to announce our UpGuard Trust Page is live!

https://trust.upguard.com/7c0aa91a-9925-4205-8889-ae3256ef4935

Please check it out and view additional details on our security posture.

Note: Visitors will be prompted to create a free UpGuard account for their organization in order to access our documents and questionnaires.


Data Privacy Framework

#Compliance
Mailgun Technologies, Inc. is now self-certified with the EU-US Data Privacy Framework. The certification can be viewed publicly at: https://www.dataprivacyframework.gov/s/ then search for Mailgun.


Data Privacy Framework

#Compliance
Mailgun Technologies, Inc. has self-certified for the EU-US Data Privacy Framework but will not be listed on the active companies listing until the next update of our Privacy Policy which is expected on Jan. 15th, 2025. We expect the self certification approval shortly afterwards.


Data Privacy Framework

#Compliance
Mailgun Technologies, Inc., US company, part of the Sinch group, has submitted its self-certification application and is awaiting the response on the DPF. Given the large number of applications, the Dept of Commerce is taking more than anticipated in reviewing them. Please continue to check the active list of certified companies to see our company registered.
In any event, we will continue to adhere to the strictest standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any and all transfers to and from the US and EU.


Data Privacy Framework

#Compliance
Mailgun Technologies, Inc. is currently evaluating its participation and self-certification into the Data Privacy Framework. Please note that the self-certification is voluntary, and the Data Privacy Framework applies nonetheless since July 10, 2023. We will continue to adhere to the strictest of standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any transfers to and from the US and EU.


DORA Compliance

#Compliance
Sinch has written agreements with customers, third parties and sub-contractors that meet or exceed the requirements set forth by DORA. Reporting obligations, notifications, exit strategies, business continuity, and general security requirements are in place to ensure data is protected and available to align with contractual obligations and known regulations (DORA included). This is tested as part of our ISO 27001:2022 audit and SOC 2 annual audits.

We have an addendum to our services agreement that are more tailored to our specific services and the sub-processors used. Please visit https://powerforms.docusign.net/00d7d864-ab6a-43a5-9f0d-46cc2d127f66?env=na3&acct=f41dab26-3adc-4e3d-a829-50cd5536ba58&accountId=f41dab26-3adc-4e3d-a829-50cd5536ba58 if you wish to execute our standard addendum, and you will receive a copy once signed.


Salt Typhoon Impact

#Vulnerabilities
Sinch has taken steps to investigate any impact or vulnerabilities following the Salt Typhoon cyberattack, a sophisticated intrusion linked to foreign state-sponsored actors. We have followed CISA's hardening recommendations including improving visibility, reducing existing vulnerabilities, eliminating common misconfigurations, and limiting the attack surface.

Evaluation of our systems has validated that there is no evidence of any impacts to our organization. The confidentiality, integrity, and availability of our systems remain unharmed. Sinch is committed to protecting your data and has established and implemented administrative, technical, and physical safeguards in place. For further details regarding our security program, please review the information on this Trust Center.


SOC2 Type I for Sinch Messaging API - SMS, Sinch Messaging API - MAD, Nobill, Rialto

#Compliance
Sinch has completed its SOC2 Type I for Sinch Messaging API - SMS, Sinch Messaging API - MAD, Nobill, and Rialto. The report is now available for download from our Trust Center.


2024 Pentests Now Available!

#General
We recently received our 2024 Penetration Tests from our third party provider Abira Security. The reports themselves can be accessed directly from the security portal.


2024 ISO27001 and ISO27701 Certificates now available for Mailgun Technologies Inc.

#Compliance
Updated ISO27001 and ISO27701 Certificates for Mailgun Technologies Inc. are now available for download on the Trust Center.


CISA Alert - Snowflake

#Vulnerabilities
We have reviewed our Snowflake instances to ensure MFA is implemented as recommended and investigations have revealed no indication of compromise.


CISA Alert - Snowflake

#Vulnerabilities
Sinch Mailgun is aware of CISA Alert Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access. We are actively investigating all instances following Snowflakes recommendation to query for unusual activity and conduct further analysis to prevent unauthorized user access. As of now our investigations have revealed no indications of compromise.


CVE-2024-3094 and XZ Upstream Supply Chain Attack

#Vulnerabilities
We have conducted a thorough review of our systems, leveraging multiple security tools and have determined that, currently, none of our systems are affected by CVE-2024-3094.

Should you have any further questions or concerns regarding our security posture or the CVE-2024-3094 vulnerability, please do not hesitate to contact us.


2023 Pentest now available

#Compliance
We recently received our 2023 Penetration Tests from our third party provider Doyensec for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.


Citrix Netscaler Vulnerability (CVE-2023-4966)

#Vulnerabilities
Sinch Mailgun is aware of the recent Citrix Vulnerability (CVE-2023-4966) involving Netscaler. We have evaluated our systems and we are not impacted by the vulnerability mentioned or the relating vulnerabilities in the Citrix article. The confidentiality, integrity, and availability of our systems remain unharmed.


Okta Breach

#Vulnerabilities
Sinch Mailgun is aware of the recent Okta security breach. We want our customers to know that we have not been made aware of any impact from this breach. The confidentiality, integrity, and availability of our systems remain unharmed.


CVE-2023-4863 Libwebp Zero Day Vulnerability

#Vulnerabilities
Sinch Mailgun is aware of the security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. Sinch Mailgun is actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library and implementing remediations where necessary. As of now our investigations have revealed no indications of compromise.


2023 ISO Certificates and SOC 2 Reports now available

#Compliance
We recently received our completed 2023 SOC 2 reports, ISO 27001 and ISO 27701 certifications for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.


MOVEit Vulnerability Impact

#Vulnerabilities
Recently, our security team became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that Sinch Email (Mailgun/Mailjet/EOA/InboxReady) has not been impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.


New Pen-Test released - Mailgun, Mailjet & EoA

#Compliance
2022 Penetration Test released for Mailgun, Mailjet & EoA!


Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities

#Incident
Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities

After careful review of our infrastructure, the Mailgun team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md

Thanks and please reach out with any questions.


Powered by Conveyor, the first end-to-end customer trust platform.
Learn more