At Smart Tribune, data security isn't an option - it's a commitment. Our AI and knowledge management solutions are designed to protect your sensitive information, guarantee its confidentiality and ensure its integrity at all times. We adhere to the most demanding standards, and work continuously to strengthen our practices to offer you trusted AI, at the service of both your customers and your teams.
Hosting and infrastructure
Data centers
As a pioneer in cloud services, we chose Amazon Web Service to host the solution on the AWS Europe infrastructure (Paris). This enables customers with data localization requirements to store their data in France, with the assurance that content will not be moved.
On average, AWS customers use 77% fewer servers, 84% less energy and their energy mix is 28% greener. They can achieve an 88% reduction in carbon emissions by migrating to the cloud and AWS.
Our hosting provider (AWS - Paris) has the following certifications: CIDSS 1, SOC1, SOC2, SOC3, CSA, SOC1, ISO 27001, ISO 9001, ISO 27017, ISO 27018, FedRAMP, CJIS, DoD SRG, HIPAA, ASIP HDS, CISPE.
AWS is based on the NIST standard.
Use of Microsoft Azure Cloud to meet consumption needs for Large Language Models (LLMs), in particular the GPT family, with infrastructure located in the France Centre region for use within the product and our production workloads.
Our hosting provider (Microsoft Azure) holds the following certifications: ISO/IEC 27001, ISO/IEC 27018, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, FedRAMP, CSA STAR. Azure also complies with GDPR, UK G-Cloud and EU Model Clauses regulations. It is important to note that Microsoft Azure is based on the NIST repository.
For certain internal explorations, we can use other regions, but exclusively within the European Union, such as Sweden and Germany.
Vulnerability management
Frameworks and tools
Smart Tribune has based its software suite on modern, proven languages and frameworks, including ReactJS, PHP, Kotlin, Python, Golang and Rust.
We also use Kubernetes, a benchmark solution for container orchestration. Updates are carried out at regular intervals to incorporate security evolutions and patches as quickly as possible, depending on the criticality of the elements concerned.
We use a multi-notification system to monitor various key events, including cluster status and other performance and security indicators. These notifications are sent via multiple channels, such as email alerts, Mattermost, SMS and push-over, guaranteeing optimum responsiveness.
Continuous integration and security
Smart Tribune's continuous integration (CI) tool is based on GitLab CI. It integrates several security stages thanks to various tools and solutions:
- Dependency scanners: Check for vulnerabilities in the dependencies used (Security checker, govulncheck, dependency-check ...).
- Container scanners: Use SNYK and TRIVY to check for vulnerabilities in Docker images, the underlying operating system and the file system.
Code analysis and security testing
Static code analysis (SAST) is integrated directly into the continuous integration process to automatically detect potential problems and vulnerabilities in the code. In addition, tools are used on developers' workstations to reinforce this vigilance.
Regular manual security tests are carried out using specific tools, notably ZAP (Zed Attack Proxy). These tests are based on well-known benchmarks such as OWASP and W3AF to ensure maximum coverage of potential vulnerabilities.
By combining these proactive and reactive approaches, Smart Tribune ensures continuous monitoring and protection of its environments, guaranteeing robust and reliable security for its users.
Vulnerability monitoring and treatment
Any vulnerability detection can be reported by email to vulnerabilities@smart-tribune.com. Our technical team is committed to dealing with each vulnerability as quickly as possible, informing the customer of the detection and resolution timeframe. Temporary workarounds may be put in place in anticipation of the full resolution of the vulnerability.
Data protection and compliance
Cookie policy
When using Smart Tribune solutions, two types of cookies may be used:
1. Functional cookie required :
used for our products requiring authentication by personal account (Smart Knowledge)
mandatory and essential for correct use of the authenticated solution
compliant with CNIL recommendations and obligations concerning the RGPD
2. Optional analysis cookie :
the Smart Tribune solution works independently of the user's acceptance or refusal of analysis cookies
if the user refuses these cookies, certain behavioral usage data will not be collected, limiting certain statistical analyses
a "cookieoptin" setting allows the user to manage the activation or refusal of cookies linked to Google Analytics according to the user's
preferences for Google Analytics, the anonymization option is activated, guaranteeing that IP addresses are anonymized before data is sent
using PianoAnalytics, our solution remains compliant with the RGPD
These adjustments ensure that users' privacy preferences are respected while ensuring the smooth operation and security of our solutions.
Personal data
Our solutions comply with the General Data Protection Regulation (GDPR). All AWS services in the AWS EU (Paris) region comply with RGPD standards.
Artificial Intelligence (AI)
All Smart AI functionalities are deployed in France only. No data is sent or stored abroad, compliance with RGPD regulations is applied to all these functionalities.
Smart AI V.0 (Content generation and transformation)
Model used: GPT
Functionalities include answer generation, tone change, spelling correction, translation, etc.
Functionalities linked to Smart AI V.0 use the Microsoft Azure service deployed in France
No data sent abroad + RGPD compliance
Smart AI V.1 (Knowledge Builder)
Model used: GPT-4 Turbo
Added PDF documents are stored in an S3 bucket, Amazon Simple Storage Service, encrypted with key management in our Key Management Service based in France. Only the necessary paragraphs are shared with the LLM (GPT-4 Turbo).
Semantic search
Model used: OpenSource base + finetuning, hosted in our infrastructures in the Paris Region
Smart Bot
We anonymize all personally identifiable and named data via the models we host, before any processing by generative AI.
We access LLM models from our Microsoft Azure tenants, all based in Europe. Data sent to LLM models via Microsoft Azure is not used to train these models (see documentation).
Auditability
Safety audits are carried out regularly by internal or external auditors. If a customer wishes to carry out an audit, 1 month's notice is required. The audit is the responsibility of the customer, who must provide details of dates, authorized persons, content and results.
SLA and availability
Smart Tribune guarantees a monthly availability rate for its services of at least 99.50%. Full details are available in our general terms and conditions.
Smart Tribune guarantees that the monthly availability rate of its Services is at least 99.50%, calculated as follows:
Monthly availability = 100 x (calculation period - service unavailability) / calculation period
Full details of solution availability and response times can be found in the paragraph "Appendix 1: Troubleshooting > 3/ Solution availability and response times" available in our T&Cs at the link: https: //fr.smart-tribune.com/cgv/
NB: It is possible to have different conditions for certain contracts. These conditions are defined in the special conditions and are agreed between the signatories when the contract is signed.
Correcting anomalies
All details concerning the correction of anomalies can be found in our general terms and conditions of sale. Specific conditions may apply depending on the contracts signed.
For further information, please consult our general terms and conditions of sale on our website: https://fr.smart-tribune.com/cgv/
