Technical solution and security

Protection of your data

The management of personal information is strictly respected according to the European directives of the GDPR. Treebal does not rent or sell its users' data, and does not have a data-driven business model unlike other similar solutions.

For its professional version, no data is requested from the user by Treebal Pro who does not need a phone number.

For its consumer version, Treebal uses a single data, the telephone number, to connect users with each other and only on their request. The user can enter their first name, last name and a photo to customize the user interface. Treebal does not display your number in your newsgroups, so you may be invited to a group to chat with someone without having their number.

Digital autonomy at the heart of Treebal’s mission

The European Union has stated its intention to regulate the sector. For now, compared to Signal, WhatsApp and Telegram, Treebal is the only messaging solution developed in Europe that is environmentally responsible and secure for the general public and companies and communities, implementing open and decentralized standards such as Matrix. Treebal is already engaged with the ANSSI to obtain the CSPN (First Level Security Certification).

Our solution is hosted within the EU in Brussels on a Google Cloud Platform HDS infrastructure. To quickly bring a European alternative to the market, Treebal relied on this technology, in order to focus on uses that meet the CSR expectations of companies and citizens.

The Google Cloud Platform IaaS infrastructure is essential for high availability global performance that meets our quality and security requirements. Treebal is datacenter agnostic and has been designed to be decentralized in order to minimize its environmental impact and increase the platform’s resilience. Our ambition is to implement our most efficient infrastructure, as close as possible to users and federate multiple bodies in Europe and the world, in order to contribute to our strategic autonomy with European industrial partners, while further improving our LCA.

Treebal also offers its business customers hybrid hosting on the infrastructure of their choice.

Backed by end-to-end encryption and strong authentication, Treebal is a highly secure Zero Trust trusted platform. Treebal’s R&D team, in collaboration with French hosting companies, is experimenting with safe and eco-responsible European alternatives that will meet all our requirements.

A secure architecture by design

In terms of solution architecture, Treebal integrates security by design from the conception of the solution, as well as digital sobriety and eco-friendly UX design to ensure a rigorous and scalable engineering approach. R&D experts are familiar with secure, waterproof distributed architectures based on Kubernetes, Docker and Keycloak. Keycloak is the open source authentication repository used. It allows for a unique authentication method by identity and access. Keycloak is recognized in the international technical community, Red Hat uses it upstream of its HR-SSO solution.

In addition, the architecture of the Treebal solution is decentralized to further increase its security level (for example, Signal is centralized). This decentralization requirement has been justified since the design of Treebal for security reasons and also to reduce the environmental impact, delivering message content as close as possible to users and thus minimizing network flows.

A trusted solution

ANSSI has authorized Treebal’s use of the cryptologymethod for managing messages exchanged between users:Matrix.org, proven and recognized by the cyber community. Treebal is not aware of the encrypted messages and has no way to decipher them. The solution implements strong E2EE encryption (ou End-to-end encryption) and is based on the algorithm Double Ratchet Algorithm. Double Ratchet Algorithm is an algorithm originally broadcast by Signal, , which was later extended to support encryption of chats containing several thousand devices. The mathematical algorithm is explained here.

Matrix.org is an open source, non-profit project that sets new pragmatic standards to create an open and decentralized IP/VoIP messaging ecosystem for the Internet. When comparing Signal vs Matrix, the technical community mostly recommends Matrix for its open standard defining simple HTTP APIs to easily develop its own clients, chatbots, bridges or servers. You are not locked in a specific set of imposed implementations, like other market-dominant solutions that try to monopolize data.

A solution tested in Bug Bounty

We are accompanied by third party partners to audit our solution, both on the digital sobriety and on the level of security of Treebal. Our solution has been tested, and continues to be continuously tested by external cyber security experts of the company YesWeHack by a bug bounty program. We have benefited through the private Bug Bounty of the best experts to test our solution, to guarantee in full transparency the security of our solution. By opening the Bug Bounty program to the public, we want to further expand the community of experts who can participate in the security of the solution over time.

Treebal Community

The technical culture of the Treebal team is ethical and environmental values, for open source and capitalization of digital ecosystems. Our ambition is to eventually open up the entire solution in open source. Contributing through a bug Bounty to the cyber community became obvious. « By listening to the advice of Clément DOMINGO, a professional hacker, a few years ago I was convinced by this type of approach. », indicates Samuel Le Port. Clément, alias SaxX (contact@saxx.fr), is especially today a « bug Bounty hunter », who participates in cyber security competitions around the world and has been able to compete against the best hackers in their field.