Digital security, a priority for smsmode©
As our business has always been linked to digital technology, security has been an important issue from the outset. Thanks to the mobilization of our entire team, and the support of experts, smsmode© ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications. smsmode© is one of the first mobile messaging platforms to be certified to these standards.
Our strategic objectives
Meet the security requirements of our customers and message recipients.
Provide our customers with proof of the platform's digital security smsmode©.
Limit malicious use of the platform smsmode© (smishing, scams, etc.).
Continuously improve our digital security and contribute to that of our stakeholders.
Our certifications
Which attest to our high level of maturity in digital security.
ISO/IEC 27001 certification
It defines a methodology for identifying threats to information security, managing the associated risks, and implementing appropriate protection measures to ensure the confidentiality, availability and integrity of information.
ISO/IEC 27701 certification
It enables a privacy management system to be recognized as part of the management of risks linked to the processing of personal data.
DOCUMENTATION
A summary of our digital security
Free of charge, this report describes our digital security measures in response to the challenges of our internal and external context, opportunities, obligations and the requirements of all interested parties.
Privacy by Design
Privacy at the heart of our design process.
Maximum data protection
The platform implements appropriate and risk-adapted measures to guarantee data security.
Hosting your data in Europe
The platform smsmode© is based on high-quality infrastructures. It comprises a redundant technical platform hosted in 2 ISO 27001-certified DataCenters (MRS1: Interxion | Marseille, DC4: SCALEWAY | Paris). These infrastructures ensure maximum security and reliability. As an option, you can isolate your account data on an HDS-certified host.
Experts to protect our platform and processes
We have appointed an external DPO (Data Protection Officer) at the specialist law firm PINT Avocats, and an RSSI (Information and Security Systems Manager) at Cyberwings.
Imported data management
All data transiting our platform (via API, webservice or web application) is stored encrypted on highly secure servers in Europe (France).
Powerful security functions such as hashing of text content and/or truncation of the last 4 digits of the recipient's number can also be configured on your accounts. The retention period of text content in the active database can be shortened at your request. The content can be deleted immediately after sending, so that only the data in transit are stored.
Data minimization
Collect less, collect the bare essentials, for your safety.
Sensible collection
The personal data collected is adequate, relevant and limited to what is necessary for the purposes for which it is processed. Data is automatically deleted after 6 months. This period can be shortened if you express your wish as a customer.
Configurable privacy functions
Powerful security functions, such as content and recipient hashing, can be configured on accounts.
Action logging and access protection
Each customer area is equipped with a logbook tracking all actions carried out on the account, as well as the author of each action since the account was created. Double authentication is required for account access.
Robust, safe design
For seamless integration with your solution.
Constant availability
The source code of our solution as well as our information system benefit from constant improvements and a secure external backup available at all times.
Plans for your safety
smsmode© provides its customers with the assurance that it complies with cybersecurity requirements:
- a digital security summary (download here).
- a Digital Security Management System Manual, setting out our digital security strategy and the organizational, human, physical and technological resources needed to achieve it (available under confidentiality agreement).
- the possibility of establishing a Safety Assurance Plan with its customers. smsmode© is based on a high level of redundancy to the data centers, with failover to ensure business continuity, limit outages, optimize uptime and guarantee high platform stability.
A team trained in confidentiality issues
Access to customer accounts and data is restricted to employees only smsmode© authorized: account manager(s), support manager and billing department. Employees bound by a confidentiality clause and made aware of the importance of data security and the application of the RGPD.
Subcontractors selected for their commitment to RGPD and privacy compliance
We select our subcontractors with a preference for European players who must store their data on European soil, to avoid any extraterritorial transfer of the core part of the network (our customers' data).
Transparency as a value
For a relationship you can trust.
Data availability and reversibility of our services
All the data hosted on our platform (messages, DLRs, contact databases, etc.) can be exported from the customer space and used by customers in any way they wish, making our service totally reversible.
A proven solution that you can challenge
In a spirit of transparency, smsmode© offers its customers the option of having our solution audited by an independent organization. In addition, we carry out pentests once a year to ensure the performance of our tools and processes.
These annual physical and virtual security audits enable us to identify and correct potential vulnerabilities and improve the overall security of our platform.
Total transparency on our actions
The processing register is a document, available on request, provided by our DPO. It attests to our compliance with Article 30.2 of the RGPD, testifying to our company's application of the accountability principle (responsibility). This documentation enables us to prove the compliance of our solution with the requirements of the RGPD.
These annual physical and virtual security audits enable us to identify and correct potential vulnerabilities and improve the overall security of our platform.
A privacy policy validated by experts
smsmode© implements strict data protection measures, adapted to the risks and nature of our business. These measures, validated by our DPO & RSSI, take the form of a strong internal data protection policy, encryption of stored data and secure access.
Visit our privacy policy and our appendix on processing personal data as a subcontractor.
Labels and certifications obtained
Continuous improvement
Our teams work tirelessly to maintain the platform smsmode© the requirements of the official standards set out in the various labels and certifications to which we are committed. Obtaining these guarantees the quality and safety of our products.
As such, our processes and solutions are regularly tested through internal and external audits by our consultants and certification bodies.
PRIVACY TECH LABEL
smsmode© has been awarded the "Privacy Tech" label in the "Data Processor Compliant Solution" category. As the first Saas messaging platform to be awarded the label, this distinction rewards our excellence in terms of privacy as a subcontractor, and reinforces our commitments to our customers as a data controller.
ISO/IEC 27001
ISO/IEC 27001 certification demonstrates the implementation of an effective information security management system (ISMS) based on the international reference standard: ISO/IEC 27001.
Try out our SMS platform and benefit from 20 free test credits, with no obligation.