smsmode© data security

Data security

Aware of the importance of protecting our customers' data, we have been committed since the creation of the company more than 15 years ago to the security and quality of our services.

In accordance with our GDPR approach and our commitment to the CNIL under number 1046241, our company respects the rules of database protection, and the recommendations concerning processes and technologies, in order to guarantee the integrity and security of your data.

Among our long-standing and loyal customers, many companies managing confidential and sensitive data such as medical or banking data, have entrusted us with the routing of their mobile messages. A proof of the clear answer that we bring to this subject.

To avoid any confusion, WE DO NOT RENT/SELL databases. By using the smsmode© services, you are thus assured of the confidentiality and the total protection of your databases which will not be in any case re-used with other ends that yours.

PROTECTION MEASURES APPLICABLE TO SMSMODE© SERVICES

access to customer accounts

Access to the customer account

All access to customer accounts on the smsmode© platform is protected and secured with a strong identifier and password that are specific to each account owner. The password is hashed in the database, is not stored (neither in clear, nor encrypted) and can therefore not be disclosed or consulted by third parties (smsmode© team or others).
The security of the access to the accounts on our platform is guaranteed by a protocol HTTPS.

import data management

Managing imported data

All data that passes through our services (API, webservice or web application) is stored encrypted on highly secure servers in France .

A policy of limiting personal data is in force: it aims to collect and process only the data that are essential for sending an SMS. Thus, users of our services are only required to enter the telephone number and the message to be sent in order to use our platform.
In addition, these data are automatically deleted after 6 months. This period can be shortened if necessary.

end-to-end encryption

End-to-end encryption

To guarantee maximum security, all user data hosted on our systems is fully encrypted by the AES-128 CBC (Advanced Encryption Standard) protocol at the application level and encrypted by SSL certificates at the HTTP level. In addition, access is restricted by firewall and IP address.

When the message is transmitted to the telecom operator, which owns the end-user's number, personal information such as the content of the message sent is encrypted.

SMS routes

SMS routes used

The quality of the routes is the most important criterion at smsmode©, because we wish above all to propose a powerful service to our customers.

As aFrench telecom operator approved by ARCEP and connected in direct operator, we only use direct and high quality routes with all French and foreign operators . Therefore, we always opt for direct 0-hop or 1-hop connection routes.

Our route providers (backup routes, etc.) are only based in France or in the European Union. SMS-Center (SMS-C) control tools allow us to check whether roaming SMS have been used by our partners because "trust does not exclude control".

service monitoring

Monitoring of our services

Careful monitoring of the performance of each of the routes used is performed in real time. We have deployed a set ofefficient detection tools and alert systems based on Elastic tools (ElasticSearch, LogStash and Kibana). Thus, monitoring of sending performance, SMS delivery times and actual operator throughput is performed in real time on our services.

This monitoring device allows us to react quickly when a slowdown occurs on our routes.
In addition, real-time system monitoring also includes a fault tolerance component with a solution to automatically switch traffic to backup connections and providers in the event of a drop in performance.

team and confidentiality

The teams

Access to accounts and customer data is limited to authorised smsmode© employees: the account manager(s), the support manager and the billing department.
All smsmode© employees, subject to French law, are bound by a confidentiality clause which is clearly defined in their employment contract. Moreover, they are regularly trained in the importance of data security and the application of the GDPR by our DPO, the law firm PINT avocats.

hosting and servers

Accommodation

The smsmode© platform is based on a quality technical infrastructure. It is composed of technical platforms and server centres exclusively hosted in 2 ISO27001 certified DataCenters (Interxion in Marseille, SCALEWAY). These infrastructures ensure a maximum level of security and reliability and are certified for the hosting of sensitive data such as health data.

Our subcontractor Evolix takes care of the outsourcing of these infrastructures.

backups and redundancies

Backups and redundancies

smsmode© relies on a high level of redundancy at the level of the data centre or operators chosen from among the world and European leaders. Switching allows toensure the continuity of the activities, to minimize the breakdowns, tooptimize the time of availability and to guarantee a high availability of our platform.

In case of unforeseen events, daily backups of customer account data (address book, templates, DLR history of sent SMS, etc.) are made and restored if necessary.

data security audits and vulnerability management

Audits and vulnerability management

Our law firm, PINT Avocats, and its partner Cyberwings, carry out annual physical and virtual security audits to identify and resolve identified vulnerabilities.
This includes attempted intrusions into our premises and IT systems (covering our APIs and web applications) via Black Box and Grey Box techniques etc. The findings of these penetration tests are processed; patches and updates are applied to our applications. These elements are disseminated to clients who request them.