// Trust & Security Report

    Legartis Technology AG logo

    Legartis Technology AG

    Legal AI Workspace for contract lifecycle management, including legal agent, AI contract review, contract playbook creation, and contract insights. Multi-language support across European languages.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    ISO 27001-certified - All plans include hosting in Switzerland/Europe and ISO 27001 certification

    Verify on legartis.ai
    GDPR
    HELD

    GDPR-compliant - Legartis processes data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679)

    Verify on legartis.ai
    > Show 5 unconfirmed / not-held certifications
    SOC 2
    NOT CONFIRMED

    No mention of SOC 2 on legartis.ai. Third-party profile (Nudge Security) claims SOC 2 compliance, but this is not confirmed by Legartis' official website.

    source: legartis.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance on legartis.ai. Nudge Security profile claims HIPAA compliance, but unverified by vendor.

    source: legartis.ai
    PCI DSS
    NOT CONFIRMED

    No mention of PCI DSS certification on legartis.ai or customer-facing documentation.

    source: legartis.ai
    FedRAMP
    NOT CONFIRMED

    No evidence of FedRAMP compliance on legartis.ai. Nudge Security claims FedRAMP compliance but is not confirmed by vendor.

    source: legartis.ai
    CSA STAR
    NOT CONFIRMED

    No evidence of CSA STAR certification on legartis.ai. Nudge Security claims CSA STAR Level 1, but unverified.

    source: legartis.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    Switzerland (Zurich) and Europe

    By default, customer data may be used to train AI models. Team and Enterprise plans offer opt-out of model training. Lower tiers (Free, Professional) do not have this option.

    // Security controls

    Data Location

    Servers in Zurich, Switzerland and Europe only

    legartis.ai

    Encryption in Transit

    Not explicitly specified in public documentation

    legartis.ai

    Encryption at Rest

    Not explicitly specified in public documentation

    legartis.ai

    Audit Trails

    Complete audit trail available (Enterprise plan includes audit logs)

    legartis.ai

    Authentication

    SSO, two-factor authentication via SMS and email available on Enterprise plan

    legartis.ai

    Role-Based Access Control

    Advanced Role Management available on Team and Enterprise plans (team-based access control, document-level permissions)

    legartis.ai

    Sub-Processors

    Website: Google Analytics/Ads, HubSpot, Front, Workable, MailChimp; Application: Turicode, VSHN, LinuxFabrik

    legartis.ai

    // Products & data scope

    Legal AgentAI Assistant

    data: Contract data, legal research, document analysis

    Core product offering intelligent legal assistance with multi-language support

    AI Contract ReviewAutomation

    data: Contract documents, deviation detection, risk analysis

    Automated contract review with up to 85% faster processing than manual review

    Contract Playbook CreatorAutomation

    data: Company standards, contract templates, legal playbooks

    Automatically creates contract playbooks from company standards and legal best practices

    Contract InsightsAnalytics

    data: Contract portfolio data, risk dashboards, deadlines, critical clauses

    Portfolio-wide visibility of risks, deadlines, and critical clauses with custom dashboards

    // What to watch

    • Privacy policy last updated November 6, 2019 - severely outdated for a modern AI SaaS product in 2026. No evidence of privacy policy refresh.
    • Contradiction: Homepage claims 'No data sharing with third parties' but general terms list 8 third-party sub-processors (Google, HubSpot, Front, Workable, MailChimp, Turicode, VSHN, LinuxFabrik).
    • ISO 27001 certification claimed throughout website but no link to actual certificate, no certification number, no auditor name, no expiration date provided.
    • No dedicated trust center or security center page found despite claims of ISO 27001 and GDPR compliance.
    • Third-party aggregator (Nudge Security) claims SOC 2, HIPAA, PCI DSS, FedRAMP, and CSA STAR Level 1 certifications, but these are NOT mentioned anywhere on legartis.ai's official website.
    • Data Processing Agreement (DPA) not mentioned in customer-facing terms despite being critical for GDPR B2B compliance.
    • AI training data practices unclear: by default uses customer data for training unless opted-out (Team/Enterprise only). Lower-tier plans have no opt-out option.
    • AWS hosting mentioned in third-party profile but not confirmed on legartis.ai's own website.
    • Sub-processor list includes Google Analytics/Ads and HubSpot, which involves US-based data transfers (potential GDPR implications for Swiss/EU data flows).

    // At a glance

    Pricing model

    SaaS subscription-based: Free, Professional, Team, Enterprise tiers

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Legartis Technology AG's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    legartis.ai

    > Browse all vendor trust reports