Thesmios

Public trust

Trust evidence buyers can inspect before procurement.

A regtech product has to make its own controls inspectable. This page links security, privacy, certification readiness, wallet conformance, bug bounty and subprocessor evidence in one place.

Trust programme

live

Security overview

Public posture covering encryption, access, audit, residency and vulnerability reporting.

Open evidence
readiness

ISO 27001 and 27701 evidence

ISMS and PIMS evidence rooms are mapped; external audit is required before any certificate claim.

Open evidence
readiness

SOC 2 Type II evidence

Trust Services Criteria are mapped for observation; no Type II report is claimed until auditor issuance.

Open evidence
readiness

EU Digital Identity Wallet conformance

EUDI Wallet-aligned issuer, presentation and status-list surfaces are available for interoperability testing.

Open evidence
live

Private bug-bounty programme

Responsible disclosure and private bounty scope are published with safe-harbour rules.

Open evidence
live

Subprocessor register

Core subprocessors are listed for procurement and privacy review.

Open evidence
live

Data Processing Addendum

Processor terms, Article 28 commitments, transfer mechanisms and technical measures are published for customer review.

Open evidence
readiness

Service levels and support

Support severity targets, availability posture, incident handling and order-form dependencies are documented for procurement.

Open evidence
live

Implementation runbook

Rollout phases, customer inputs, order-form checklist, launch gates and implementation timeline are published for buyer review.

Open evidence