// Trust & Security Report
Litera Corp. (Kira Systems product line)
Kira is an AI-powered contract intelligence platform for legal teams, combining proprietary machine learning with optional generative AI to automate high-volume contract review and analysis. Includes Kira Smart Summaries, Smart Fields (configurable ML models), Concept Search, and Lito (AI Legal Agent).
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.litera.com“Litera holds ISO/IEC 27001:2022 certification for information security management systems, covering corporate office technical, administrative, and physical controls.”
Verify on litera.com“Litera holds SOC 2 Type II certification; cloud environment providers undergo annual SOC 2 Type II audits. Kira supports enterprise-grade security including SOC 2 Type II.”
Verify on litera.com“Kira and Litera are aligned to GDPR standards. Master Data Protection Addendum (DPA) available for Kira software on-premises and cloud deployments.”
Verify on litera.com“Kira/Litera support enterprise-grade security with NIS 2 alignment, meeting EU cybersecurity resilience requirements.”
Verify on litera.com“Kira and Litera Clean+ are aligned to DORA (Digital Operational Resilience Act), demonstrating compliance with EU digital resilience frameworks.”
> Show 8 unconfirmed / not-held certifications
source: trust.litera.comNo public evidence of HIPAA certification or compliance found in Litera trust center, product pages, or DPA documents.
source: litera.comNo public evidence of ISO 27017 certification. Litera references ISO 27001 for cloud providers but does not explicitly claim ISO 27017.
source: trust.litera.comNo public evidence of ISO 27018 certification found.
source: trust.litera.comNo public evidence of ISO 27701 certification found.
source: trust.litera.comNo public evidence of ISO 42001 AI governance certification found; Litera publishes AI Governance White Paper but does not claim ISO 42001 certification.
source: trust.litera.comNo public evidence of CSA STAR AI or security certification found.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multiple: US, Canada, Europe (EU/UK), Asia Pacific. Flexible data residency to meet sovereignty requirements.
Kira explicitly does NOT train on customer data. Marketing states: 'never using your data for training, while giving your organization the option to train your own models on your own data.' Kira offers project-level toggle to disable generative AI while maintaining proprietary ML features. SmartField Sharing includes differential privacy protection to prevent reverse engineering of trained models.
// Security controls
Encryption in Transit
TLS/SSL required. Security Addendum references implementation of appropriate technical and organizational measures; specific cipher suite details available upon request to customers.
litera.comEncryption at Rest
Customer data encrypted at rest; specific encryption algorithms referenced in Security Addendum Schedule 2.
litera.comData Residency
Customers can choose hosting region: US, Canada, Europe, or Asia Pacific; no mandatory cross-border transfer without customer consent.
litera.comAccess Controls
On-premises: Litera does not access customer documents; only minimal telemetry collected to verify product access. Cloud: Litera does not monitor or access customer documents. Full customer control over data dissemination and alteration.
litera.comDifferential Privacy
SmartField Sharing feature implements differential privacy algorithm to protect against reverse engineering of trained models when sharing custom ML fields.
litera.comAudit & Logging
ISO 27001 / SOC 2 Type II compliance indicates comprehensive audit logging and monitoring; third-party audit reports available to customers upon request.
litera.comIncident Response
DPA requires Litera to 'immediately inform the Customer if Processing infringes Data Protection Laws' and support regulatory notifications.
litera.com// Products & data scope
data: Contract documents, metadata, extraction results. No training on customer documents by Litera.
Cloud-hosted SaaS; supports GDPR/NIS2/DORA compliance; integrates with OpenAI for optional Generative AI features with project-level toggle.
data: All data stored and processed on customer's infrastructure; Litera minimal access.
Self-hosted option for maximum data control; same AI features as cloud version; telemetry only for product access verification.
data: Contract documents sent to OpenAI for summary generation (optional feature); can be disabled.
Optional generative AI feature; project-level toggle; can be disabled per customer requirements.
data: Custom ML models trained on customer data if customer opts in; default proprietary models trained on 1M+ legal contracts.
Proprietary models require no additional training. Optional feature to train custom models on customer's own data.
data: Integrated within Kira; handles routine legal tasks; governance-first AI with ability to opt-out.
Included with Kira subscription; optional; can be disabled per firm requirements.
// What to watch
- Identity: Kira Systems is now a product line of Litera Corp. (acquired/integrated). The evidence URL redirects from kirasystems.com to litera.com/products/kira. Assessment certifications apply to Litera as vendor entity.
- No HIPAA certification: While Kira is used by healthcare legal teams, Litera does not publicly claim HIPAA compliance. May support HIPAA use cases via GDPR/NIS2/DORA posture, but should not be marketed as HIPAA-certified.
- Generative AI toggle: Critical governance feature. Kira allows per-project disable of GenAI while maintaining proprietary ML extraction, addressing client confidentiality concerns.
- Subprocessors: Litera uses cloud infrastructure providers (AWS/Azure/GCP) with their own ISO 27001/SOC 2 certifications. Customer responsible for assessing sub-processor compliance.
- AI governance gaps: No ISO 42001 or CSA STAR AI certifications found. Litera publishes AI Governance White Paper but standard certifications not claimed.
- Cloud-only trust center: SafeBase-hosted trust center (trust.litera.com) requires account creation for full document access; public preview limited. Recommend contacting Litera for detailed compliance documentation.
- On-premises data handling: For on-premises deployment, Litera claims zero access to customer documents; only telemetry for product access. Verification of this claim may require technical audit.
// At a glance
Pricing model
Subscription-based SaaS (per-user or consumption); perpetual on-premises license option available.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Litera Corp. (Kira Systems product line)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.litera.com