Thematic Security Policies

Ensuring the safety and privacy of your data is a core part of our everyday processes. Thematic has SOC2 Type II Certification and our policies align with the requirements for data security, confidentiality, and availability under this standard. 

We take regular data backups and test recovery, run penetration testing, encrypt all data at rest, conduct static code analysis and third-party vulnerability scanning. We sanitize our logs, secure individual customers at the database level, and many other cloud security techniques. 

This page holds some of Thematic's key policies surrounding the security and availability of our service.

SOC 2 Type II Compliance

This page describes how Thematic has demonstrated that we have the appropriate controls in place to mitigate the risks related to security, availability, and confidentiality. 

Penetration testing

As part of our SOC 2 Type II compliance, Thematic completes third-party external penetration tests to independently assess the security, vulnerability, integrity, and availability of the Thematic web application.

Change Management

This document describes how Thematic handles changes to our system including how we assess the risk posed by a change and how we track that change through our Quality Assurance.


Incident Management

This document describes how Thematic assesses and reacts to potential security and availability incidents.


Data classification

This document describes how Thematic determines the data classification of data within our systems, both for customer data and internal data.


Customer Data Storage

This document describes how Thematic will store customer data