Themis and GDPR, HIPAA, CCPA #
Themis can help you reach better compliance with the current data privacy regulations, such as
- GDPR (General Data Protection Regulation)
- HIPAA (Health Insurance Portability and Accountability Act)
- DPA (Data Protection Act)
- CCPA (California Consumer Privacy Act)
As a cryptographic services library for mobile and server platforms, Themis is a “state of the art” encryption tool which provides secure data exchange and storage.
Cryptography regulations #
The country in which you currently reside may have restrictions on import, possession, use, and/or re-export of encryption software to another country. BEFORE using any encryption software, please check your country’s laws, regulations, and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
See https://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified Themis as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of Themis distribution make it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
Submissions to the App Store or Google Play #
If you’re using Themis as your means of encryption within your iOS/macOS/Android app and intend to submit it to the Apple App Store or Google Play, your encryption falls under the “open source” exception.
Note: If your app is not open source or is not distributed free of charge, we strongly recommend that you seek professional legal advice.
Generally, you should indicate that you’re using encryption and submit annual self-classification reports. Read more about submitting applications using Themis.