// Trust & Security Report
Sirion Labs Inc. (acquired Eigen Technologies, June 2024)
AI-native contract lifecycle management (CLM) platform with intelligent document processing (IDP) and document AI capabilities. Integrates contract intelligence with document extraction from contracts, invoices, purchase orders, and business documents.
Certifications held
3
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on sirion.ai“Sirion is ISO 27001:2022 certified, reflecting its dedication to protecting customer data through a robust security framework.”
Verify on sirion.ai“Sirion has implemented internal controls based on the Trust Services Criteria for security, availability, and confidentiality under SOC 2 Type II, which ensures that customer data is continuously protected through rigorous auditing and monitoring procedures.”
Verify on sirion.ai“Sirion complies with the General Data Protection Regulation (GDPR) for both the EU and the UK, with EU Standard Contractual Clauses (SCCs) applied for cross-border data transfers, and notification of Security Incidents within 48-72 hours per Article 32 of GDPR.”
> Show 5 unconfirmed / not-held certifications
source: sirion.aiSirion provides comprehensive resources and tools for HIPAA-compliant contract management and BAA generation, but no public evidence of Sirion itself being a HIPAA Business Associate or holding a formal BAA certification as a service provider. Sirion offers healthcare contract management with HIPAA compliance intelligence but self-describes as providing compliance tools rather than being a covered entity or BAA vendor.
source: sirion.aiSirion is listed as supporting PCI DSS compliance frameworks in its CLM platform for contract management, but no public evidence of PCI DSS certification. PCI DSS is relevant for payment processing vendors; Sirion's role is to help organizations manage PCI DSS compliance, not process payment cards.
source: sirion.aiNo public evidence found of Sirion holding ISO/IEC 42001 certification. This is a relatively new standard (published late 2023) and Sirion has not announced compliance.
source: cloudsecurityalliance.orgNo public evidence found of Sirion holding CSA STAR AI certification. This certification program was officially launched in October 2025.
source: marketplace.fedramp.govNo public evidence found of Sirion holding FedRAMP certification. Sirion is not listed in the FedRAMP Marketplace.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region with data residency options available to meet GDPR, CPRA, and other regional regulations. Specific deployment regions not publicly detailed; customers can request regional deployment (EU, US, etc.). Platform deployed on AWS, Azure, Oracle, and IBM cloud infrastructure.
Sirion explicitly does NOT use customer data for AI model training. The company trains its AI engines using enterprise contracts from public sources and customer-consented data, maintaining strict separation between training data and individual customer data in production systems. All customer data is stored in customer-specific application instances.
// Security controls
Access Controls
Role-based access controls (RBAC), strong access control policies, SSO and SCIM integrations for identity management
sirion.aiAudit Logging
Real-time immutable audit logs with time-stamped records of all user actions and system changes, supporting traceability and compliance
sirion.aiData Subject Rights
Supports GDPR rights: right to access, rectification, erasure, data portability
sirion.aiCloud Infrastructure
Deployed on trusted cloud providers: AWS, Azure, Oracle, IBM. Infrastructure meets global security, privacy, and regulatory requirements.
sirion.ai// Products & data scope
data: Customer contract documents, metadata, and organizational contract data. Does not process payment card data (PCI DSS scope does not apply).
AI-native platform with intelligent contract extraction, risk detection, clause recommendation, and automated obligation tracking. Integrated with Eigen's document AI capabilities post-acquisition.
data: Business documents (contracts, invoices, purchase orders, engineering reports, etc.). Scans and extracts structured data from unstructured documents.
Core capability from Eigen Technologies acquisition. Used by Goldman Sachs, ING, Bank of America, Deloitte. Processes sensitive financial and legal documents.
// What to watch
- Identity verified: Eigen Technologies was acquired by Sirion Labs Inc. in June 2024. The product is now sold under Sirion brand. Eigentech.com domain currently returns HTTP 403 Forbidden (access restricted). Assessment based on parent company Sirion's published compliance posture.
- HIPAA status unclear: Sirion provides HIPAA-compliant contract management tools and healthcare solutions, but no public evidence that Sirion itself is a HIPAA Business Associate with a formal BAA as a service provider. The company helps healthcare organizations manage BAAs but may not be signed as a BAA vendor itself. Healthcare customers should confirm BAA availability directly.
- Over-claim risk: Sirion's marketing materials describe 'HIPAA-compliant' platform features, but this refers to the platform's ability to support HIPAA compliance workflows, not necessarily that Sirion is itself a covered entity or BAA vendor.
- FedRAMP not found: No evidence of FedRAMP certification. Sirion does not appear on the FedRAMP Marketplace. Not applicable for state/local government use requiring FedRAMP.
- AI governance certs absent: No public evidence of ISO/IEC 42001 or CSA STAR AI certifications. These are newer standards; adoption may be limited.
- Data residency details scarce: Sirion supports data residency options for GDPR/CPRA compliance but does not publicly detail specific regions (e.g., EU-only, US-only). Customers must inquire for specific residency commitments.
- No customer data for AI training: Positively confirms no use of customer contract data to train underlying AI models—strong privacy posture. Training occurs on enterprise contracts from public/consented sources separately.
- Acquisition context: Eigen's original domain is no longer active. Current product roadmap and compliance commitments now governed by Sirion. Verify ongoing support for Eigen-branded product features.
// At a glance
Pricing model
SaaS subscription model; pricing varies by deployment size, contract volume, and feature tier. No public pricing published.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Sirion Labs Inc. (acquired Eigen Technologies, June 2024)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
sirion.ai