Security

Compliance & Certifications

Last reviewed: May 2026

TL;DR

User Intuition complies today with GDPR, the CCPA and CPRA, and the Virginia, Colorado, Connecticut, and Utah state privacy laws. SOC 2 Type 1 attestation is in active progress: User Intuition has engaged an attestation firm, implemented the SOC 2 control set, and is conducting its readiness assessment, targeting attestation in H2 2026. ISO 27001 and direct HIPAA certification are on the 2026 roadmap. All nine User Intuition sub-processors are SOC 2 Type 2 certified, and engagement evidence and control inventory summaries are available under NDA.

Certifications status

  • SOC 2 Type 1 — In progress. We have engaged a SOC 2 attestation firm, implemented the SOC 2 control set, and are conducting our readiness assessment. Target Type 1 attestation: H2 2026. Engagement evidence, control inventory summaries, and readiness assessment status are available under NDA via security@userintuition.ai.
  • ISO 27001: Roadmap 2026.
  • HIPAA: Roadmap 2026 for direct certification. Our customer authentication provider Clerk and our voice provider both offer HIPAA Business Associate Agreements; the voice integration runs in HIPAA-enabled mode for all User Intuition assistants.
  • EU-US Data Privacy Framework self-certification: Roadmap 2026. We currently rely on Standard Contractual Clauses for cross-border transfers, as documented in our privacy policy.
  • Cyber liability insurance: Roadmap 2026.

Need to begin before our SOC 2 Type 1 attestation completes? User Intuition also offers fully managed research — you send a brief by email and receive transcripts, reports, and deliverables by email or secure link, with no account and no platform access required.

Regulations we comply with today

  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Utah Consumer Privacy Act (UCPA)

Compliance is verified through our internal Data Privacy Compliance Policy, reviewed annually. Data subject requests (access, deletion, portability) are honored at privacy@userintuition.ai.

Sub-processor compliance

All nine sub-processors are SOC 2 Type 2 certified. Clerk (our customer authentication provider) and our voice provider additionally offer HIPAA Business Associate Agreements. The full list, including provider names, is on our sub-processors page.

Customer audit rights

The sub-processor list is public at /sub-processors/. For enterprise customers under signed master agreement, additional security artifacts are available under NDA via security@userintuition.ai — including policy summaries, vulnerability scan summaries, SOC 2 engagement evidence, control inventory, and current readiness assessment status. Customer audit rights against User Intuition systems will be available alongside our SOC 2 Type 1 report (H2 2026 target).

← Back to Security & Trust