// Trust & Security Report

    Juro logo

    Juro

    AI-native contract lifecycle management (CLM) platform enabling automated drafting, review, negotiation, and execution of contracts with integrated e-signature and AI-powered analytics.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Juro maintains a SOC 2 Type II attestation to provide comfort to its customers about the security safeguards Juro has in place. Each year, our security program and systems are inspected by independent assessors to measure our compliance against rigorous standards across five trust service principles.

    Verify on juro.com
    Cyber Essentials (IASME)
    HELD

    Juro maintains a Cyber Essentials certification from IASME to evidence its compliance with the security principle under the UK GDPR and EU GDPR.

    Verify on juro.com
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found. Juro commits to maintaining SOC 2 Type II and Cyber Essentials as primary security certifications in their DPA, with no mention of ISO 27001.

    source: juro.com
    HIPAA
    NOT CONFIRMED

    No public evidence or claim of HIPAA compliance. Juro is a contract management platform not positioned as a healthcare-focused solution.

    source: juro.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification mentioned in trust center or security documentation.

    source: juro.com
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification. Despite significant AI features (AI Assistant, AI Review, AI Extract), Juro does not advertise AI governance certifications.

    source: juro.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of Cloud Security Alliance STAR certification mentioned in trust center or security documentation.

    source: juro.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification mentioned. Juro is not marketed as a government-authorized cloud service.

    source: juro.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EEA (AWS Ireland for main data storage; processing in London and Riga; third-party AI processing via Microsoft Azure in EEA)

    Juro explicitly states: 'If you use our AI Assistant, we don't - and we don't allow our AI technology providers to - use your data to train any models, except for models that are used only by your business.' Customer contracts and metadata are not used for model training.

    // Security controls

    Encryption in transit

    HTTPS/TLS for all data in transit; Advanced Electronic Signature (AES) compliance for signed documents

    juro.com

    Encryption at rest

    Encrypted backups performed every 2 hours; AWS encryption standards applied

    juro.com

    Authentication & Access Control

    Multi-factor authentication (MFA); role-based access control (RBAC)

    juro.com

    Vulnerability Management

    Weekly static application security testing; daily dynamic testing; peer code review integrated into development lifecycle

    juro.com

    Incident Response

    Documented incident response plan with mandatory post-incident reviews; 24/7 security monitoring

    juro.com

    Secure Coding

    OWASP Secure Coding Practices Version 2.1 compliance; dedicated application security team

    juro.com

    Uptime & Availability

    99.9% platform uptime; microservices architecture with auto-scaling; Recovery Point Objective (RPO) 2 hours; Recovery Time Objective (RTO) 2 hours

    juro.com

    Personnel Security

    Pre-employment background checks; security training for employees; cyber insurance with market-leading underwriter

    juro.com

    Data Processing

    Data Processing Agreement (DPA) with mandatory GDPR Article 28(3) clauses; sub-processor assessments with Standard Contractual Clauses for international transfers

    juro.com

    // Products & data scope

    Juro Core CLMContract Lifecycle Management

    data: Contracts, metadata, user-generated content; stored in EEA (AWS Ireland, London, Riga)

    AI-native platform with drafting, review, negotiation, signature, and storage capabilities. Primary product family.

    AI AssistantAI / Generative AI

    data: Contract text and metadata for AI-powered review, extraction, and analysis

    Customer data not used for model training beyond business-specific fine-tuning. Microsoft Azure (EEA) for generative AI processing.

    OperatorAI / Search & Analytics

    data: Natural language queries over contract repository; no training on customer data

    Natural language interface for contract intelligence; no model training on customer queries.

    Advanced Electronic SignatureeSignature / Compliance

    data: Signed contracts and signature metadata

    Designed to comply with AES regulations under eIDAS and similar frameworks across 85+ countries.

    // At a glance

    Pricing model

    Subscription-based SaaS; multiple tiers including Enterprise with custom pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Juro's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    juro.com

    > Browse all vendor trust reports