Vulnerability management
Keeping the platform secure.
✓Weekly scanning — Automated vulnerability scanning across all production systems every week
✓Critical patches — Applied within 7 days of discovery
✓Annual penetration test — By an independent third-party security firm. Findings tracked to closure.
✓Dependency scanning — All third-party code dependencies scanned for known vulnerabilities in the CI/CD pipeline on every build
✓Code review — All code changes require peer review before merging to production
✓Secrets management — API keys and credentials managed via secure environment variable injection — never committed to source code
Report a security issue
Responsible disclosure.
If you discover a security vulnerability or believe you have seen suspicious activity in your ThemisIQ account, please contact us immediately. We take all security reports seriously and will respond within 24 hours.
Security team — ThemisIQ Compliance Inc.
Response time: 24 hours for all security reports
We do not pursue legal action against researchers acting in good faith.
Enterprise security reviews
Penetration test reports, SOC 2 bridge letters, and full security questionnaire responses are available on request for enterprise customers conducting security due diligence.