// Trust & Security Report
Juro
AI-native contract lifecycle management (CLM) platform enabling automated drafting, review, negotiation, and execution of contracts with integrated e-signature and AI-powered analytics.
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on juro.com“Juro maintains a SOC 2 Type II attestation to provide comfort to its customers about the security safeguards Juro has in place. Each year, our security program and systems are inspected by independent assessors to measure our compliance against rigorous standards across five trust service principles.”
Verify on juro.com“Juro maintains a Cyber Essentials certification from IASME to evidence its compliance with the security principle under the UK GDPR and EU GDPR.”
> Show 6 unconfirmed / not-held certifications
source: juro.comNo public evidence of ISO 27001 certification found. Juro commits to maintaining SOC 2 Type II and Cyber Essentials as primary security certifications in their DPA, with no mention of ISO 27001.
source: juro.comNo public evidence or claim of HIPAA compliance. Juro is a contract management platform not positioned as a healthcare-focused solution.
source: juro.comNo public evidence of PCI DSS certification mentioned in trust center or security documentation.
source: juro.comNo public evidence of ISO/IEC 42001 certification. Despite significant AI features (AI Assistant, AI Review, AI Extract), Juro does not advertise AI governance certifications.
source: juro.comNo public evidence of Cloud Security Alliance STAR certification mentioned in trust center or security documentation.
source: juro.comNo public evidence of FedRAMP certification mentioned. Juro is not marketed as a government-authorized cloud service.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
EEA (AWS Ireland for main data storage; processing in London and Riga; third-party AI processing via Microsoft Azure in EEA)
Juro explicitly states: 'If you use our AI Assistant, we don't - and we don't allow our AI technology providers to - use your data to train any models, except for models that are used only by your business.' Customer contracts and metadata are not used for model training.
// Security controls
Encryption in transit
HTTPS/TLS for all data in transit; Advanced Electronic Signature (AES) compliance for signed documents
juro.comEncryption at rest
Encrypted backups performed every 2 hours; AWS encryption standards applied
juro.comAuthentication & Access Control
Multi-factor authentication (MFA); role-based access control (RBAC)
juro.comVulnerability Management
Weekly static application security testing; daily dynamic testing; peer code review integrated into development lifecycle
juro.comIncident Response
Documented incident response plan with mandatory post-incident reviews; 24/7 security monitoring
juro.comSecure Coding
OWASP Secure Coding Practices Version 2.1 compliance; dedicated application security team
juro.comUptime & Availability
99.9% platform uptime; microservices architecture with auto-scaling; Recovery Point Objective (RPO) 2 hours; Recovery Time Objective (RTO) 2 hours
juro.comPersonnel Security
Pre-employment background checks; security training for employees; cyber insurance with market-leading underwriter
juro.comData Processing
Data Processing Agreement (DPA) with mandatory GDPR Article 28(3) clauses; sub-processor assessments with Standard Contractual Clauses for international transfers
juro.com// Products & data scope
data: Contracts, metadata, user-generated content; stored in EEA (AWS Ireland, London, Riga)
AI-native platform with drafting, review, negotiation, signature, and storage capabilities. Primary product family.
data: Contract text and metadata for AI-powered review, extraction, and analysis
Customer data not used for model training beyond business-specific fine-tuning. Microsoft Azure (EEA) for generative AI processing.
data: Natural language queries over contract repository; no training on customer data
Natural language interface for contract intelligence; no model training on customer queries.
data: Signed contracts and signature metadata
Designed to comply with AES regulations under eIDAS and similar frameworks across 85+ countries.
// At a glance
Pricing model
Subscription-based SaaS; multiple tiers including Enterprise with custom pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Juro's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
juro.com