Compliance & Certifications
Last reviewed: April 2026
Certifications status
- SOC 2: Roadmap 2026 — audit kickoff targeted Q3 2026.
- ISO 27001: Roadmap 2026.
- HIPAA: Roadmap 2026 for direct certification. Our customer authentication provider Clerk and our voice provider both offer HIPAA Business Associate Agreements; the voice integration runs in HIPAA-enabled mode for all User Intuition assistants.
- EU-US Data Privacy Framework self-certification: Roadmap 2026. We currently rely on Standard Contractual Clauses for cross-border transfers, as documented in our privacy policy.
- Cyber liability insurance: Roadmap 2026.
Regulations we comply with today
- EU General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Utah Consumer Privacy Act (UCPA)
Compliance is verified through our internal Data Privacy Compliance Policy, reviewed annually. Data subject requests (access, deletion, portability) are honored at privacy@userintuition.ai.
Sub-processor compliance
All nine sub-processors are SOC 2 Type 2 certified. Clerk (our customer authentication provider) and our voice provider additionally offer HIPAA Business Associate Agreements. The full list, including provider names, is on our sub-processors page.
Customer audit rights
The sub-processor list is public at /sub-processors/. For enterprise customers under signed master agreement, additional security artifacts (policy summaries, vulnerability scan summaries) are available under NDA — contact security@userintuition.ai. Direct customer audits of User Intuition systems are not currently offered; this is on our 2026 roadmap as part of the SOC 2 audit kickoff.