Privacy Policy
Last updated: February 1, 2026
Introduction
Themis System is committed to protecting the privacy of visitors to its website. This privacy policy explains how we collect, use, and protect your personal data when you visit our marketing website (hereinafter "the Site"). This policy applies only to the Themis System showcase website and not to the Themis application accessible after authentication, which is subject to a separate privacy policy.
Data Controller
The data controller for personal data collected on this Site is:
Themis System SASSAS (Simplified Joint Stock Company)
SIREN: 100 074 285
88 Boulevard des Belges, 69006 Lyon, France
Email : privacy@themis-system.com
Data Collected
On this Site, we only collect personal data that you voluntarily provide through our forms:
Contact form
Name, email address, firm name, message
Demo request form
Name, email address, firm name, firm size, message (optional)
Newsletter subscription form
Email address
Technical data
Our servers may record basic technical information (IP address, browser type, pages visited) in server logs for security and maintenance purposes. This data is stored anonymously and is not used for profiling purposes.
Cookies and Trackers
This Site uses different categories of cookies. You can manage your preferences at any time via the "Cookies" link at the bottom of the page.
Strictly necessary cookies
These cookies are essential for the Site to function (language preference, display theme, consent choice). In accordance with CNIL recommendations, they do not require your consent.
Analytics cookies
We use Google Analytics, deployed via Google Tag Manager, to measure the Site's audience and understand how visitors use it. These cookies are only placed after your explicit consent.
Marketing cookies
We use Google Ads, deployed via Google Tag Manager, for conversion tracking and remarketing. These cookies measure the effectiveness of our advertising campaigns and display relevant ads across the Google network. They are only activated with your explicit consent.
Your consent choice is retained for a maximum of 13 months, in accordance with CNIL recommendations. You can change your preferences at any time.
Cookie details
| Name | Provider | Purpose | Duration | Category |
|---|---|---|---|---|
| themis_consent | Themis System | Stores your cookie consent preferences | 13 months | Necessary |
| NEXT_LOCALE | Themis System | Stores your language preference | Session | Necessary |
| _ga / _ga_* | Google Analytics | Unique identifier for visit statistics | 2 years | Analytics |
| _gid | Google Analytics | Unique identifier for session statistics | 24 hours | Analytics |
| _gcl_au | Google Ads | Advertising conversion tracking | 90 days | Marketing |
| _gac_* | Google Ads | Advertising campaign attribution | 90 days | Marketing |
Purposes and Legal Bases of Processing
In accordance with Article 6 of the GDPR, each processing of personal data relies on a legal basis. Below are the details of the purposes and their respective legal bases:
- Responding to your contact and information requests — Legal basis: performance of pre-contractual measures (Art. 6.1.b GDPR)
- Processing your Themis software demonstration requests — Legal basis: performance of pre-contractual measures (Art. 6.1.b GDPR)
- Following up on your request — Legal basis: legitimate interest of Themis System in conducting commercial follow-up with prospects (Art. 6.1.f GDPR)
- Sending you our newsletter with news about AI applied to law and Themis product updates — Legal basis: consent (Art. 6.1.a GDPR)
- Ensuring the security and proper functioning of the Site — Legal basis: legitimate interest of Themis System in protecting its infrastructure (Art. 6.1.f GDPR)
- Measuring the Site's audience and improving our services — Legal basis: consent (Art. 6.1.a GDPR)
When processing is based on legitimate interest (Art. 6.1.f), our interests are: commercial follow-up of received requests and securing our infrastructure. You may exercise your right to object at any time (see "Your Rights" section below).
Data Retention
Your personal data is retained for the following periods:
- Contact form data: 3 years from the last exchange
- Demo requests: 3 years from the request date
- Server logs: 12 months maximum
- Newsletter data: retained until you unsubscribe, then deleted within 30 days
After these periods, your data is deleted or irreversibly anonymized.
Data Recipients
Your personal data is intended exclusively for authorized members of the Themis System team in the course of their duties. We do not sell, rent, or share your personal data with third parties for commercial or advertising purposes.
We use the following technical subcontractors, who process your data only according to our instructions and in compliance with GDPR:
- Cloudflare, Inc. — Website hosting and CDN (Content Delivery Network). Data processed: technical connection data. Location: global network with primary processing in Europe (standard contractual clauses in place).
- Resend, Inc. — Transactional email and newsletter sending. Data processed: email address, name. Location: United States (standard contractual clauses in place).
- Google LLC (Google Analytics) — Website audience measurement (only after consent). Data processed: anonymized browsing data. Location: United States (standard contractual clauses in place).
- Google LLC (Google Ads) — Conversion tracking and advertising remarketing (only after consent). Data processed: browsing data, advertising identifiers. Location: United States (standard contractual clauses in place).
- Cloudflare, Inc. (Turnstile) — Anti-spam protection for forms. Data processed: technical connection data (IP address, browser fingerprint). No cookies placed. Location: global network with primary processing in Europe (standard contractual clauses in place).
- Amazon Web Services EMEA SARL — Database hosting. Data processed: form data. Location: Europe (AWS eu-central-1 region, Frankfurt).
Data Transfers
Your personal data is hosted in Europe, in certified and secure data centers. We do not transfer your data to countries outside the European Economic Area without appropriate safeguards in compliance with GDPR.
Your Rights
In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain confirmation that your data is being processed and receive a copy
- Right to rectification (Art. 16): have your inaccurate or incomplete data corrected
- Right to erasure (Art. 17): request the deletion of your data ("right to be forgotten")
- Right to restriction (Art. 18): request the restriction of processing of your data
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to object (Art. 21): object to the processing of your data, particularly when it is based on legitimate interest
- Right to withdraw consent (Art. 7.3): when processing is based on your consent (newsletter, analytics and marketing cookies), you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
How to Exercise Your Rights
To exercise any of your rights or for any questions regarding the protection of your personal data, you can contact us:
- By email: privacy@themis-system.com
- By mail: Themis System, 88 Boulevard des Belges, 69006 Lyon, France
We commit to responding to your request within a maximum of 30 days from receipt. Proof of identity may be requested to verify your identity.
You also have the right to lodge a complaint with the CNIL (French Data Protection Authority) if you believe that the processing of your data does not comply with applicable regulations. www.cnil.fr
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction. These measures include:
- Use of the HTTPS protocol to secure data exchanges
- Encryption of sensitive data
- Restricting data access to authorized personnel only
- Regular updates to our security systems
Obligation to Provide Data
Providing your personal data through our forms (contact, demonstration) is necessary for us to process your request. Required fields are indicated in the forms. If you do not provide this data, we will be unable to respond to your request. Newsletter subscription is entirely optional and is based on your freely given consent.
Automated Decision-Making and Profiling
Themis System does not carry out any automated decision-making or profiling within the meaning of Article 22 of the GDPR based on data collected through this Site.
Policy Updates
We reserve the right to modify this privacy policy at any time. In case of substantial changes, we will update the "last updated" date at the top of this page. We encourage you to regularly review this page to stay informed about our data protection practices.