Custom AI solutions

While you decide whether AI is right for your business, your competitor answers messages 24/7

We build custom AI solutions for your company so you serve, sell and invoice without adding headcount —and without leaving a single customer unanswered.

Book free diagnosis See how it works

+$1M USD in sales generated for our clients. Book a call and we'll show it working, live.

Vindam · Custom AI solutions

Businesses don't fall behind for lack of customers or bad luck. They fall behind by doing things the way they always have.

Right now customers are messaging: some get an answer in seconds, others are left waiting until tomorrow. The difference is no longer size or budget. It's who decided to automate and who's still waiting.

If you made it this far, it's because you already know which side you want to be on.

What we build

If it can be built with AI, we can build it

Every business needs a different automation. That's why we don't sell closed products: we design yours from scratch and connect it to the tools you already use.

support_agent

AI customer service

Agents that reply, resolve questions, qualify and book on WhatsApp, web and phone. Like your best salesperson, but handling a thousand conversations at once without tiring.

sync

Process automation

The repetitive tasks your team does by hand today (copying data, sending reminders, building reports) run as an automatic flow, with no typing errors.

hub

CRM & integrations, your way

Every lead, conversation and sale is logged in your CRM instantly, with automatic follow-up so no deal goes unattended.

receipt_long

Accounting & admin automation

Invoices, payments, reconciliations and reports that generate and record themselves. Your books up to date without anyone chasing paperwork.

menu_book

AI over your information

A system that reads your documents, catalogs and prices, and answers with your business data. Zero made-up answers.

build

Custom development

If what you need doesn't exist in the market, we build it for you: file processing, automatic reports, whatever your operation requires. It's yours and no one else's.

Not sure what to automate first? That's what the diagnosis is for: we tell you, free.

Tell me what to automate first

See it in action before deciding

Pick a case and watch how your Vindam solution would respond, conversation by conversation —just like your customer would see it.

I want a demo with my data How we work
support_agent

Customer service & support

By industry

Your industry, your pain, your automation

home_work

Real estate

The lead that goes cold

The buyer who messaged about an apartment and waited half an hour is already signing with another agency. Your agent was busy; your competitor had an AI available. It answers in seconds, qualifies the client and books the visit on its own, while your team keeps showing properties. Whoever answers first, sells.

I want to answer first
local_hospital

Clinics

The appointment that never got booked

Every message your front desk can't get to is a patient who books at another clinic and doesn't come back. Your calendar looks full of gaps and you don't know why. The AI answers, books, confirms, reschedules and reminds every appointment so no one misses it.

I want to fill my calendar
shopping_cart

Ecommerce

The 11 p.m. sale

Your customers buy at night and your team works by day. That 11 p.m. sale goes to the store that does answer questions. Our AI replies, recovers abandoned carts and serves when your store "is closed" —which is exactly when most people want to buy.

I want to sell at night too

Don't see your industry? The principle is the same: if your business serves, sells or collects, there's a repetitive process AI can take over for you.

Tell us your case

Why custom

Generic AI sinks you. Custom AI scales.

A good chunk of what's sold as an "AI Solution" is templates put together by teams who aren't AI engineers. They look cheap, but they embarrass you in front of your customers. And internally it's worse: your own team ends up fighting a tool that wasn't designed for how they work.

What does work is building something that understands your operation, speaks like your brand and connects to your systems. That's why we diagnose first and build second. Anything else is throwing money in the trash.

How we work

Three steps, no fine print

No inflated plans or tables with twenty rows: you pay exactly for what your operation needs, after we understand where the problem is.

1

Free diagnosis

In 30 minutes we review your operation and hand you a clear plan of what to automate first, why, and the benefits it will bring.

2

Custom proposal

You get a quote sized exactly to your automation: you pay for what your operation needs, no more, no less.

3

We build and we stay

We implement, integrate and stick with you with ongoing expert support as your operation grows.

Book my free diagnosis

What changes in your business

What you notice when AI starts working

Results you feel in the cash register and in your team's day to day.

savings

You reclaim hours and payroll

The hours your team burned copying data and repeating the same answers go back to your operation. You grow without payroll growing at the same pace.

trending_up

You invoice more

Every lead, appointment and sale is handled in seconds —day, night and holidays— so you stop handing your competitor the sales that used to go cold.

groups

Your team breathes

Your people stop firefighting and repeating the same thing a hundred times: they focus on closing, serving well and moving the cash.

insights

You see everything

Every conversation, sale and payment is logged on its own. You open your CRM and your reports and decide with data, not hunches.

I want these results in my operation

Social proof

Results with a name attached

Here's what the companies already running a VINDAM solution have to say.

E-commerce

“Late-night sales were a real headache. People would ask at 1 a.m. and nobody answered until the next day. Now the bot replies and helps them close the order right there. A beauty.”

Arturo Mejía

Manager

Real estate

“Honestly, we had a pile of unanswered leads that went cold in no time. Now the assistant filters them and books the visits on its own. The client shows up already qualified — I don't waste time.”

Alejandro Soto

Commercial Manager

Clinic

“Missed appointments had our schedule in chaos. With the bot's WhatsApp reminders things changed a lot. Now we can actually plan the day.”

Carolina Vásquez

Dentist

Trusted by

Accion inmobiliaria
Mintic
Upb
Talentotech
Kleanvet
Elitenutrition
Futupro
Toscanasoft

About us

We build the future

We were born from a fortunate collision of young professionals with exceptional backgrounds who refused to settle for the traditional path. We share an obsessive passion for technology and science.

psychology

Radical Curiosity

We don't accept the conventional as best. We deconstruct established processes and rebuild them to work smarter.

bolt

Immediate Action

We don't just theorize — we build and ship.

verified

Technical Excellence

Clean code, strong security and real scalability.

Trajectory

Our history

Feb 2025

The Beginning

We assemble the team with experimental projects. Senior engineers and developers join, driven by a former director of a Colombian military technology division.

Oct 2025

Incorporated in Colombia

We formalized the company and established our first operational base.

Nov 2025

Angel Round

Initial capital secured from a strategic investor focused on science, mathematics and finance.

Feb 2026

Expansion into Mexico

Following rapid adoption of our technology, we officially launched operations in Mexico.

2027

The new standard

Make custom AI the standard for companies across Latin America and the US — not a luxury reserved for a few.

FAQ

What everyone asks before booking

Is it too late to get on board with AI? +

Truly too late is when your competition has pulled so far ahead you can't catch up. Today you still can. You don't have to automate everything at once, just start with what's costing you the most money. In the diagnosis we tell you exactly what that is.

Do you have fixed plans? +

No. Every automation and solution is quoted based on what your operation needs, after the diagnosis. That way you pay exactly for what you use.

How much does it cost and how long does it take? +

We don't publish fixed prices because we don't sell packages: the cost depends on what we automate and how many tools it connects to. That's why the diagnosis is free and ends with a clear figure and timeline, no commitment. It's almost always best to start with the process costing you the most money and grow from there, instead of automating everything at once.

Do I need to know about technology? +

Not at all. We design, build and integrate everything. You see results, not code.

Does it work with the tools I already use? +

Yes. We connect to your CRM, calendar, WhatsApp, ERP and accounting software, or we develop directly inside your ecosystem.

Are my data and my customers' data safe? +

Yes, it's part of the design. Your information stays yours: we work on your own accounts and tools, we encrypt connections and apply only the permissions needed for each task. We don't use your operation's data for anything other than running your solution, and we sign whatever confidentiality agreements your business needs.

What happens after delivery? +

We stay with you: ongoing optimization and expert support as your operation grows. We prefer long relationships over one-off deliverables.

Still have questions?

We'll clear them up in the diagnosis

Book your diagnosis

Your competition isn't waiting for you

Their AI already handles the leads you let go cold and closes the sales you give away every night. This isn't about your competition: it's about an operation that serves, sells and collects on its own.

  • check_circleFree diagnosis
  • check_circle30 min · Google Meet
  • check_circleThe plan is yours even if you don't hire us
Prefer to chat now? Replies in minutes · can hand you to a human
Contact

Let's Talk About Your Business

Tell us about your business and pick a time that works for you.

person

About You

So we can better understand your business.

calendar_month

Pick a Time

30-minute Google Meet call.

You'll receive an email invitation with the Google Meet link.

Or message us on WhatsApp

Blog

Blog Library

Explore our latest articles and insights on Artificial Intelligence and Technology.

Problem / Opportunity

Expert Analysis

Recommended Actions

    Privacy Policy

    VINDAM S.A.S., a commercial company legally constituted and registered with the Cali Chamber of Commerce, under the laws of the Republic of Colombia, identified with NIT 901998930-6, located at Avenida 3ra C norte #42-73, Cali - Valle del Cauca, hereinafter referred to in this document as THE COMPANY, with email ceo.vindam@gmail.com, pursuant to the provisions of current regulations regarding personal data protection, namely Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, and even the new regulatory compendium of Decree 1074 of May 26, 2015, allows itself to bring to the knowledge of the public interest, its clients, employees, allies, collaborators, and suppliers its INFORMATION AND PERSONAL DATA TREATMENT POLICY (PTIDP).

    With this document, the objective is to inform the holders of their personal data, state entities, private entities, and interested third parties, of the treatment that THE COMPANY will give to these when they are in its possession. Likewise, the processes for access to information, claims, requests, complaints, or claims regarding the handling of such information in light of the Constitution, the Law, and Jurisprudence.

    I. APPLICABLE REGULATORY FRAMEWORK

    The legal framework of this PTIDP of THE COMPANY is established primarily in the Political Constitution of Colombia, in its articles 15 and 20, which determine the right to information, liberties, and guarantees of all citizens regarding their personal data. Secondly, the provisions of Statutory Law 1581 of 2012, through which general provisions for the protection of information and personal data are dictated. Thirdly, the regulatory provisions established by the National Government in Decrees 1377 of 2013, Decree 886 of 2014, and even the new Decree 1074 of May 26, 2015; As well as in the Decrees that subsequently became Laws following the framework of the Pandemic generated by COVID-19 such as Law 2213 of 2022.

    II. OBJECT

    This PTIDP complies with articles 17 and 18 of Law 1581 of 2012, as well as what is determined by articles 2.2.2.25.3.1, 2.2.2.25.3.2, and 2.2.2.25.3.3 of Decree 1074 of 2015. In this sense, the object of this document or the regulations stipulated here is to establish the parameters for the handling of personal data by VINDAM S.A.S. and that, in turn, all holders, State entities, private companies, or interested third parties have full knowledge of the treatment and, in the case of holders or authorities, the purposes given to their data once obtained by any of our dependencies.

    III. DEFINITIONS AND CONCEPTS

    • Authorization: Prior, express, and informed consent supplied by the holder of the information and personal data, which may be granted to THE COMPANY so that it can develop the purposes established in its PTIDP.

    • Database: The organized set of personal data that will be subject to treatment by THE COMPANY, taking into account what is established in the PTIDP.

    • Sensitive data: Sensitive data must be understood as established in Article 5 of Law 1581 of 2012, that is, those data that affect the privacy of the holders or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual and reproductive life, and biometric data.

    • Personal data: Understood as any information linked or that can be associated with one or several specific or determinable natural persons.

    • Public data: Understood as public data that which is not consecrated by the constitution or the law as semi-private, private, or sensitive. That is, among others, those relating to the civil status of persons, their profession, trade, and their quality as a merchant or public servant are considered public data. In general, any data that can be obtained without any reservation. Public data may be contained, among others, in public records, public documents, gazettes, and official bulletins, as well as in duly executed judicial sentences that are not subject to reservation by express legal provision.

    • Responsible for the treatment: Must be understood as any natural or legal person, public or private, who by itself or in association with others, decides on the databases and/or the treatment of personal data. Taking into account this PTIDP, the responsible for the treatment is THE COMPANY, by itself.

    • Person in charge of the treatment: Will be understood as any natural or legal person, public or private, who by itself or in association with others, carries out the treatment of personal data on behalf of the responsible for the treatment. In this case and in accordance with this Information and Personal Data Treatment Policy, the person in charge is THE COMPANY by itself; or third parties it delegates for these purposes.

    • Holder: Understood as any natural or legal person whose personal data is subject to treatment in the databases handled and administered by THE COMPANY.

    • Treatment: Must be understood as any operation or set of operations on personal data such as collection, storage, use, circulation, or deletion developed by THE COMPANY always in light of this PTIDP.

    • Transfer: Understood as the transfer of data between the responsible and/or person in charge of the treatment of personal data, located in Colombia, with a recipient outside the country who in turn will act through their respective responsible or person in charge.

    • Transmission: Understood as a modality of treatment of information and personal data that implies the communication of the same, internally within THE COMPANY or with external third parties, within or outside the territory of the Republic of Colombia, when its purpose is the realization of treatment activities by the person in charge who will receive them; However, all transmission must be done with the authorization of the responsible party.

    • Privacy notice: Understood as the verbal or written communication generated by the responsible for the treatment, directed to the holder of the information and personal data, through which they are informed about the existence of the PTIDP of THE COMPANY that will be applicable to them, the way to access them, and the purposes of the treatment intended to be given to their personal data and information by THE COMPANY.

    GUIDING PRINCIPLES OF THE PTIDP OF VINDAM S.A.S.

    • Principle of legality: The treatment referred to in Law 1581 of 2012 is a regulated activity that must be subject to what is established therein, Decree 1074 of 2016, Law 2213 of 2022, and other norms that develop, modify, or add to them.

    • Principle of purpose: The treatment must obey one or several legitimate purposes according to the Constitution and the Law, which must be informed to the holder.

    • Principle of freedom: The treatment can only be exercised with the prior, express, and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.

    • Principle of Truthfulness or Quality: The information subject to treatment must be truthful, complete, exact, updated, verifiable, and understandable. The treatment of partial, incomplete, fractioned, or misleading data is prohibited.

    • Principle of transparency: In the treatment, the right of the holder to obtain from our company, at any time and without restrictions, information about the existence of data concerning them must be guaranteed.

    • Principle of Access and Restricted Circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the Law, and the Constitution. In this sense, the treatment may only be done by persons authorized by the holder and/or by the persons provided for in the Law. Personal data, except public information, may not be available on the Internet or other means of mass disclosure or communication, unless access is technically controllable to provide restricted knowledge only to the holders or authorized third parties in accordance with the law.

    • Principle of security: The information subject to treatment by THE COMPANY must be handled with the technical, human, and administrative measures necessary to provide security to the records, preventing their adulteration, loss, consultation, use, or unauthorized or fraudulent access.

    • Principle of Confidentiality: All persons involved in the treatment of personal data that do not have the nature of public are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks that comprise the treatment, being able only to supply or communicate personal data when this corresponds to the development of the activities authorized in the Law and in the terms thereof.

    IV. SCOPE OF APPLICATION.

    The PTIDP will be applicable to the treatment that all officials, collaborators, workers, allies, and shareholders of THE COMPANY must give to the information and personal data administered by it. However, branches, subsidiaries, and third parties, to which by virtue of the purposes of the databases, have access to them, must also proceed in accordance with what is established by the parameters of this PTIDP and in what is not provided therein to what is established in the Political Constitution of Colombia, Laws, and Jurisprudence. All the foregoing without prejudice to the legal and regulatory precepts that regulate these procedures generally in Colombia.

    V. PURPOSE OF THE TREATMENT OF INFORMATION AND PERSONAL DATA

    Through this PTIDP that regulates the treatment that will be given to personal data and information by the company, it is guaranteed that the information and personal data collected and administered by VINDAM S.A.S will be solely and exclusively for the development of activities directly linked to the corporate purpose of THE COMPANY. Specifically the following purposes:

    • Accounting, fiscal, and administrative management - Management of collections and payments;
    • Accounting, fiscal, and administrative management - Billing management;
    • Marketing;
    • Commercial distribution activities related to the purchase and sale of its services;
    • Advertising and commercial prospecting - Own advertising;
    • Advertising and commercial prospecting - Market segmentation;
    • Advertising and commercial prospecting - Decision support systems;
    • Data migrations and management thereof, without access to them;

    VI. RIGHTS OF THE HOLDERS OF THE PTIDP.

    In accordance with Article 8 of Statutory Law 1581 of 2012, which establishes the rights of data holders, THE COMPANY guarantees through this PTIDP, the exercise of the following rights of holders among others:

    • Request proof of the authorization granted to THE COMPANY in its capacity as responsible and in charge of the treatment, except when expressly excepted as a requirement for treatment, in accordance with the provisions of Article 10 of Law 1581 of 2012.

    • Be informed by THE COMPANY, in its capacity as responsible and in charge of the treatment, upon request, regarding the use that has been given to their personal data.

    • File complaints with the Superintendence of Industry and Commerce for violations of the provisions of the PTIDP, Law 1581 of 2012, and other norms that modify, add, or complement it once the requirement of procedibility established in this PTIDP has been exhausted.

    • Revoke the authorization and/or request the deletion of the personal data when in the treatment of those that THE COMPANY does not respect constitutional and legal principles, rights, and guarantees. In any case, said revocation and/or deletion will proceed only when the Superintendence of Industry and Commerce has determined that, in the development of treatment activities, the company has incurred in conduct contrary to Law 1581 of 2012 and the National Constitution of the Republic of Colombia.

    VII. THE EXERCISE OF THE RIGHTS OF THE HOLDERS OF THIS POLICY.

    Taking into account what is established in article 2.2.2.25.4.1 of the Single Regulatory Decree 1074 of 2015, the rights of the holders of personal data and information may be exercised by the people mentioned below:

    • By the respective holder, who must prove their identity sufficiently by the different means made available by the responsible party.
    • By their successors, who must prove such quality.
    • By the representative and/or attorney of the holder, prior accreditation of the representation or power of attorney.
    • By stipulation in favor of another or for another.
    • Given the case where the holder of the information is a minor, their rights may be exercised only by the persons who, in accordance with the law, are empowered to represent them.

    VIII. AUTHORIZATION BY THE HOLDERS OF INFORMATION AND PERSONAL DATA

    THE COMPANY allows itself to accredit that any activity of collection, conservation, use, handling, updating, correction, deletion and in general, any activity through which it is intended to obtain and/or treat personal data and information owned by third parties, must be carried out through prior, express, and free authorization from their respective holders. With the granting of authorization by the holder for the collection and treatment of information and personal data, it will be understood that they have read this PTIDP or failing that, they were previously informed through the privacy notice that it is published in the access links and on the website of THE COMPANY and that it can be consulted at any time and by any person without any type of restriction.

    Likewise, through the authorization for the conservation, administration, collection, and treatment of information and personal data, the holder declares that such data and information are truthful, complete, exact, updated, verifiable, understandable, and correspond to the current reality for the moment they are supplied.

    THE COMPANY will have available to all holders of information and personal data subject to treatment, the document through which they granted the respective authorization, with the sole purpose that they can access it upon request for the purpose of proving the means and the date on which it was granted. The authorization granted by the information holder may be in writing, whether in a physical, digital document, or on magnetic media, as well as in audio files, online data storage technological platforms, or in any other suitable and apt means to prove the existence of the holder's consent and authorization for the treatment of their personal data.

    Law 1581 of 2012 in Article 10 establishes that the authorization of the holder will not be necessary when it comes to:

    1. Information required by a public or administrative entity in the exercise of its legal functions or by court order.
    2. Data of a public nature or domain.
    3. Cases of medical or sanitary urgency.
    4. Information treatment authorized by law for historical, statistical, or scientific purposes.
    5. Data related to the civil registration of persons.

    In light of what is established in articles 8 and 9 of Law 1581 of 2012, the holders of information or personal data may at any time request the deletion of their data and/or revoke the authorization granted to THE COMPANY for its treatment. In accordance with article 2.2.2.25.2.8 of the Single Regulatory Decree 1074 of 2015, the request for deletion of information and the revocation of authorization will not proceed when the holder thereof has a legal or contractual duty to remain in the database. Once the request is filed through the channels established in this PTIDP and THE COMPANY has not made any response or failing that has not deleted the data of the claimant holder, they will be fully entitled to go to the Superintendence of Industry and Commerce so that said entity, using its sanctioning and jurisdictional powers (article 22 law 1581 of 2012), orders THE COMPANY the deletion and/or revocation of the authorization deprecated by the holder.

    By virtue of what is regulated in the first paragraph of article 6 of Law 1581 of 2012, the treatment of sensitive personal data is prohibited as a general rule. However, in accordance with literal d) of the mentioned provision, the treatment of said data is allowed when it occurs by virtue of the purposes they have, that is, when these are directly linked to a specific objective they are permitted, in this case, it is the recognition, exercise, or defense of a right in a judicial process.

    In this sense, taking into account that within the corporate purpose of THE COMPANY is the provision of services or advice, the treatment of sensitive data is allowed, since data relating to health, sexual orientation, may be used for the exercise of rights and the protection of fundamental freedoms and prerogatives established in the political constitution.

    In light of what is established in article 2.2.2.25.2.3 of the Single Regulatory Decree 1074 of 2015, THE COMPANY will request express and written authorization from the holder of the sensitive data to consent to its treatment, prior verifiable communication of the following determinations:

    1. That they are not obliged to authorize the treatment of sensitive data as long as it is not their will.
    2. That responding to any question or questioning that THE COMPANY makes in relation to their sensitive personal data is optional.
    3. Which of their sensitive data will be subject to treatment by THE COMPANY and for what purpose.
    4. That all information regarding sensitive data provided to collaborators and dependents will be covered by the commercial professional secrecy that THE COMPANY must keep in the terms of law, and that appropriate and suitable measures will be used for its protection.

    THE COMPANY'S PTIDP recognizes that data pertaining to minors, as established in Article 7 of 1581 of 2012 regarding children and adolescents, are highly sensitive and their treatment is prohibited. However, in those cases where they are of public knowledge, their treatment is legally permitted, or when required to guarantee their fundamental rights.

    In this sense, THE COMPANY guarantees that it will refrain from treating private and semi-private data in which the holder is a minor, without it being absolutely necessary. Now, for said treatment, the authorization of the minor's representative will be required in the terms established by law and this PTIDP.

    THE COMPANY, through this PTIDP and by virtue of Law 1581 of 2012, guarantees that the information contained in its database will be used correctly, for lawful purposes and keeping the habeas data right protected by the Political Constitution harmless.

    The treatment of the personal data described above by the company will be circumscribed solely to the activities of collection, storage, and use of said information with the purposes established above.

    THE COMPANY guarantees all holders of information and personal data that it will not be used for purposes other than those respectively authorized by their holders in the authorization documents, that it will not be marketed to third parties under any figure, nationally or internationally, without prior express authorization by the holders.

    However, it is pertinent to highlight that without prejudice to the holder of the data manifesting their intention to revoke the authorization given to THE COMPANY for the conservation of their data, by virtue of a legal or contractual obligation, the data must be preserved, said revocation will not have the pertinent effects.

    IX. SECURITY, CUSTODY, CARE, AND SAFEGUARD POLICY OF PERSONAL DATA.

    The security, custody, care, and safeguard policy of personal data at VINDAM S.A.S aims primarily to guarantee the comprehensive protection of the personal information of its clients and employees. This is achieved through the implementation of rigorous security measures, both technological and organizational.

    To guarantee the security and confidentiality of the information, VINDAM S.A.S. supports its technological infrastructure on services from globally recognized providers for their high security standards:

    1. **Security in hosting and data transmission**: Our services are hosted on secure infrastructures (Hostinger), and all communications and information transfers are made using the secure protocol **HTTPS (SSL/TLS)**. This ensures that data travels encrypted between the user and our servers, protecting them from unauthorized interception.

    2. **Database Security (Supabase / PostgreSQL)**: For the storage of personal data, we use **Supabase**, a platform built on PostgreSQL, one of the most robust and secure databases in the world. We implement:
    * **Encryption at rest**: Stored data is encrypted, guaranteeing that, even in the unlikely event of physical access to disks, the information remains unreadable without the corresponding keys.
    * **Access Control (Row Level Security)**: We use Row Level Security (RLS) policies to ensure that each user can only access the information corresponding to them, preventing unauthorized cross-access.
    * **Secure Authentication**: Access to database administration is restricted and protected by robust authentication mechanisms.

    3. **Vulnerability Management and Updates**: THE COMPANY keeps its systems and libraries updated to mitigate known vulnerabilities. We perform periodic security reviews in accordance with best web development practices.

    All these technical measures are complemented by internal administrative policies that restrict access to personal data solely to authorized personnel who require it for the fulfillment of their duties, who are obliged to maintain strict confidentiality.

    X. DEPARTMENT RESPONSIBLE FOR INQUIRIES, PETITIONS, COMPLAINTS, AND CLAIMS OF HOLDERS

    THE COMPANY has designated the Administrative Area to attend immediately and adequately to the petitions, complaints, claims, and requests raised by holders to it. For this purpose, Telephone (+57) 3147896054 was enabled; or email ceo.vindam@gmail.com, where general information will be provided to personal data holders or their representatives and they can update, correct, rectify, and request any novelty regarding information and personal data, including revoking the authorization granted for treatment.

    The physical address was also enabled, filing your request in person at the address Avenida 3ra C norte #42-73, Cali - Valle del Cauca. In the terms of article 13 of Law 1581 of 2012, information and personal data may be Supplied, upon written request for the purpose, to the following persons:

    1. To the respective holders, their successors, or their legal representatives.
    2. To public or administrative entities in the exercise of their functions.
    3. To third parties who have been expressly authorized by the data holder or who by express legal provision are empowered to request the information.

    XI. PROCESS TO RESOLVE PETITIONS, COMPLAINTS, AND CLAIMS

    Giving scope to what is established in Law 1581 of 2012, in its Article 14 and what is established in the previous section of this PTIDP, THE COMPANY will have a maximum term of TEN (10) business days counted from the day following its filing, to answer each and every one of the inquiries that have been filed by the holders or their successors through any of the means established in the previous section and of which there is proof.

    These inquiries must be about or directed to consult or know the personal information that is subject to treatment by THE COMPANY. Given the case that it is not possible to attend the inquiry within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their inquiry will be attended, a term that may not exceed five (5) business days following the expiration of the first term. Secondly, in compliance with the provisions of Article 15 of Law 1581 of 2012, THE COMPANY allows itself to communicate to all interested parties and holders of data treated by it, that regarding requests not related to an inquiry of the information subject to treatment or that enshrine a claim regarding correction, updating, or deletion, or when they notice the alleged breach of any of the duties of this PTIDP or Law 1581 of 2012, the term to respond will be fifteen (15) business days, counted from the day following its filing.

    All claims must be formulated in writing to the email ceo.vindam@gmail.com.

    A) EMAIL FOR PERSONAL DATA PROTECTION

    Complying with what is established by Law 1581 of 2012, Law 2213 of 2022, and its regulatory decrees, THE COMPANY has made available to all interested parties the email ceo.vindam@gmail.com for all inquiries, petitions, complaints, or claims derived from the treatment given to information and personal data.

    B) PROCEDIBILITY REQUIREMENT

    In accordance with what is established in Article 16 of Law 1581 of 2012, its regulatory decrees and what is established in this PTIDP, holders are warned that the inquiry or claim before THE COMPANY constitutes a requirement of procedibility to file a complaint before the Superintendence of Industry and Commerce.

    XII. VALIDITY OF THIS POLICY.

    This PTIDP governs from October fifteen (15) of the year two thousand and twenty-five (2025) and indefinitely, that is, its content obliges THE COMPANY, its workers, collaborators, external advisors, shareholders, and any external or internal third party that has a relationship with the treatment of information and personal data.

    To provide publicity to this PTIDP, it will be published through a hyperlink, being available immediately and sustained during its validity, on the official website of THE COMPANY: https://vindam.com/.

    THE COMPANY reserves the right to make modifications, adjustments, and/or updates to the content of its PTIDP in any of its sections.

    Cookies Policy

    What are cookies?

    Cookies are files that can be downloaded to your computer through web pages. They are tools that play an essential role for the provision of numerous information society services. Among others, they allow a web page to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information obtained, they can be used to recognize the user and improve the service offered.

    Types of cookies

    Depending on who is the entity that manages the domain from where the cookies are sent and processes the data obtained, two types can be distinguished:

    Own cookies: those that are sent to the user's terminal equipment from a computer or domain managed by the editor itself and from which the service requested by the user is provided.

    Third-party cookies: those that are sent to the user's terminal equipment from a computer or domain that is not managed by the editor, but by another entity that processes the data obtained through the cookies. In the event that cookies are installed from a computer or domain managed by the editor itself but the information collected through them is managed by a third party, they cannot be considered as own cookies.

    There is also a second classification according to the period of time they remain stored in the client's browser, which may be:

    Session cookies: designed to collect and store data while the user accesses a web page. They are usually used to store information that is only interested in keeping for the provision of the service requested by the user on a single occasion (e.g. a list of products purchased).

    Persistent cookies: the data remains stored in the terminal and can be accessed and processed during a period defined by the person responsible for the cookie, and which can range from a few minutes to several years.

    Finally, there is another classification with five types of cookies according to the purpose for which the data obtained is processed:

    Technical cookies: those that allow the user to navigate through a web page, platform or application and the use of the different options or services that exist in it, such as, for example, controlling traffic and data communication, identifying the session, accessing parts of restricted access, remembering the elements that make up an order, carrying out the purchase process of an order, making the application for registration or participation in an event, using security elements during navigation, storing content for the dissemination of videos or sound or sharing content through social networks and integrated chat.

    Personalization cookies: allow the user to access the service with some predefined general characteristics based on a series of criteria in the user's terminal such as the language, the type of browser through which the service is accessed, the regional configuration from where the service is accessed, etc.

    Analysis cookies: allow the person responsible for them to monitor and analyze the behavior of the users of the websites to which they are linked. The information collected through this type of cookies is used in the measurement of the activity of the websites, application or platform and for the elaboration of navigation profiles of the users of said sites, applications and platforms, in order to introduce improvements based on the analysis of the usage data made by the users of the service. Vindam.com uses **Google Analytics** for these purposes.

    External social network cookies and Chat: they are used so that visitors can interact with the content of different social platforms (Facebook, YouTube, Twitter, LinkedIn, etc.) and allow the operation of the integrated chat service.

    The conditions of use of these cookies and the information collected is regulated by the privacy policy of the corresponding social platform or service provider.

    Deactivation and elimination of cookies

    You have the option to allow, block or delete the cookies installed on your computer by configuring the browser options installed on your computer.

    By disabling cookies, some of the available services may no longer be operational. The way to disable cookies is different for each browser, but it can usually be done from the Tools or Options menu.

    You can also consult the browser's Help menu where you can find instructions. The user may at any time choose which cookies they want to work on this website.

    You can allow, block or delete the cookies installed on your computer by configuring the browser options installed on your computer:

    Microsoft Internet Explorer or Microsoft Edge: http://windows.microsoft.com/es-es/windows-vista/Block-or-allow-cookies

    Mozilla Firefox: http://support.mozilla.org/es/kb/impedir-que-los-sitios-web-guarden-sus-preferencia

    Chrome: https://support.google.com/accounts/answer/61416?hl=es

    Safari: http://safari.helpmax.net/es/privacidad-y-seguridad/como-gestionar-las-cookies/

    Opera: http://help.opera.com/Linux/10.60/es-ES/cookies.html

    In addition, you can also manage the cookie store in your browser through tools such as the following:

    Ghostery: www.ghostery.com/

    Your online choices: www.youronlinechoices.com/es/

    Cookies used on vindam.com

    Below are the cookies that are being used on this portal as well as their typology and function:

    Acceptance of the Cookies Policy

    Vindam.com assumes that you accept the use of cookies. However, it displays information about its Cookies Policy at the bottom or top of any page of the portal with each login in order for you to be aware.

    Given this information, it is possible to carry out the following actions:

    Accept cookies. This notice will not be displayed again when accessing any page of the portal during this session.:

    Close. The notice is hidden on this page.:

    Modify your configuration. You can obtain more information about what cookies are, know the Cookies Policy of Vindam.com and modify your browser settings.:

    Habeas Data Manual

    MANUAL OF POLICIES AND PROCEDURES FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA AND ATTENTION TO REQUESTS, INQUIRIES, AND CLAIMS (HABEAS DATA MANUAL)

    VINDAM S.A.S., a commercial company legally constituted and registered with the Cali Chamber of Commerce, under the laws of the Republic of Colombia, identified with NIT 901998930-6, located at Avenida 3ra C norte #42-73, Cali - Valle del Cauca, hereinafter referred to as "THE CONTROLLER", issues this Manual in compliance with Law 1581 of 2012 and Single Regulatory Decree 1074 of 2015, regarding the personal data protection regime, with the purpose of guaranteeing that the processing of personal data is carried out in strict compliance with applicable regulations, safeguarding the rights of consumers, users, and other natural persons whose data is subject to processing, collectively referred to as "HOLDERS" and indistinctly as "THE HOLDER".

    I. PURPOSE AND CONTACT

    This Manual aims to establish the internal policies and procedures for the protection and processing of personal data by VINDAM S.A.S., as well as the mechanisms for attending petitions, inquiries, complaints, and claims (PQR) from Holders, pursuant to the provisions of Statutory Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, Decree 1074 of 2015, and Law 2213 of 2022.

    Any petition, inquiry, complaint, or claim may be sent to the email: legal@vindam.com

    Controller identification:
    - Company name: VINDAM S.A.S.
    - Tax ID (NIT): 901998930-6
    - Address: Avenida 3ra C norte #42-73, Cali - Valle del Cauca, Colombia
    - PQR email: legal@vindam.com
    - Website: https://vindam.com/

    II. AGE OF MAJORITY

    No collection or processing of personal data of children or adolescents will be carried out, as the website, its content, and the services offered by VINDAM S.A.S. are exclusively directed at adults.

    Any suspicion that a Holder is a minor will result in the denial of service, blocking of the email, and immediate deletion of other personal data (real or not) that the Holder has supplied.

    III. TYPES OF DATA COLLECTED

    For registration on the website, requesting information, acquiring services, or product demonstrations by VINDAM S.A.S., Holders are required to provide the following personal data:

    1) First and last names.
    2) Email address.
    3) Company or organization name.
    4) Telephone country code and phone number.
    5) Job function or title.
    6) Country of residence.
    7) Free-text messages (specific inquiries or requests).

    IV. PROCESSING AND PURPOSES

    The processing of Holders' personal data includes collection, storage, administration, use, and deletion in the manner permitted by Law and in accordance with the following purposes:

    1. Verify that Holders are adults, including possible comparisons of information with public databases.
    2. Maintain communication with Holders regarding products and services offered by VINDAM S.A.S.
    3. Manage and execute product demonstrations, including activation of artificial intelligence chatbots and callbots.
    4. Initiate and conduct automated telephone calls through artificial intelligence agents as part of the callbot service offered by VINDAM S.A.S.
    5. Offer and promote, by any means, products and services of THE CONTROLLER, or third parties having a legal link with THE CONTROLLER, including conversational automation solutions powered by artificial intelligence.
    6. Maintain information on requests, petitions, complaints, and claims presented by Holders regarding activities developed by THE CONTROLLER.
    7. Perform statistical, demographic, and market analysis to improve the products and services offered.
    8. Comply with contractual obligations agreed with the Holders.
    9. Accounting, fiscal, and administrative management, including billing, collections, and payments.
    10. Comply with legal, judicial, or administrative requirements.

    THE CONTROLLER has the obligation to maintain the confidentiality of personal data subject to processing and may only disclose them by express request of surveillance and control entities and authorities having the legal power to request it, and will allow at all times and free of charge to know, update, and correct the personal information of the Holder in accordance with Article 8 of Law 1581 of 2012.

    In development of the principle of purpose, the collection of personal data is limited to those personal data that are pertinent and adequate to fulfill the purposes expressed in this Manual. Except in cases expressly provided by Law, personal data may not be collected without authorization from the Holder.

    V. PRINCIPLES FOR PERSONAL DATA PROCESSING

    In the development, interpretation, and application of this Manual, the following principles will be applied harmoniously and integrally:

    1. Principle of legality in data processing: The processing referred to in this Manual is a regulated activity that must be subject to what is established in the Law and other provisions developing it.

    2. Principle of purpose: Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.

    3. Principle of freedom: Processing can only be exercised with the prior, express, and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate relieving consent.

    4. Principle of truthfulness or quality: Information subject to processing must be true, complete, exact, updated, verifiable, and understandable. Processing of partial, incomplete, fractioned, or misleading data is prohibited.

    5. Principle of transparency: Processing must guarantee the right of the Holder to obtain from THE CONTROLLER, at any time and without restrictions, information about the existence of data concerning them.

    6. Principle of restricted access and circulation: Processing is subject to limits derived from the nature of personal data, provisions of the Law, and the Constitution. In this sense, processing may only be done by persons authorized by the Holder and/or by persons provided for in the Law. Personal data, except public information, may not be available on the Internet or other means of mass disclosure or communication, unless access is technically controllable to provide restricted knowledge only to Holders or third parties authorized according to Law.

    7. Principle of security: Information subject to processing by THE CONTROLLER must be handled with technical, human, and administrative measures necessary to grant security to records avoiding their adulteration, loss, consultation, use, or unauthorized or fraudulent access.

    8. Principle of confidentiality: All persons intervening in the processing of personal data that do not have the nature of public are obliged to guarantee the reservation of information, even after their relationship with any of the tasks comprising the processing has ended, being able only to supply or communicate personal data when this corresponds to the development of activities authorized in the Law.

    VI. PROCESSING OF SENSITIVE DATA

    In accordance with Article 5 of Law 1581 of 2012, sensitive data are those that affect the privacy of the Holder or whose improper use can generate discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations, or that promote interests of any political party or guarantee rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.

    VINDAM S.A.S. does not collect or process sensitive data through its website or its registration and service request forms.

    VII. RIGHTS OF HOLDERS

    Holders of personal data or their successors have the following rights:

    1. Receive information about: (i) the processing to which their personal data will be subjected and its purpose, (ii) the optional character of answers to questions regarding sensitive data, (iii) the rights assisting them as a Holder, and (iv) the identification, physical or electronic address, and telephone of THE CONTROLLER.

    2. Obtain from THE CONTROLLER, at any time and without restrictions, information about the existence of data concerning them.

    3. Be informed by THE CONTROLLER, upon request, regarding the use given to their personal data.

    4. Request proof of authorization granted to THE CONTROLLER except when expressly excepted as a requirement for processing, in accordance with Article 10 of Law 1581 of 2012.

    5. That their personal data not be disclosed without prior authorization, except legal or judicial mandate relieving such consent.

    6. Receive free of charge all information contained in the individual record or linked to the identification of the Holder, when the Holder or their successors so request through channels arranged for this purpose by THE CONTROLLER.

    7. Access their personal data and exercise their rights over them through mechanisms arranged for this purpose by THE CONTROLLER.

    8. Consult their personal data free of charge: (i) at least once every calendar month, and (ii) every time there are substantial modifications to information processing policies; all through mechanisms arranged for this purpose by THE CONTROLLER.

    9. Receive a response to all inquiries made about their personal data within legal terms and in any case, in a term not exceeding fifteen (15) business days, in terms provided in Article 14 of Law 1581 of 2012.

    10. Receive a response to all claims made about their personal data within legal terms and in any case, in a term not exceeding twenty-three (23) business days, in terms provided in Article 15 of Law 1581 of 2012.

    11. Request update and/or rectification of their personal data to THE CONTROLLER.

    12. Revoke authorization and/or request deletion of their personal data, through PQR procedures arranged for this purpose by THE CONTROLLER. The Holder may not revoke authorization and/or request deletion of their personal data when they have a legal or contractual duty to remain in the database.

    13. Be informed about any substantial change, referring to the identification of THE CONTROLLER or the purpose of processing, in the content of processing policies, before or at the latest at the moment of implementing new policies.

    14. File complaints with competent authorities for infringements of the Law.

    VIII. PROCEDURE FOR EXERCISE OF RIGHTS BY HOLDERS

    Holders of personal data must direct their requests or claims to the email: legal@vindam.com

    1. Procedure for inquiries: THE CONTROLLER must address inquiries within a term of ten (10) business days counted from the date the request is received. When it is not possible to comply with this time, the interested party must be informed expressing the reasons for delay and the date their request or inquiry will be addressed, in a term not exceeding five (5) business days following the expiration of the first term.

    2. Procedure in case of claims: The Holder or successor considering that information contained in a database should be corrected, updated, or deleted, or when noticing alleged non-compliance with any duties contained in the Law or this Manual, may file a claim to THE CONTROLLER, which will be processed under the following rules:

    3. The claim must be formulated with the identification of the Holder, description of facts giving rise to the claim, address, and accompanying documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days following receipt thereof to remedy faults. After two (2) months from the date of request, without the applicant presenting required information, it will be understood that the claim has been abandoned.

    4. Once the complete claim is received, a legend saying "claim in process" and the reason thereof will be included in the database, in a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided.

    5. The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of reasons for delay and date their claim will be addressed, which in no case may exceed eight (8) business days following expiration of the first term.

    6. Procedure for revocation of authorization and/or request for data deletion: Holders may at any time request THE CONTROLLER to delete their personal data and/or revoke authorization granted for processing thereof, by filing a claim, according to Article 15 of Law 1581 of 2012, Article 2.2.2.25.2.6 of Decree 1074 of 2015, and the procedure indicated in this Manual.

    If the respective legal term expires and THE CONTROLLER has not eliminated personal data, the Holder will have the right to request the Superintendency of Industry and Commerce to order revocation of authorization and/or deletion of personal data.

    However, according to Articles 2.2.2.25.2.6 and 2.2.2.25.2.8 of Decree 1074 of 2015, the request for deletion of information and revocation of authorization will not proceed when the Holder has a legal or contractual duty to remain in the database.

    IX. TEMPORAL LIMITATIONS TO PERSONAL DATA PROCESSING

    THE CONTROLLER may only collect, store, use, or circulate personal data for a reasonable and necessary time, according to purposes justifying processing, attending to applicable provisions and administrative, accounting, fiscal, legal, and historical aspects of information.

    Once the purpose(s) of processing is fulfilled, THE CONTROLLER will proceed to delete personal data in their possession. However, personal data must be kept when required for compliance with a legal or contractual obligation.

    X. VALIDITY

    The validity period of the database will be indefinite.

    This Manual enters into force from February 20, 2026.

    VINDAM S.A.S. reserves the right to make modifications, adjustments, and/or updates to the content of this Manual in any of its sections, which will be communicated to the Holders through the means arranged for such purpose.

    Consumer Protection Authority

    Consumer Protection Authority
    In compliance with the provisions of Law 1480 of 2011 (Consumer Statute), users are informed that, if they consider their rights as consumers violated, they may file a complaint or claim with the competent authority in the Republic of Colombia.

    Superintendency of Industry and Commerce (SIC)
    Official website: https://www.sic.gov.co
    National consumer hotline: 01 8000 910165

    The foregoing is understood without prejudice to previously exhausting the service channels arranged by this website, through the emails legal@vindam.com and support@vindam.com
    SIC - Superintendencia de Industria y Comercio www.sic.gov.co
    check_circle