Privacy Policy.

Who we are

Thesmios Ltd is the controller for this website and for Thesmios services where it decides why and how personal data is processed. Company number and registered office will be published once Companies House records are confirmed.

Contact for privacy queries

Contact privacy@thesmios.com for privacy questions, rights requests, or data protection concerns.

What data we collect

We may collect contact details, account details, scan inputs and results, credentials or profile data you provide, payment and billing status, device and technical logs, and communications with us.

Lawful bases

Consent applies to optional analytics and voluntary profile actions. Contract applies where data is needed to provide paid services. Legitimate interests may apply to business communications, fraud prevention, security logging, and product improvement where those interests are not overridden by individual rights.

Recipients and subprocessors

We use subprocessors for hosting, email, analytics, and AI processing where required. The current list is maintained on the subprocessors page.

See Subprocessors.

International transfers

Some subprocessors are based outside the UK. Where personal data is transferred internationally, Thesmios relies on adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another lawful transfer mechanism.

Your rights

You have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where consent is the lawful basis. You can also complain to the Information Commissioner.

ICO contact details

The Information Commissioner's Office can be contacted at ico.org.uk or Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes to this policy

This policy was last updated on 26 April 2026. Material changes will be published on this page.