// Trust & Security Report

    Diligen Inc. logo

    Diligen Inc.

    AI-powered contract analysis platform using machine learning and NLP to automate contract review, clause identification, and metadata extraction for law firms, legal service providers, and corporations

    Certifications held

    0

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 5 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence found on vendor domain. While third-party aggregators mention SOC 2 Type II, no dedicated security documentation or trust center on diligen.com confirms this.

    source: diligen.com
    ISO 27001
    NOT CONFIRMED

    No public evidence found on vendor domain. No mention on diligen.com or security pages.

    source: diligen.com
    HIPAA
    NOT CONFIRMED

    No public evidence found on vendor domain. No mention in privacy policy or security documentation.

    source: diligen.com
    GDPR Compliance
    NOT CONFIRMED

    Diligen mentions helping customers analyze contracts for GDPR compliance, but does not publicly claim GDPR compliance for their own operations. Privacy policy states data is processed in US and other countries, with no explicit GDPR compliance statement.

    source: diligen.com
    PCI DSS
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: diligen.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    US and other countries (unspecified); privacy policy states data is processed in US and other countries without explicit data residency guarantees

    Privacy policy allows system training on customer contracts and clause data as part of the product functionality. Policy states user feedback is incorporated to refine model accuracy. No explicit statement about whether this training data is used to improve the general model or kept isolated per customer. No clear opt-out mechanism documented.

    // Security controls

    Encryption in Transit

    Privacy policy states reasonable measures to protect data but does not specify encryption protocols

    diligen.com

    Encryption at Rest

    Privacy policy claims encrypted storage of content

    diligen.com

    Data Center Security

    Infrastructure hosted on AWS; servers in controlled environments with limited access per privacy policy

    diligen.com

    Third-Party Vendors

    AWS (hosting), Stripe (payments), Google (reCAPTCHA), Sentry (error monitoring); all data processors noted in privacy policy

    diligen.com

    // Products & data scope

    Diligen Contract Analysis PlatformContract Review & Due Diligence

    data: User-uploaded contracts, extracted metadata, clause identifications, user-generated summaries and annotations

    Core product for law firms, legal service providers, and corporate legal teams. Supports M&A due diligence, lease review, finance agreements, privacy/NDA review, oil & gas contracts, and audit/compliance use cases. Pre-trained models for hundreds of clause types; allows custom model training on customer data.

    // What to watch

    • NO PUBLIC TRUST CENTER: Diligen does not maintain a dedicated trust center or security certifications page on their domain
    • UNVERIFIED CERTIFICATION CLAIMS: Third-party vendor databases mention SOC 2 Type II and ISO 27001, but no evidence found on diligen.com to verify these claims
    • GDPR POSITIONING: Diligen positions itself as helping with GDPR compliance for customers but does not publicly claim GDPR compliance for its own service
    • DATA RETENTION AMBIGUITY: Privacy policy is vague on data retention specifics—states retention 'as long as account is active or as needed' but does not define specific retention periods
    • AI TRAINING TRANSPARENCY GAP: Policy allows system training on customer contract data but does not clearly explain whether this training data improves only customer-specific models or the general platform model
    • NO DATA RESIDENCY OPTIONS: Despite servicing global clients, no public documentation of data residency choices (US, EU, Canada, Australia); privacy policy only mentions US and unspecified other countries
    • THIRD-PARTY RISK: Uses Google reCAPTCHA for bot detection, which involves data sharing with Google for visitor behavior analysis

    // At a glance

    Pricing model

    Subscription-based (demo required to see pricing details not publicly listed)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Diligen Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    diligen.com

    > Browse all vendor trust reports