Zero training
No customer data ever trains an AI model — neither ours nor our providers'. This commitment is contractual.
Security & compliance
Every technical choice in Themis follows one simple rule: what enters your firm never leaves it. Here are our commitments — and what they mean in practice.
Our commitments
No vague promises: each commitment maps to a specific technical or contractual safeguard your teams can verify.
No customer data ever trains an AI model — neither ours nor our providers'. This commitment is contractual.
Models run in EU regions: the model provider retains neither your queries nor your documents.
Database, documents and AI processing are hosted and operated in the European Union, under the GDPR.
Your data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Built for it: contractually-bound GDPR processor, fine-grained role-based access control, access logging.
A short, documented chain of sub-processors — each covered by an impact assessment (DPIA).
Your data stays yours: full export of your cases, invoices and documents, at any time.
Sub-processor list, impact assessments (DPIA) and data processing agreement (DPA) available on request.
Request the DPACompliance posture
A factual, documented status for each area. Here is exactly where we stand.
Records of processing, per-processor impact assessments, DPA on request.
Our AI management system follows the ISO 42001 standard; we are preparing for this certification.
Structured formats and FEC export already built into Themis invoicing.
Sovereignty architecture
Data travels a short, encrypted and auditable path through Themis — from document upload to the assistant's answer.
Case files, documents and pleadings remain the firm's exclusive property.
origin · law firmEncrypted in transit and at rest, on ISO 27001-certified infrastructure.
TLS 1.3 · AES-256No copy is kept after processing by the model provider.
retention = 0 · training = offStorage, database and AI inference all stay in an EU region.
Only contracted enterprise infrastructure, in European regions — no transfer to services intended for the general public.
The model provider retains neither your queries nor your documents: retention is disabled contractually and technically.
Nothing that passes through Themis feeds the training of any model — neither ours nor a third party's.
Frequently asked questions
Straight answers, no jargon — the ones we give the firms that audit us.
DPA · security questionnaire · DPIA
Send us your security questionnaire, or request our DPA and sub-processor list — answered within 24 business hours.
DPA ON REQUEST · DOCUMENTED SUB-PROCESSOR LIST · REPLY WITHIN 24 BUSINESS HOURS