Book a demo
Demo
Demo
Demo
How it works
Moving menu icon with three white horizontal lines on a dark background.
Products
Smart Dashboard
Consulting
Integration
Customer
Smart Answer AI Help Center
Smart Agents AI Agents
Consultants
Smart Knowledge AI advisor knowledge base
Smart Copilot AI Copilot Advisor
Moving menu icon with three white horizontal lines on a dark background.
Solutions
Industries
Logistics
Software and applications
Telecommunications
Mobility
Public utilities
Retail and e-commerce
Insurance and mutual insurance companies
Bank
Consultants
Centralize information and knowledge
Immediate and reliable answers, without going through customer service
Moving menu icon with three white horizontal lines on a dark background.
Our technology
Empowering your customers
Help Center
Decision trees
Context-sensitive help box
Deploying an AI chatbot
Pre-sales AI chatbot
Chatbot IA SAV
Supporting your advisors
Knowledge base
Chatbot AI
Keeping knowledge up to date
Knowledge manager
Knowledge AI Assistant
Our integrations
Safety on our platform
Moving menu icon with three white horizontal lines on a dark background.
Customers
Moving menu icon with three white horizontal lines on a dark background.Moving menu icon with three white horizontal lines on a dark background.
Resources
Resources center
Webinars
Press
Blog
FREN
Green rectangles on a white background with subtle gray accents and a circular design element.
LEGAL PAGES


Privacy Policy and Personal Data Processing Policy

Version dated April 23, 2026

Key Information

Data Controller: Smart Tribune (JCS WEB), 19 rue du Quatre Septembre, 75002 Paris
Data Protection Officer (DPO): Samy Lastmann — dpo@smart-tribune.com
General GDPR Contact: rgpd@smart-tribune.com
Trust Center & DPA: smart-tribune.com/trust

Scope: This document covers (1) Smart Tribune as a Data Controller for its own customer, prospect, and employee data, and (2) Smart Tribune as a Data Processor in connection with its SaaS solution—the terms governing this second role are set forth in a separate Data Processing Agreement (DPA) signed with each customer.

1. Who are we?

Smart Tribune (legal entity: JCS WEB), a simplified joint-stock company with its headquarters at 19 rue du Quatre Septembre, 75002 Paris, operates a SaaS platform for knowledge management and self-service in customer service. Our solutions enable more than 50 million users per year to access the right information at the right time.

1.1 Data Protection Officer (DPO)

Smart Tribune has appointed a Data Protection Officer (DPO) in accordance with the provisions of Article 37 of the GDPR. The DPO is your primary point of contact for any questions regarding the protection of your personal data.

DPO Contact Information:
Name: Samy Lastmann
Position: Data Protection Officer (DPO)
Email: dpo@smart-tribune.com
Address: Smart Tribune, 19 rue du Quatre Septembre, 75002 Paris
For any questions regarding your personal data, please contact the DPO at the address listed above.

1.2 Two distinct roles regarding your data

Depending on the context, Smart Tribune acts in two legally distinct roles under the GDPR:

Role: Data Controller (DC)
Smart Tribune determines the purposes and means of processing
Context:
  • Management of business relationships with clients and prospects (CRM, contracts, billing)
  • Human Resources Management (employees, candidates)
  • Marketing and communications (newsletters, webinars, lead generation)
  • How the smart-tribune.com website works (cookies, analytics)
Role: Processor (P)
Smart Tribune's client is the Data Controller
Context:
  • Processing of end-user data from the client
    (website visitors, conversations, agents, knowledge base) via the Smart Tribune SaaS platform
  • This role is governed by a Data Processing Agreement (DPA) signed separately with each client.

2. What personal data is processed, and for what purposes?

2.1 Data collected based on your profile

Customers
  • Personal information, professional identification details (last name, first name, company, email, phone number)
  • Financial and Billing Information
  • Login credentials and access logs
  • Any information shared in connection with the contractual relationship
Prospects
  • Personal information and professional identification details (last name, first name, job title, email address)
  • Information regarding interest in our solutions
  • Browsing data on our website and marketing interactions
Users of the Smart Tribune Solution (SaaS platform)
This data is processed by Smart Tribune as a data processor on behalf of the client (data controller).
It includes, in particular:
  • Unique visitor ID, IP address, technical and browsing data
  • Conversation content and metadata (chat, FAQ, AI agent)
  • Data regarding the client’s employees using the solution (name, alias, login logs)

    The legal basis for this processing is defined and assumed by the client in its capacity as Data Controller, in accordance with the ATD.
 Visitors to the smart-tribune.com website
  • Strictly necessary, functional, performance, and marketing cookies (see Section 9) 

2.2 Purposes and Legal Bases for Processing (Smart Tribune as a Data Controller)

Purpose Target population Legal Basis under the GDPR
Provision and maintenance of the SaaS solution (setup, configuration, support) Customers Performance of the contract (Art. 6.1.b)
Customer relationship management (contracts, billing, collections) Customers Contract / Legal obligation (Art. 6.1.b and c)
Marketing communications, newsletters, new features Customers Legitimate interest (Art. 6.1.f)
Sales prospecting and product demonstrations B2B Prospects Legitimate interest (Art. 6.1.f) — see note below
Webinars and customer events Customers, Prospects Consent (Art. 6.1.a)
Litigation management / Legal obligations / Anti-fraud measures Customers Legal obligation / Legitimate interest (Art. 6.1.c and f)
How smart-tribune.com Works and How to Improve It Website visitors Consent / Legitimate Interest (Art. 6.1(a) and (f))

Note on B2B marketing (legitimate interest)
Marketing to professionals is based on Smart Tribune’s legitimate interest (Art. 6.1.f GDPR), which is consistent with Article L.34-5 of the French Electronic Commerce Code (CPCE) regarding professional data.
Conditions met: data collected lawfully, professional nature of the relationship, purpose limited to B2B marketing.

You can exercise your right to object at any time by writing to rgpd@smart-tribune.com or by clicking the unsubscribe link included in every communication.

3. Sharing Your Data with Third Parties

Smart Tribune may share your data with the following categories of third parties, in strict compliance with the GDPR:

  • Authorized Smart Tribune staff (sales, HR, accounting, support, and technical teams—each within the scope of their respective responsibilities)
  • Our subcontractors and technical service providers who process data on our behalf (hosting providers, CRM systems, marketing tools—see the full list on our Trust Center)
  • Our partners and integrators, in connection with the provision of requested services
  • Public authorities and fraud prevention agencies, to the extent required by our legal obligations

Smart Tribune never sells your data to third parties for advertising or commercial purposes.
Regarding the role of SaaS processor, the terms for data sharing are defined in the Data Processing Agreement (DPA) signed with the client.

4. Hosting and Transfer of Your Personal Data

We distinguish between our SaaS production infrastructure and our internal management tools. This distinction is essential for understanding exactly where and how your data is processed.

For data processed in connection with the use of our SaaS products, hosting and technical infrastructure are provided exclusively by service providers that guarantee data processing within the European Union.

4.1 Production Infrastructure (Smart Tribune SaaS Solution)

Strong commitment: no production data is transferred outside the EU
Data related to the direct use of our SaaS products (conversations, knowledge base, logs) remains hosted within the European Union at all times.
Our artificial intelligence features are deployed exclusively on European infrastructure (France, Sweden, Germany).
Customer data is never used to train third-party LLM models without documented instructions from the customer acting as the Data Controller.
Service Provider Role Data localization
Amazon Web Services (AWS) Primary host 🇪🇺 EU — Paris Prefecture
Microsoft Azure Additional hosting / AI EU 🇪🇺 EU — Central France
Google Cloud Platform EU AI Services 🇪🇺 EU — Paris Prefecture
OVHcloud Supporting infrastructure 🇪🇺 EU — France
Hetzner Supporting infrastructure 🇪🇺 EU — Germany
Cloudflare CDN for static content only (JS, CSS, images) — no application or personal data passes through Cloudflare Global network — personal data not affected by this use
Clarification regarding Cloudflare
Smart Tribune uses Cloudflare exclusively as a content delivery network (CDN) to deliver static assets (JavaScript files, CSS, images) in order to improve loading performance.
Within this limited scope, Cloudflare does not process users’ personal data (no access to application requests, no conversation data, etc.). Cloudflare is nevertheless bound to Smart Tribune by a DPA compliant with the GDPR and by the European Commission’s Standard Contractual Clauses (SCCs).

4.2 Internal Management Tools and Support

For our internal operations (CRM, marketing, support, collaboration), Smart Tribune uses third-party tools that may involve data processing outside the European Union. These tools do not affect the data of end users of the SaaS solution—only the data of our clients and prospects as business professionals.

 In this context, we systematically ensure compliance with the GDPR through the European Commission’s Standard Contractual Clauses (SCCs) and Data Protection Agreements (DPAs) with each service provider

Tool Usage Location / Warranties
HubSpot CRM, customer support, marketing 🇺🇸 United States — CCT
Instantly B2B Sales Outreach 🇺🇸 United States — CCT
Loom Internal video recordings 🇺🇸 United States — CCT
Aircall IP Telephony 🇩🇪 Germany (EU)
Livestorm Webinars and events 🇮🇪 Ireland (EU)
Google Workspace Internal collaboration 🇧🇪 Belgium / EU
Younium Subscription Management 🇮🇪 Ireland — Azure (EU)

The complete and up-to-date list of our subcontractors is available on our Trust Center: smart-tribune.com/trust

5. Data Retention Periods

Retention periods are strictly limited to the purposes for which the data was collected:

Data category Shelf life
Customer and supplier data 5 years (statute of limitations)
Accounting documents 10 years
Prospect data 3 years from the last exchange
Smart Tribune Employee Data Contract term + 5 years (Labor Code)
Application and security logs Up to 12 months
Cookies 13 months from the date of acceptance
Newsletters Until you unsubscribe
Webinar and Event Information Duration of the event + 3 years
Candidate Data (HR) Two years after the application was rejected
Internal video recording data (Loom) 12 months, then deletion or archiving
SaaS solution data (end users) Subscription period plus up to 90 days after cancellation (unless otherwise specified by the RT client)

6. Your rights and how to exercise them

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:

  • Right to information: the right to be informed about how your data is collected and processed.
  • Right of access: to obtain confirmation that your data is being processed, to receive a copy of it, and to obtain information regarding such processing.
  • Right to rectification: to have inaccurate or incomplete data about you corrected.
  • Right to erasure (“right to be forgotten”): Request the deletion of your data when the legal requirements are met.
  • Right to restriction: You may request that the processing of your data be limited to specific purposes only (for example, while a correction is being verified), with the data remaining stored but not used for any other purposes.
  • Right of objection — two distinct systems:
  • Objection to direct marketing (solicitation, newsletters): an absolute right—you do not need to provide a reason for your request; simply write to us or click the unsubscribe link.
  • Objection to processing based on legitimate interests: You may object to such processing for reasons related to your particular situation. Smart Tribune may continue the processing if it can demonstrate compelling legitimate grounds that override your interests.
  • Right to data portability: to receive your data in a structured, commonly used, and machine-readable format (JSON or CSV), and to transmit it to another data controller.
  • Right to withdraw consent: You may withdraw your consent at any time when the processing is based on your consent, without this affecting the lawfulness of any processing carried out prior to the withdrawal.
  • Right to establish end-of-life directives: decide what happens to your data after your death.

How to exercise your rights?
By email (DPO): dpo@smart-tribune.com
By email (General GDPR inquiries): rgpd@smart-tribune.com
By mail: Smart Tribune — 19 rue du Quatre Septembre, 75002 Paris
Proof of identity is required to process the request.
Response time: 1 month from receipt (extendable to 3 months for complex requests, with notification within the first month).
Right to appeal: you may file a complaint with the CNIL — www.cnil.fr — if you believe your rights have not been respected.

7. Data Security

Smart Tribune implements technical and organizational measures appropriate to the risk to ensure the security, confidentiality, and integrity of your personal data. These measures include, in particular:

  • Data encryption in transit (TLS 1.2+, Grade A+ SSL) and at rest
  • Pseudonymization and obfuscation of PII prior to processing by LLM models
  • Annual penetration tests (OWASP methodology)
  • Automated security analysis in CI/CD pipelines
  • Role-Based Access Control (RBAC) with access logging
  • Disaster Recovery Plan (DRP) with a 12-hour RTO
  • ISO/IEC 27001 certification in progress (target: 2026–2027)

Smart Tribune maintains an internal record of processing activities in accordance with Article 30 of the GDPR. This record lists all processing operations carried out by Smart Tribune, both as a Data Controller and as a Data Processor, along with their purposes, legal bases, categories of data, retention periods, and associated processors. It is available upon written request to the DPO: dpo@smart-tribune.com.

 To report a security vulnerability: vulnerabilities@smart-tribune.com 

8. Artificial Intelligence and Data Protection

Smart Tribune integrates artificial intelligence features into its platform. We apply the following principles to ensure responsible use:

  • Deployment exclusively on European infrastructure (AWS EU, Azure EU, GCP EU)
  • LLM Providers: Anthropic (Claude via AWS Bedrock EU), OpenAI (via Azure EU), Mistral AI (France)
  • Zero unsolicited training: End-user data is not used to improve our suppliers’ underlying LLM models or to train our own models without documented instructions from the Data Controller
  • Personal data obfuscation: Personally identifiable information (PII) is masked using our internal obfuscation API before being sent to LLM models
  • EU AI Act Compliance: Smart Tribune complies with Regulation (EU) 2024/1689 on artificial intelligence

The automated processes carried out by the platform (satisfaction scoring, response recommendations, routing) are intended to improve service quality and do not result in decisions that have legal effects or significantly affect the individuals concerned within the meaning of Article 22 of the GDPR. 

If a future feature were to fall under this section, those affected would be notified in advance.

9. Cookie Policy

The smart-tribune.com website uses cookies. Depending on their nature, these cookies may or may not require your prior consent:

Cookie type Purpose Consent required
Strictly necessary How the site works (sessions, security) No — exempt
Functional Saving your preferences (language, display settings) No—insofar as they serve only to make navigation easier
Analytics / Performance Website analytics, site improvement (anonymized data) Yes — consent required
Marketing Advertising targeting, retargeting, campaign tracking Yes — consent required

 Cookie retention period: 13 months from the date of your acceptance. You can change your preferences at any time via the cookie management panel available on the website or by contacting dpo@smart-tribune.com.

A detailed Cookie Policy listing all cookies used (name, specific purpose, duration, third-party provider) is available at: smart-tribune.com/cookies

10. Changes to this policy

Smart Tribune reserves the right to modify this Privacy Policy to reflect changes in laws, regulations, or technology. In the event of a substantial change that affects your rights, you will be notified by email or via a notice on our website, with reasonable advance notice before the changes take effect.

The date of the last update and the version history are available on our Trust Center: smart-tribune.com/trust

Data Processing Agreement (DPA) — SaaS Customers
The terms under which Smart Tribune processes data as a Data Processor on behalf of its customers are governed by a Data Processing Agreement (DPA ) separate from this policy.
This document is signed in conjunction with the commercial contract or upon request. It constitutes a bilateral legal agreement binding on both parties, in accordance with the requirements of Article 28 of the GDPR.
To obtain the DPA or include it in your compliance file: dpo@smart-tribune.com
A man in a dark jacket uses a smartphone, surrounded by green coding symbols and technological devices.
Activate your business knowledge
Start structuring, disseminating and improving your business knowledge.
Book a demo