The answers a buyer needs before paying

simiriki is an operational-infrastructure platform for Microsoft 365 focused on Mexican mid-market companies. It operates Microsoft 365 (Defender, Sentinel, Purview, Power Platform) that your business already licenses — configuring, automating, and maintaining those tools with 197 detection rules, 69 remediation playbooks, and regulatory mapping to LFPDPPP / CNBV / NOM-024. It does not replace Microsoft 365; it operates it consistently.

The free scan connects your Microsoft 365 tenant via read-only OAuth, runs the 197 detection rules in under 90 seconds, calculates an sIPO score (0–100) with grade A+ to F, and delivers a 3-page PDF Posture Brief. No credit card required. The OAuth consent is strictly read-only — no rule writes to your tenant.

Production data is stored in Azure region East US 2 with at-rest encryption (Microsoft-managed keys, optional customer-managed key on Business+). Scan results, findings, and monthly memos live in a dedicated Azure PostgreSQL instance. Access always through Entra ID identity, never via stored customer tokens. Retention and deletion follow your policy — all information is exportable in standard JSON format for portability.

Not for the free scan, the productised Auditoría, or the Starter / Pro tiers. Any Microsoft 365 Business Standard tenant or higher works. For the Business tier and for the S.O.S retainer we do recommend E5 so the engagement uses the full Defender XDR + Microsoft Sentinel stack. If your current licensing is ambiguous, we'll confirm at no cost during the first scan.

Yes. We issue CFDI 4.0 automatically within 24 business hours after every payment via Facturapi (native SAT integration). The XML + PDF land in the buyer's email and the receiving RFC. Pro and higher tiers also include a customer-facing emission module (not just invoicing to simiriki). Supported voucher types: Ingreso, Egreso, Traslado, Pago. Default uso CFDI G03 (general expenses), adjustable in intake.

No. All prices listed on /precios, /audit, and /sos are in Mexican pesos before IVA. The 16% rate is invoiced separately (source: Ley del IVA, Art. 1, Mexico). Every CFDI we issue reflects the subtotal + IVA explicitly on the transferred-tax line.

Stripe (card) is the self-service method for Auditoría, Starter, Pro. For Enterprise and annual retainers (≥ $600,000 MXN/year), we accept SPEI with Net-30 terms through the admin workflow (W4-B). The /agenda intake surfaces the terms applicable to the selected tier.

Seven-day satisfaction guarantee. If the report does not deliver what was promised (197 rules evaluated, mappings to published frameworks, prioritised remediation plan), we refund 100% no questions asked. The guarantee applies to the $19,900 MXN productised offering and the $39,800 MXN Ejecutivo tier.

Yes. Monthly with no commitment. From /portal/billing you can cancel with one click; service continues until the end of the billed period. The annual discount (17%) requires upfront payment, but on cancellation you receive prorated credit for the remaining months (applicable against future invoices, not a cash refund). Your data remains available for 90 days for export.

Yes. 12-month minimum to ensure the full deployment (the first 12 weeks are implementation; your operational return begins after that). After the initial year you can cancel with 30 days notice, no post-contract penalty.

Each rule maps to one or more primary sources: CIS Microsoft 365 Foundations Benchmark v3.0 (L1 + L2), CISA Cross-Sector Cybersecurity Performance Goals, CISA SCuBA / ScubaGear (baselines applied to US federal agencies), NIST CSF 2.0, NIST 800-53, Microsoft Cloud Security Benchmark. For the Mexican context: LFPDPPP Art. 19 (security measures), CNBV Circular Única Art. 168 Bis 11 (3-year log retention, 10-year immutable incident archive), NOM-024 where applicable. The rule-by-rule SCuBA mapping is published in docs/SCUBAGEAR_MAPPING.md.

Yes. simiriki S.A. de C.V. operates under the Federal Personal Data Protection Act. We publish a privacy notice at /privacidad, a DPA available at /dpa, retain personal data per customer policy, and provide ARCO rights (Access, Rectification, Cancellation, Opposition) — requests to hola@simiriki.com answered within 20 business days.

Yes. Microsoft Partner One ID 6972092. The methodology and 9 active connectors are built on Microsoft Graph + Azure Resource Manager APIs, with licensing and implementation aligned to Partner program agreements.

Commercial email (hola@simiriki.com): we reply in under 1 business day. /agenda intake: proposal or quote within 24 hours. Pro+ customer support: 4h SLA via email + Slack. S.O.S retainer: 1h SLA + direct channel + 24/7 escalation. Platform state at /status.

No. simiriki operates exclusively over email and portal. The operational history (what changed, when, by whom, with what authorisation) requires audit-trail persistence — something WhatsApp does not provide defensibly to an auditor. If you need a live conversation, schedule via /agenda and we coordinate over Teams or Meet.