Digital security, a priority for smsmode©
Our business has always been digital, safety was an important issue from the outset.
Thanks to the mobilization of our entire team, and the support of experts, smsmode© was able to win ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications.
smsmode© is thus one of the first mobile messaging platforms to be certified on these standards.
Our strategic objectives
1
Meet the security requirements of our customers and message recipients
2
Provide our customers with proof of the platform's digital security smsmode©
3
Limit malicious use of the platform smsmode© (smishing, scams, etc.)
4
Continuously improve our digital security and contribute to those of our stakeholders
Certifications
that attest to our high level of maturity in digital security.
ISO/IEC 27001 certification defines a methodology for identifying threats to information security, managing the associated risks, and implementing appropriate protection measures to ensure the confidentiality, availability and integrity of information.
ISO/IEC 27701 certification enables a privacy management system to be recognized as part of the management of risks linked to the processing of personal data.
DOCUMENTATION
A summary of our digital security
Downloadable free of charge, this report describes our digital security measures in response to the challenges of our internal and external context, opportunities (organizational, human and commercial), our obligations and the requirements of all interested parties (customers and message recipients, employees, supervisory authorities, certification bodies, telecoms service providers and other contractors).
Privacy by design
privacy at the heart of our design process
Maximum protection for your data
The platform implements appropriate and risk-adapted measures to guarantee data security.
Hosting your data in Europe
The platform smsmode© is based on quality infrastructures. It is comprising a redundant technical platform hosted in 2 ISO 27001-certified DataCenters (MRS1: Interxion | Marseille, DC4: SCALEWAY | Paris).
These infrastructures ensure maximum security and reliability. As an option, you can isolate your account data on a HDS-certified host (health data host).
Experts to protect our platform and processes
We have appointed an external DPO (Data Protection Officer) from the specialized law company PINT Avocats, and an CISO (Chief Information Security Officer) at Cyberwings.
Management of the imported data
All data that passes through our platform (via API, webservice or web application) are stored encrypted on highly secured servers in Europe (France).
Powerful security features such as hashing of text content and/or truncation of the last 4 digits of the recipient's number can also be set up on your accounts. The retention period of the text content in the active database can be shortened at your request. The content can be deleted immediately after sending, so that the data only pass through without any stocking period.
Data minimization
collect less, collect only what is necessary, for your security
A wise collection
The personal data collected are adequate, relevant and limited to what is necessary for the purposes for which they are processed.
An automatic deletion of this data takes place after 6 months. This period can be shortened at a customer request.
Customizable privacy features
Powerful security features such as content and recipient hashing can be configured on the account.
Logging of executed actions and access protection
Each client account is equipped with a log allowing a follow-up of all the actions carried out on the account, as well as the author of each action since the creation of the account. A double authentication is required to access the accounts.
Robust & secure design
for seamless integration with your solution
Constant availability
The source code of our solution as well as our information system benefit fromconstant improvements and a secured external backup available all time.
Plans for your safety
smsmode© provides its customers with the assurance that it complies with cybersecurity requirements:
- a digital security summary (download here).
- a Digital Security Management System Manual, presenting our digital security strategy
digital security strategy and the organizational, human, physical and technological means to achieve it (available under confidentiality agreement). - the possibility of establishing a Safety Assurance Plan with its customers.
smsmode© is based on a high level of redundancy to the data centers, with failover to ensure business continuity, limit outages, optimize uptime and guarantee the high stability of our platform.
A team trained in confidentiality issues
Access to customer accounts and data is compartmentalized to employees only smsmode© authorized: account manager(s), support manager and billing department. Employees bound by a confidentiality clause And made aware of the importance of data security and the application of the RGPD.
Subcontractors selected for their commitment to RGPD & privacy compliance
We select our subcontractors by favouring European actors who store their data in Europel to avoid any extraterritorial transfer of the core part of the network (our customers' data).
Transparency as a value
for a relationship based on trust
Data availability and reversibility of our service
All the data hosted on our platform (messages, DLR, contact databases...) can be exported from the client account and can be used by the clients in any way they wish, allowing total reversibility of our service.
A proven solution that you can challenge
In a spirit of transparency, smsmode© offer the possibility for customers to have our solution audited by an independent body. We also carry out annual pentests to ensure the performance of our tools and processes.
These annual physical and virtual security audits help to identify and correct potential vulnerabilities and improve the overall security of our platform.
Total transparency on our actions
The processing register is an available on request document, provided by our DPO. It attests to our compliance with Article 30.2 of the GDPR, demonstrating our company's application of the accountability principle. This documentation allows us to prove the compliance of our solution with the requirements of the GDPR.
A privacy policy validated by experts
smsmode© implements strict data protection measures, adapted to the risks and nature of our business. These measures, validated by our DPO & RSSI, translate into a strong internal data protection policy, encryption of stored data and secure access.
See our privacy policy and our appendix processing personal data as a subcontractor
LABELS AND CERTIFICATIONS OBTAINED
Our teams work tirelessly to maintain the platform smsmode© the requirements of the official standards set out in the various labels and certifications to which we are committed. Obtaining these guarantees the quality and safety of our products.
As such, our processes and solutions are regularly tested through internal and external audits by our consultants and certification bodies.
PRIVACY TECH LABEL
smsmode© was awarded the Privacy Tech" label in the "Data Processor Compliant Solution" category. As the first Saas messaging platform to be awarded the label, this distinction rewards our excellence in terms of privacy as a subcontractor, and reinforces our commitments to our customers as a data controller.
ISO/IEC 27001
ISO/IEC 27001 certification demonstrates the implementation of an effective information security management system (ISMS) based on the international reference standard: ISO/IEC 27001.