IT security at Smart Tribune

Hébergement et infrastructures

Hosting and Infrastructure

As a pioneer in cloud services, we have chosen Amazon Web Service (AWS) to host our solution on the AWS Europe (Paris) infrastructure. This allows clients with data localization requirements to store their data in France, ensuring that the content will not be moved.

On average, AWS customers use 77% fewer servers, 84% less energy, and their energy mix is 28% greener. They can achieve an 88% reduction in carbon emissions by migrating to the cloud and AWS.

Our hosting provider (AWS – Paris) holds the following certifications: CIDSS 1, SOC1, SOC2, SOC3, CSA, SOC1, ISO 27001, ISO 9001, ISO 27017, ISO 27018, FedRAMP, CJIS, DoD SRG, HIPAA, ASIP HDS, CISPE.

AWS is based on the NIST framework.

We also utilize Microsoft Azure Cloud to meet the needs of large language model (LLM) consumption, particularly the GPT family, with infrastructure located in the France Central region for product usage and our production workloads.

Our hosting provider (Microsoft Azure) holds the following certifications: ISO/IEC 27001, ISO/IEC 27018, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, FedRAMP, CSA STAR. Azure also complies with GDPR, UK G-Cloud, and EU Model Clauses regulations. It is important to note that Microsoft Azure is based on the NIST framework.

For certain internal explorations, we may use other regions, but exclusively within the European Union, such as Sweden and Germany.

Vulnerability Management

Frameworks and Tools

Smart Tribune has built its software suite on modern and proven languages and frameworks, including ReactJS, PHP, Kotlin, Python, Golang, and Rust.

We also use Kubernetes, a leading solution for container orchestration. Updates are performed at regular intervals to incorporate evolutions and security patches as quickly as possible, depending on the criticality of the elements involved.

We employ a multi-notification system to monitor various key events, including cluster status and other performance and security indicators. These notifications are sent through multiple channels, such as email alerts, Mattermost, SMS, and push-over, ensuring optimal responsiveness.

Continuous Integration and Security

The continuous integration (CI) tool implemented at Smart Tribune is based on GitLab CI. It incorporates several security stages using various tools and solutions:

Code Analysis and Security Testing

Static Application Security Testing (SAST) is integrated directly into the continuous integration process to automatically detect potential issues and vulnerabilities in the code. Additionally, tools are used on developers’ workstations to reinforce this vigilance.

Regular manual security tests are conducted using specific tools, notably ZAP (Zed Attack Proxy). These tests are based on well-known frameworks such as OWASP and W3AF to ensure maximum coverage of potential vulnerabilities.

By combining these proactive and reactive approaches, Smart Tribune ensures continuous monitoring and protection of its environments, thereby guaranteeing robust and reliable security for its users.

Vulnerability Tracking and Management

Any detected vulnerabilities can be reported via email to Our technical team is committed to addressing each vulnerability as quickly as possible, informing the client about the detection and the expected resolution timeframe. Temporary workarounds may be implemented in anticipation of the complete resolution of the vulnerability.

Data Protection and Compliance

Cookie Policy

In the context of using Smart Tribune solutions, two types of cookies may be used:

1. Mandatory functional cookie:

2. Optional analytical cookie:

These adjustments ensure respect for users’ privacy preferences while ensuring the proper functioning and security of our solutions.

Personal Data

Our solutions comply with the General Data Protection Regulation (GDPR). All AWS services in the AWS EU (Paris) region adhere to GDPR standards.

Artificial Intelligence (AI)

All Smart AI functionalities are deployed exclusively in France. No data is sent or stored abroad, ensuring GDPR compliance across all functionalities.

Smart AI V.0 (Content Generation and Transformation)

Smart AI V.1 (Knowledge Builder)

Semantic search

Smart Bot


Regular security audits are conducted by internal or external auditors. If a client wishes to perform an audit, a one-month notice is required. The audit is at the client’s expense, who must provide details on dates, authorized personnel, content, and results.

SLA and Availability

Smart Tribune guarantees a monthly service availability rate of at least 99.50%. All details are available in our general terms and conditions.

Smart Tribune guarantees a monthly service availability rate of at least 99.50%, calculated as follows:

Monthly availability = 100 x (calculation period – service downtime) / calculation period

All details on solution availability and response times are present in the paragraph “Annex 1: Handling Anomalies > 3/ Solution Availability and Response Times” available in our GTC at the link:

Note: Different conditions may apply to certain contracts; these conditions are defined in the special conditions agreed upon during contract signing.

Anomaly Correction

All details related to anomaly correction are present in our general terms and conditions. Specific conditions may apply depending on the signed contracts.

For more information, please consult our general terms and conditions on our website.