Ducal Suite

A platform, not a software

Ducal Suite is a modular architecture where each building block works standalone and integrates with the others. Designed for practitioners, built for IT departments, made to last.

Request a demo →Explore modules

Philosophy

Six founding principles

Every technical decision is evaluated against these principles. If a choice compromises even one, it is rejected.

🇫🇷

Absolute sovereignty

Outscale hosting certified HDS and qualified SecNumCloud. No health data ever transits through foreign servers. 100% French production stack.

🔗

Native interoperability

FHIR R4 from the architecture up, not as an afterthought. Pro Santé Connect, ROR, DMP, MSSanté. Your data flows within the French health ecosystem.

🛡️

Compliance by design

HDS, GDPR, PGSSI-S are not checkboxes at the end of a project. They are embedded in the architecture from day one.

🤖

AI-accelerated development

Agentic AI lets us design and ship faster, without compromising on quality or security. The result: short cycles and frequent updates.

🤝

Co-built with practitioners

Healthcare professionals propose improvements, vote, and earn credits when their ideas ship. The product evolves with real-world needs.

💰

Transparent pricing

Pricing that reflects actual costs. The source code is fully auditable and transparent. No vendor lock-in.

Architecture

Four layers, one common foundation

Each module deploys independently or assembles with the others. The layered architecture ensures separation of concerns.

AdministrationConfiguration · Dashboard · Billing · Multi-organization

Business applicationsETP · DUI · Connect · Site · Forms

Functional modulesForms · Community · AI · Video · Messaging

Platform foundationIdentity (PSC) · Patient index · FHIR R4 · Encryption · Audit

Each building block works standalone AND integrates via the common foundation

Model

Two commercial models

Ducal Suite adapts to your size and constraints.

SaaS

Per-practitioner subscription

✓HDS compliance included — no paperwork on your end
✓All applications included, patients always free
✓Automatic updates and security patches
✓Credit card payment, no annual commitment

Ideal for independent practitioners, CPTS, health centers, small organizations

Enterprise

Service engagement

✓Isolated instance and database, dedicated audit trail
✓Service-based billing — compatible with public procurement
✓Enhanced compliance: SLA, BCP/DRP, audits on demand
✓Zero dependency on ducal.tech — your domain, your instance

For hospitals, hospital groups, social care facilities, regional health agencies

In both cases: same code, same security, same FHIR interoperability.

Security

Five control layers before production

Every code change automatically passes through five verification levels before a human authorizes deployment to HDS production.

Secret detection

Gitleaks blocks any password, API key or certificate accidentally committed. No secret ever reaches the repository.

Static analysis (SAST)

Semgrep scans code against 588 security rules (OWASP Top 10) + 5 custom HDS rules: SQL injection, JWT validation, PII logging.

Dependency audit

pip-audit, npm audit and Dependabot check every dependency daily against vulnerability databases (CVE, GHSA). Patches within 24h.

Automated tests

Over 700 unit and integration tests: RLS access control, encryption/decryption, FHIR AuditEvent audit trail, GDPR endpoints.

Human validation

No code reaches HDS production without explicit manual approval. Traced, timestamped, linked to the exact deployed commit.

0
production CVEs

0
secrets in history

700+
automated tests

50+
tables with RLS