Free 30-min call →

AI Vendor Due Diligence

We review the AI tool or vendor you are about to sign with. Fixed fee. No surprises.

Why Vendor Due Diligence Matters Now

A Kissimmee short-term rental property management group called me last month. They had 60 doors, a mix of condos near Disney and single-family homes near the 192. They were this close to signing a $2,800/month contract for an AI revenue management tool. The sales demo looked slick: dynamic pricing, occupancy forecasts, integration with their PMS. But something felt off. They asked me to take a look.

Two hours into the vendor’s contract, I found the trap. The pricing was structured as a percentage of revenue, which meant their fees would balloon as rates climbed, but the tool’s performance was tied to historical data that didn’t account for seasonal anomalies. Worse, the data residency clause stated all guest reservation data would be stored on servers in Ireland, which violated their insurance policy’s data localization requirement. We walked away. They saved $33,600 in year one alone.

That’s why I built our AI Vendor Due Diligence service. It is an independent, vendor-agnostic review of any AI tool or vendor you are considering signing with. I use a 17-point checklist that covers the most common pitfalls. The fee is a flat $1,800 per vendor, with no ongoing obligations. You get a written report and a 30-minute debrief call.

The 17-Point Checklist

Here is what I look at. Each point gets a pass, fail, or conditional rating with actionable recommendations.

Data & Security

  • Data residency: Where does your data physically sit? If the vendor uses AWS in Virginia but your contract says ‘US East’, check the fine print for sub-processors. I have seen contracts that list ‘any AWS region globally’.
  • Training-data leakage: Does the vendor use your data to train their models? Most enterprise AI vendors will let you opt out, but many SMB-focused tools have a clause buried in the terms that says ‘we may use aggregated data to improve services’. That is a no-go for sensitive data like guest lists or financial info.
  • SOC 2 Type II: If the vendor doesn’t have a SOC 2 report, I need to see their penetration testing results and incident response plan. I recently reviewed a chatbot vendor for a local law firm that claimed ‘enterprise grade encryption’ but hadn’t done a third-party security audit in three years.
  • Access controls: Can you limit user permissions? Can you revoke API keys without losing historical data? One Orlando medical practice I helped had a vendor that stored all patient notes in a single shared folder with no audit trail.

Pricing & Contracts

  • Pricing trap: Is the pricing usage-based, seat-based, or flat? Usage-based AI pricing can spike unpredictably. I had a client whose API costs went from $400/month to $4,700/month because their customer service volume doubled during a promotion.
  • Hidden fees: Are there setup fees, data migration fees, or termination fees? One vendor charged $5,000 to export your data when you leave, which effectively locked the client in for another year.
  • Exit clause: How long does it take to get your data out? Is it a CSV export, or do they offer structured API access? I look for a 30-day notice period with a clean data handover.
  • Model lock-in: If the vendor uses a third-party model like GPT-4 or Claude, does the contract allow you to switch to a different model later? Some vendors lock you into their fine-tuned version, making it hard to migrate.

Performance & Support

  • Uptime SLA: Is there a financially-backed uptime commitment? 99.9% uptime is standard. But I have seen vendors promise ‘best effort’ and then blame downtime on their cloud provider.
  • Support response times: What is the average first-response time? For a production AI system, I want under 4 hours for critical issues. The Kissimmee property group’s tool had a 48-hour support window for pricing errors.
  • Documentation: Is the API documented? Are there code samples? I look for a developer portal that doesn’t require a paid plan to access.
  • Versioning: How do they handle model updates? Some vendors update their AI model weekly, breaking your workflows without notice. I ask for a changelog and a test enviroment.

Compliance & Ethics

  • Regulatory compliance: Does the tool comply with Florida’s data privacy laws? For healthcare clients, I check HIPAA BAAs. For financial services, I look for FINRA suitability.
  • Bias audit: Has the vendor tested thier model for bias? For hiring or credit scoring tools, this is critical. One landlord association I worked with nearly signed a tenant screening AI that discriminated against Section 8 voucher holders.
  • Explainability: Can the vendor explain why their model made a specific recommendation? Black-box AI is fine for spam filters, but not for decisions that affect people’s livelihoods.
  • Data retention: How long does the vendor keep your data after you cancel? I look for a 90-day retention period at most, followed by secure deletion.
  • Sub-processor list: Who else touches your data? I review their third-party list. One vendor used a call recording service in India that wasn’t in their privacy policy.

How We Do It

The process is straightforward. You send me the vendor’s contract, privacy policy, terms of service, and any technical documentation they have provided. I also need a 20-minute call with you to understand your use case and what success looks like. I then perform the review against the 17-point checklist, which takes about 4-6 hours per vendor. You get a PDF report with color-coded ratings, green, yellow, red, for each point, a summary of risks, and a go/no-go recommendation. We then meet for 30 minutes to go over the findings and answer questions.

If I find a major red flag, I will tell you directly. I don’t sell anything else. I don’t get commissions from vendors. My only incentive is to help you make a smart decision. alot of business owners have told me this kind of honesty is rare in the vendor space.

Who Needs This

  • Property managers evaluating AI for dynamic pricing, guest communication, or maintenance scheduling.
  • Law firms looking at AI for document review or contract analysis.
  • Medical practices considering AI for appointment scheduling or patient triage.
  • Local retailers testing AI for inventory forecasting or customer service chatbots.
  • Any business signing a contract over $500/month for an AI tool.

If you are about to sign a deal with an AI vendor and want an independent set of eyes, I can help. The cost is $1,800 per vendor, and the review typically takes 5-7 business days. Reach out to me and we will set up a quick call to see if this makes sense for your situation.

Comparison

DIY Review AI Consulting Orlando Review
Time required 8-20 hours of reading legalese 4-6 hours (I do the work)
Expertise needed Legal and technical AI knowledge None on your part
Checklist used Whatever you find online 17-point proprietary checklist
Hidden trap detection Low (you may miss fine print) High (I have seen hundreds of contracts)
Cost Free (your time) $1,800 flat fee
Go/no-go recommendation You guess I give a clear recommendation
Contract negotiation support No Yes (I provide suggested language)

<strong>We saved one client $33,600 in year one</strong> by catching a pricing trap hidden in the fine print.

<strong>17-point checklist</strong> covers data residency, pricing traps, exit clauses, and model lock-in.

<strong>Fixed fee $1,800 per vendor.</strong> No subscriptions, no commissions, no nonsense.

<strong>Independent and vendor-agnostic.</strong> I don't sell AI tools. I only sell peace of mind.

Frequently asked questions

What do I need to provide for the due diligence review?

I need the vendor's current contract, privacy policy, terms of service, any technical documentation (like API docs or security whitepapers), and a 20-minute call to understand your use case and goals. The more context you give, the better I can assess risks.

How long does the review take?

Typically 5-7 business days from the time I receive all documents. For rush requests, I can prioritize and deliver in 3 business days for an additional $600 fee.

What if the vendor refuses to share their contract before I sign?

That is a red flag in itself. I can help you negotiate a non-disclosure agreement to review the contract, or I can provide a template you can share with the vendor to request the key clauses I need to see.

Do you recommend specific vendors?

No. I stay vendor-agnostic. My report will tell you if the vendor is safe to sign with, what risks to watch for, and any negotiation points. I do not recommend alternative vendors, but I can point you to general categories of tools that might fit.

Is this a one-time fee or ongoing?

One-time fee of $1,800 per vendor reviewed. There are no subscriptions, annual renewals, or hidden costs. If you need a follow-up review after contract negotiations, I offer a discounted re-review for $600.

What if I need to review multiple vendors?

I can handle multiple vendors at the same time. Each vendor is billed separately at $1,800. If you have three vendors, I can stagger the reviews to match your decision timeline.

Ready to talk it through?

Send a one-line description of what you are trying to do. I will reply within one business day with a plain-English next step. Email or use the form →