Buyer template · Due-diligence checklist · Updated 2026-07-01
Vendor Pricing and Security Review Checklist
A due-diligence checklist for reviewing an AI vendor's pricing terms and security posture before signing.
When to use it: Use this before committing to a paid plan, especially at the team or company level.
Pricing
- Confirm what is included at the plan tier you are evaluating, not just the headline price.
- Check for per-seat minimums, usage-based add-ons, and annual-commitment discounts or penalties.
- Confirm what happens to your data and access if you downgrade or cancel.
Security and privacy
- Confirm whether your data is used for model training by default, and how to opt out if so.
- Check for SSO/SAML, role-based access control, and audit logs at your plan tier.
- Confirm data retention and deletion timelines, and where data is stored and processed.
- Ask for a current SOC 2, ISO 27001, or equivalent report if your compliance requirements need it.
Contract and exit
- Confirm data export options before you sign, not after you need to leave.
- Note the renewal and cancellation terms, including notice periods.
Related workflows
- AI Tools for Engineering Managers
A starter AI stack for engineering managers balancing planning, code context, research, and team communication.
- AI Tools for Workplace Productivity
A suite and inbox productivity stack for teams choosing where AI belongs across email, docs, meetings, and internal knowledge.
- AI Tools for Customer Support Teams
A support-automation stack for teams deciding when to use AI agents, how to price automated resolutions, and where to put escalation and action controls.
Related comparisons
- ChatGPT vs Claude
A practical comparison for teams choosing a general AI assistant for writing, analysis, research, and lightweight coding help.
Not sure which stack fits first?
Take the stack quiz for a recommended starting point.
The deterministic quiz returns a recommended stack, avoid-for-now guidance, and a rollout note you can carry into this checklist.