Trust & security

Security at EUCLM

EUCLM was built from day one for European teams subject to GDPR. Here are the principles and measures we use to protect your contracts.

EU data residency

Your data is stored and processed on infrastructure located in the European Union. We don't move your contracts outside the European Economic Area to run the service.

GDPR by design

We process personal data in line with the GDPR. We offer data export and the right to erasure, a data processing agreement (DPA), and a public list of sub-processors. Data minimisation guides every product decision.

eIDAS electronic signatures

Simple electronic signatures (SES) seal each document with an organisation certificate and a trusted timestamp, plus a complete audit trail. Signatures are legally valid and admissible as evidence across the EU (eIDAS Art. 25). Advanced signatures (AES) via a qualified trust-service provider are on our roadmap.

Encryption & access control

All traffic is encrypted in transit with TLS. Access is authenticated with secure sessions (httpOnly cookies) and CSRF protection, with role-based permissions inside each organisation. Single sign-on (SSO via SAML/OIDC) is available on Enterprise.

Explainable AI & data use

Every AI extraction is traceable to the exact sentence in the source document. Your documents are processed solely to deliver the service to you; we don't sell your data.

Certifications & continuous improvement

We're in the process of ISO 27001 certification. We review our technical and organisational measures continuously and will update this page as we progress.

See our Privacy Policy and the list of sub-processors for more detail.

Report a security issue

If you believe you've found a vulnerability, get in touch. We welcome responsible disclosure and will respond as quickly as we can.

security@euclm.com · privacy@euclm.com