We take the security and privacy of institutional data seriously. Themis is built on a secure-by-design foundation, hosted on enterprise-grade cloud infrastructure, and operated with practices aligned to recognised industry standards.
Hosting & Infrastructure
Themis is hosted on Microsoft Azure, using EU data centres. All institutional data is stored and processed within the European Union. The platform runs on hardened infrastructure with continuous monitoring, automated patching, and built-in redundancy.
Data Protection & GDPR
Themis is fully GDPR compliant. We offer a Data Processing Agreement (DPA) to all clients as standard. Our approach includes data minimisation, documented processes for data subject rights, defined retention and deletion schedules, and an incident response plan aligned to GDPR requirements.
Security Practices
All data is encrypted in transit and at rest. Access to production systems follows the principle of least privilege with role-based access controls and multi-factor authentication for privileged accounts. Themis is developed using a secure software development lifecycle with enforced code review, build validation, and separation of duties between development and production environments. Our security practices are aligned to key ISO 27001 control domains.
Authentication & SSO
Themis supports Single Sign-On via Azure AD (Microsoft Entra ID). Additional SSO methods can be configured to meet institutional requirements.
API & Integrations
Themis provides a comprehensive REST API, fully documented via Swagger, enabling integration with institutional systems for data import, export, and synchronisation. Current production integrations include Azure AD for authentication, and GlobalPayments and Stripe for payment processing.
Have questions about security, compliance, or integration? We’re happy to discuss your specific requirements in detail, including SLAs, disaster recovery, and support arrangements. [Contact Us]
