Enterprise adoption of agentic research requires passing security and compliance reviews that gate vendor onboarding. This guide covers the specific requirements that procurement, security, and legal teams evaluate — with User Intuition’s current compliance posture for each.
Certification Summary
| Standard | Status | Documentation |
|---|---|---|
| ISO 27001 | Certified | Certificate available on request |
| GDPR | Compliant | DPA available at userintuition.ai/dpa |
| HIPAA | Compliant | BAA available on request |
| SOC 2 Type II | In progress | Expected completion available on request |
| CCPA | Compliant | Privacy policy at userintuition.ai/privacy-policy |
Data Architecture
Encryption
- At rest: AES-256 encryption for all stored data
- In transit: TLS 1.3 for all data transmission
- Key management: Hardware security modules for encryption key storage
Access Controls
- SSO/SAML: Supported for enterprise identity providers
- Role-based access: Configurable permissions per team and user
- Audit logging: Complete trail of all data access, study creation, and hub queries
- Multi-factor authentication: Required for all account access
Data Residency
Configurable data residency options for organizations with geographic data sovereignty requirements. Contact enterprise sales for region-specific deployment options.
Participant Consent Framework
Every agentic research study includes a consent framework that meets GDPR, HIPAA, and general research ethics requirements:
- Informed consent before participation begins (purpose, data use, rights)
- Right to withdraw at any point during the conversation
- Data subject rights (access, rectification, erasure) honored within required timelines
- Purpose limitation — data used only for the stated research purpose
- Retention limits — configurable per organization and per study
Procurement Checklist
Security teams evaluating agentic research platforms typically require:
- ISO 27001 certification (or equivalent)
- GDPR Data Processing Agreement
- HIPAA Business Associate Agreement (if applicable)
- SOC 2 Type II report (or bridge letter if in progress)
- Penetration test results (available under NDA)
- Subprocessor list (userintuition.ai/sub-processors)
- Data flow diagram
- Incident response plan
- Business continuity plan
- Encryption standards documentation
All items are available from User Intuition’s security team. Contact enterprise sales or email security@userintuition.ai to initiate the security review process.
Regulated Industry Considerations
Financial Services
Agentic research in financial services requires attention to consumer financial data handling, regulatory research disclosure requirements, and record retention policies. User Intuition’s encryption, access controls, and audit logging meet the standards required by major financial institutions.
Healthcare
HIPAA compliance covers the handling of any protected health information that may surface during AI-moderated conversations about healthcare experiences. Business Associate Agreements are available for healthcare research deployments.
Government and Public Sector
For government research applications, User Intuition supports FedRAMP-adjacent security controls. Contact enterprise sales for government-specific deployment options.
Starting the Security Review
For enterprise teams ready to evaluate:
- Request the security package — email security@userintuition.ai or contact your account representative
- Schedule a security architecture review — technical walkthrough with our security team
- Begin procurement in parallel — use the Starter tier ($0/month) while enterprise procurement is in progress
The Starter tier lets teams validate research quality and build the business case while the formal security review proceeds — reducing the time from evaluation to enterprise deployment.