// Trust & Security Report

    Sirion Labs Inc. (acquired Eigen Technologies, June 2024) logo

    Sirion Labs Inc. (acquired Eigen Technologies, June 2024)

    AI-native contract lifecycle management (CLM) platform with intelligent document processing (IDP) and document AI capabilities. Integrates contract intelligence with document extraction from contracts, invoices, purchase orders, and business documents.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Sirion is ISO 27001:2022 certified, reflecting its dedication to protecting customer data through a robust security framework.

    Verify on sirion.ai
    SOC 2 Type II
    HELD

    Sirion has implemented internal controls based on the Trust Services Criteria for security, availability, and confidentiality under SOC 2 Type II, which ensures that customer data is continuously protected through rigorous auditing and monitoring procedures.

    Verify on sirion.ai
    GDPR
    HELD

    Sirion complies with the General Data Protection Regulation (GDPR) for both the EU and the UK, with EU Standard Contractual Clauses (SCCs) applied for cross-border data transfers, and notification of Security Incidents within 48-72 hours per Article 32 of GDPR.

    Verify on sirion.ai
    > Show 5 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Sirion provides comprehensive resources and tools for HIPAA-compliant contract management and BAA generation, but no public evidence of Sirion itself being a HIPAA Business Associate or holding a formal BAA certification as a service provider. Sirion offers healthcare contract management with HIPAA compliance intelligence but self-describes as providing compliance tools rather than being a covered entity or BAA vendor.

    source: sirion.ai
    PCI DSS
    NOT CONFIRMED

    Sirion is listed as supporting PCI DSS compliance frameworks in its CLM platform for contract management, but no public evidence of PCI DSS certification. PCI DSS is relevant for payment processing vendors; Sirion's role is to help organizations manage PCI DSS compliance, not process payment cards.

    source: sirion.ai
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence found of Sirion holding ISO/IEC 42001 certification. This is a relatively new standard (published late 2023) and Sirion has not announced compliance.

    source: sirion.ai
    CSA STAR AI
    NOT CONFIRMED

    No public evidence found of Sirion holding CSA STAR AI certification. This certification program was officially launched in October 2025.

    source: cloudsecurityalliance.org
    FedRAMP
    NOT CONFIRMED

    No public evidence found of Sirion holding FedRAMP certification. Sirion is not listed in the FedRAMP Marketplace.

    source: marketplace.fedramp.gov

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region with data residency options available to meet GDPR, CPRA, and other regional regulations. Specific deployment regions not publicly detailed; customers can request regional deployment (EU, US, etc.). Platform deployed on AWS, Azure, Oracle, and IBM cloud infrastructure.

    Sirion explicitly does NOT use customer data for AI model training. The company trains its AI engines using enterprise contracts from public sources and customer-consented data, maintaining strict separation between training data and individual customer data in production systems. All customer data is stored in customer-specific application instances.

    // Security controls

    Encryption in Transit

    AES 256-bit encryption for data in transit

    sirion.ai

    Encryption at Rest

    AES 256-bit encryption for data at rest

    sirion.ai

    Access Controls

    Role-based access controls (RBAC), strong access control policies, SSO and SCIM integrations for identity management

    sirion.ai

    Audit Logging

    Real-time immutable audit logs with time-stamped records of all user actions and system changes, supporting traceability and compliance

    sirion.ai

    Incident Response

    Security Incident notification within 48-72 hours per GDPR requirements

    sirion.ai

    Data Subject Rights

    Supports GDPR rights: right to access, rectification, erasure, data portability

    sirion.ai

    Cloud Infrastructure

    Deployed on trusted cloud providers: AWS, Azure, Oracle, IBM. Infrastructure meets global security, privacy, and regulatory requirements.

    sirion.ai

    // Products & data scope

    Sirion CLM (Contract Lifecycle Management)Enterprise Software / Contract Management

    data: Customer contract documents, metadata, and organizational contract data. Does not process payment card data (PCI DSS scope does not apply).

    AI-native platform with intelligent contract extraction, risk detection, clause recommendation, and automated obligation tracking. Integrated with Eigen's document AI capabilities post-acquisition.

    Sirion Document AI / IDP (Intelligent Document Processing)AI / Document Intelligence

    data: Business documents (contracts, invoices, purchase orders, engineering reports, etc.). Scans and extracts structured data from unstructured documents.

    Core capability from Eigen Technologies acquisition. Used by Goldman Sachs, ING, Bank of America, Deloitte. Processes sensitive financial and legal documents.

    // What to watch

    • Identity verified: Eigen Technologies was acquired by Sirion Labs Inc. in June 2024. The product is now sold under Sirion brand. Eigentech.com domain currently returns HTTP 403 Forbidden (access restricted). Assessment based on parent company Sirion's published compliance posture.
    • HIPAA status unclear: Sirion provides HIPAA-compliant contract management tools and healthcare solutions, but no public evidence that Sirion itself is a HIPAA Business Associate with a formal BAA as a service provider. The company helps healthcare organizations manage BAAs but may not be signed as a BAA vendor itself. Healthcare customers should confirm BAA availability directly.
    • Over-claim risk: Sirion's marketing materials describe 'HIPAA-compliant' platform features, but this refers to the platform's ability to support HIPAA compliance workflows, not necessarily that Sirion is itself a covered entity or BAA vendor.
    • FedRAMP not found: No evidence of FedRAMP certification. Sirion does not appear on the FedRAMP Marketplace. Not applicable for state/local government use requiring FedRAMP.
    • AI governance certs absent: No public evidence of ISO/IEC 42001 or CSA STAR AI certifications. These are newer standards; adoption may be limited.
    • Data residency details scarce: Sirion supports data residency options for GDPR/CPRA compliance but does not publicly detail specific regions (e.g., EU-only, US-only). Customers must inquire for specific residency commitments.
    • No customer data for AI training: Positively confirms no use of customer contract data to train underlying AI models—strong privacy posture. Training occurs on enterprise contracts from public/consented sources separately.
    • Acquisition context: Eigen's original domain is no longer active. Current product roadmap and compliance commitments now governed by Sirion. Verify ongoing support for Eigen-branded product features.

    // At a glance

    Pricing model

    SaaS subscription model; pricing varies by deployment size, contract volume, and feature tier. No public pricing published.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Sirion Labs Inc. (acquired Eigen Technologies, June 2024)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    sirion.ai

    > Browse all vendor trust reports