// Trust & Security Report
Legartis Technology AG
Legal AI Workspace for contract lifecycle management, including legal agent, AI contract review, contract playbook creation, and contract insights. Multi-language support across European languages.
Certifications held
2
Maturity
Growth
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on legartis.ai“ISO 27001-certified - All plans include hosting in Switzerland/Europe and ISO 27001 certification”
Verify on legartis.ai“GDPR-compliant - Legartis processes data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679)”
> Show 5 unconfirmed / not-held certifications
source: legartis.aiNo mention of SOC 2 on legartis.ai. Third-party profile (Nudge Security) claims SOC 2 compliance, but this is not confirmed by Legartis' official website.
source: legartis.aiNo public evidence of HIPAA compliance on legartis.ai. Nudge Security profile claims HIPAA compliance, but unverified by vendor.
source: legartis.aiNo mention of PCI DSS certification on legartis.ai or customer-facing documentation.
source: legartis.aiNo evidence of FedRAMP compliance on legartis.ai. Nudge Security claims FedRAMP compliance but is not confirmed by vendor.
source: legartis.aiNo evidence of CSA STAR certification on legartis.ai. Nudge Security claims CSA STAR Level 1, but unverified.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
Switzerland (Zurich) and Europe
By default, customer data may be used to train AI models. Team and Enterprise plans offer opt-out of model training. Lower tiers (Free, Professional) do not have this option.
// Security controls
Authentication
SSO, two-factor authentication via SMS and email available on Enterprise plan
legartis.aiRole-Based Access Control
Advanced Role Management available on Team and Enterprise plans (team-based access control, document-level permissions)
legartis.aiSub-Processors
Website: Google Analytics/Ads, HubSpot, Front, Workable, MailChimp; Application: Turicode, VSHN, LinuxFabrik
legartis.ai// Products & data scope
data: Contract data, legal research, document analysis
Core product offering intelligent legal assistance with multi-language support
data: Contract documents, deviation detection, risk analysis
Automated contract review with up to 85% faster processing than manual review
data: Company standards, contract templates, legal playbooks
Automatically creates contract playbooks from company standards and legal best practices
data: Contract portfolio data, risk dashboards, deadlines, critical clauses
Portfolio-wide visibility of risks, deadlines, and critical clauses with custom dashboards
// What to watch
- Privacy policy last updated November 6, 2019 - severely outdated for a modern AI SaaS product in 2026. No evidence of privacy policy refresh.
- Contradiction: Homepage claims 'No data sharing with third parties' but general terms list 8 third-party sub-processors (Google, HubSpot, Front, Workable, MailChimp, Turicode, VSHN, LinuxFabrik).
- ISO 27001 certification claimed throughout website but no link to actual certificate, no certification number, no auditor name, no expiration date provided.
- No dedicated trust center or security center page found despite claims of ISO 27001 and GDPR compliance.
- Third-party aggregator (Nudge Security) claims SOC 2, HIPAA, PCI DSS, FedRAMP, and CSA STAR Level 1 certifications, but these are NOT mentioned anywhere on legartis.ai's official website.
- Data Processing Agreement (DPA) not mentioned in customer-facing terms despite being critical for GDPR B2B compliance.
- AI training data practices unclear: by default uses customer data for training unless opted-out (Team/Enterprise only). Lower-tier plans have no opt-out option.
- AWS hosting mentioned in third-party profile but not confirmed on legartis.ai's own website.
- Sub-processor list includes Google Analytics/Ads and HubSpot, which involves US-based data transfers (potential GDPR implications for Swiss/EU data flows).
// At a glance
Pricing model
SaaS subscription-based: Free, Professional, Team, Enterprise tiers
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Legartis Technology AG's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
legartis.ai