smsmode© data security

Data security

Aware of the importance of protecting our customers' data, we have been committed since the creation of the company more than 15 years ago to the security and quality of our services.

In accordance with our RGPD approach and our commitment to the CNIL under number 1046241, our company respects the rules of database protection, and the recommendations concerning processes and technologies, in order to guarantee the integrity and security of your data.

Among our historical and loyal customers, many companies managing confidential and sensitive data such as medical or banking data, have entrusted us with the routing of their mobile messages. Proof of the clear answer we are giving on this subject.

To avoid confusion, WE DO NOT RENT/SELL databases. By using smsmode© services, you are thus assured of the confidentiality and total protection of your databases, which will not be re-used for any other purpose than your own.

PROTECTIVE MEASURES APPLICABLE TO SMSMODE© SERVICES

access to customer accounts

Access to the customer account

All accesses to customer accounts on the smsmode© platform are protected and secured with a strong username and password that are unique to each account owner. The password is hashed salted in a database, is not stored (neither in clear nor encrypted) and therefore cannot be disclosed or consulted by third parties (smsmode© team or other).
The security of access to accounts on our platform is guaranteed by an HTTPS protocol.

import data management

Management of imported data

All data that passes through our services (API, webservice or web application) is stored encrypted on highly secure servers in France.

A policy of limiting personal data is in force: it aims to collect and process only the data necessary to send an SMS. Thus, the users of our services are only obliged to fill in the telephone number and the message to be sent, in order to use our platform.
Moreover, an automatic deletion of these data is done automatically after 6 months. This period may, if necessary, be shortened.

end-to-end encryption

End-to-end encryption

To guarantee maximum security, all user data hosted on our systems is fully encrypted by the AES-128 CBC (Advanced Encryption Standard) protocol at the application level and encrypted by SSL certificate at the HTTPs level. In addition, a limitation of access at the level of the firewall and the IP address is implemented.

At the time of transmission of the message to the telecom operator, owner of the end user's number, personal information such as the content of the message sent is encrypted.

SMS routes

SMS routes used

The quality of the roads is the most important criterion at smsmode©, because we wish above all to offer an efficient service to our customers.

As a Telecom Operator connected directly to the operator, we only use direct and high quality routes with all operators. Also, we always opt for direct routes with 0-hop or 1-hop connection.

Our road suppliers (emergency roads, etc.) are only based in France or in the European Union. SMS-Control tools in the SMS-Center (SMS-C) make it possible to check whether roaming SMS messages have been used by our partners because "trust does not exclude control".

service monitoring

Monitoring of our services

A careful monitoring of the performance of each of the routes used is carried out in real time. We have deployed a set of efficient detection and alert system tools based on Elastic tools (ElasticSearch, LogStash and Kibana). Thus, a control of the performance of the sending, the delivery times of the SMS and the real operator throughputs is carried out in real time on our services.

This monitoring device allows us to react quickly when a slowdown occurs on our roads.
In addition, real-time system monitoring also includes a fault tolerance component with a solution to automatically switch traffic to backup connections and providers in the event of performance degradation.

team and confidentiality

The teams

Access to accounts and customer data is restricted to authorized smsmode© employees only: the account manager(s), the support manager and the billing department.
All smsmode© employees, subject to French law, are bound by a confidentiality clause which is clearly defined in their employment contract. In addition, they are regularly trained on the importance of data security and the application of the RGPD by our DPO, the PINT avocats law firm.

hosting and servers

Accommodation

The smsmode© platform is based on a technical infrastructure of quality. It is composed of technical platforms and server centers exclusively hosted in 2 ISO27001 certified DataCenters (Interxion in Marseille, OVH4 Roubaix). These infrastructures ensure a maximum level of security and reliability and are certified for hosting sensitive data such as health data.

Our subcontractor Evolix handles the outsourcing of these infrastructures.

backups and redundancies

Backups and redundancies

smsmode© relies on a high level of redundancy at the level of the data center or operators chosen among the world and European leaders. Failovers ensure business continuity, minimize failures, optimize uptime and guarantee high availability of our platform.

To prepare for any unforeseen event, daily backups of customer account data (address book, templates, DLR history of SMS sent, etc.) are made and restored if necessary.

data security audits and vulnerability management

Audits and vulnerability management

Our law firm, PINT Avocats, and its partner Cyberwings, conduct annual physical and virtual security audits to identify and resolve identified vulnerabilities.
This includes attempts to intrude into our premises and our computer systems (covering our APIs and web applications) via Black Box and Grey Box techniques, etc. The conclusions of these penetration tests are processed; patches and updates are applied to our applications. These elements are disseminated to customers who request it.