How Lisa transforms from a standalone AI advisor into an integrated extension of a company's HR function — connecting to HRIS systems, ingesting company knowledge, and enabling action workflows.
March 2026 — Living Document
Lisa is a strong AI advisor today. But an AI advisor that knows your company — your org chart, your policies, your compensation bands, your leave balances — is an entirely different product. That's the unlock that makes Lisa irreplaceable.
A manager can ask ChatGPT or Claude generic HR questions. They cannot ask those tools "help me with Sarah" and get an answer that knows Sarah's tenure, performance history, salary relative to band, and leave balance. That requires system integration — and that's what this document plans.
The strategic thesis: Lisa + company context = the competitive moat that transforms Lisa from a useful tool into an indispensable HR infrastructure layer. Every integration deepens the switching cost. Every data connection makes Lisa's guidance more specific, more trusted, and harder to replicate.
Lisa's target market is 50–500 employee startups — not Fortune 500 enterprises running SAP and Workday. This dramatically simplifies the integration challenge:
Small-to-mid startups (50–500 employees) don't use Workday, SAP SuccessFactors, or Oracle HCM. They use modern, cloud-native tools with developer-friendly APIs. This is a strategic advantage — the integration surface is well-defined and accessible.
| Platform | Target Segment | API Maturity | Auth Method | Key Data |
|---|---|---|---|---|
| Gusto | 10–200 employees | Mature | OAuth2 | Payroll, benefits, PTO, org chart |
| Rippling | 50–2,000 employees | Mature | OAuth2 | HR, IT, payroll, device mgmt |
| BambooHR | 50–1,000 employees | Mature | API Key / OAuth2 | Employee records, PTO, performance |
| Justworks | 10–200 employees | Limited | API Key | Payroll, benefits, compliance |
| ADP Run | 1–49 employees (Run), 50–999 (Workforce Now) | Mature | OAuth2 | Payroll, tax, benefits, HR |
Why PEOs matter: PEOs are a distribution multiplier. One integration with a PEO's platform gives Lisa access to thousands of client companies simultaneously. TriNet alone serves 22,000+ SMBs. PEOs handle payroll, benefits, and compliance for their clients — which means their APIs expose exactly the data Lisa needs.
| PEO | Client Companies | API Availability | Distribution Value |
|---|---|---|---|
| TriNet | 22,000+ SMBs | Partner API | High — concentrated SMB base |
| Insperity | 5,400+ clients | Partner API | Medium — mid-market focus |
| Justworks PEO | 10,000+ companies | Limited | High — startup-focused |
| Platform | Focus | API Maturity | Relevant Data |
|---|---|---|---|
| Lattice | Reviews, OKRs, engagement | Mature | Review scores, goals, feedback |
| 15Five | Check-ins, 1-on-1s, OKRs | Moderate | Check-in data, pulse surveys |
| Culture Amp | Surveys, performance, development | Moderate | Engagement scores, review data |
| Small Improvements | Reviews, 360 feedback | Basic | Review cycles, praise history |
| Category | Key Platforms | API Maturity | Integration Priority |
|---|---|---|---|
| L&D | LinkedIn Learning, Coursera for Business | Moderate | Phase 2+ |
| Compensation | Pave, Carta Total Comp, Levels.fyi | Moderate | Phase 2+ (supplements existing BLS/web data) |
| ATS | Greenhouse, Lever, Ashby | Mature | Phase 2+ |
| Communication | Slack, Microsoft Teams | Mature | Slack: Live Teams: Phase 2 |
This is the value unlock. When Lisa knows your org chart, employee tenure, leave balances, performance history, and compensation data — every conversation becomes radically more useful. A manager says "help me with Sarah" and Lisa already has context.
Ordered by market share within Lisa's target segment (50–500 employee startups):
| # | Platform | Rationale | Estimated Effort |
|---|---|---|---|
| 1 | Gusto | Dominant in sub-200 employee startups. Clean OAuth2 API. 300K+ businesses. | 8–12 weeks (includes abstraction layer) |
| 2 | BambooHR | Strong in 50–1,000 range. Well-documented API. 33,000+ customers. | 3–4 weeks |
| 3 | Rippling | Fast-growing ($570M ARR). Unified HR/IT data. 20,000+ customers. | 3–4 weeks |
| 4 | ADP | Massive market share. ADP Workforce Now serves 50–999 employees. | 4–6 weeks (more complex API) |
| 5 | PEO APIs | TriNet, Insperity, Justworks — distribution multiplier. | 4–6 weeks (partner agreements required) |
The connector abstraction layer defines a unified interface that all HRIS connectors implement. Lisa's core system never interacts with HRIS-specific APIs directly — it calls the abstraction layer, which routes to the correct connector based on the organization's configured HRIS provider. This pattern means adding a new HRIS source requires implementing the interface, not modifying Lisa's core logic.
| Data Category | Fields | Update Frequency | Authorization |
|---|---|---|---|
| Employee Roster | Name, role/title, department, start date, employment type | Daily sync | Default (company admin authorizes) |
| Org Chart | Reporting relationships, team structure, levels | Daily sync | Default |
| Employment Dates | Hire date, tenure, promotions, role changes | Daily sync | Default |
| Leave Balances | PTO accrued, used, pending requests | Every 6 hours | Default |
| Performance | Review scores/summaries, goals, feedback | On-demand + weekly sync | Requires explicit opt-in |
| Compensation | Base salary, bonus target, equity grants, band placement | Weekly sync | Requires explicit opt-in (comp_visibility setting) |
When a manager asks "What's our parental leave policy?" Lisa should answer with the company's actual policy — not generic guidance. Phase 2 makes this possible through Retrieval-Augmented Generation (RAG), building on the Upload & Store approach outlined in the existing knowledge base roadmap.
Current state: Lisa already supports company-specific knowledge via pre-processed prompt variants (Option 2 in the knowledge base roadmap), used for the CHET.AI pilot. Phase 2 replaces this manual process with a scalable, self-service document pipeline (Option 1).
| Component | Effort | Details |
|---|---|---|
| pgvector setup & embedding pipeline | 2 weeks | Vector column in PostgreSQL, embedding generation via OpenAI or Gemini |
| Document chunking strategy | 1 week | Section-aware chunking, overlap windows, metadata preservation |
| Admin upload UI | 1.5 weeks | Upload interface, document status, indexing progress, replace/delete |
| Retrieval integration into chat | 1.5 weeks | Semantic search at query time, context injection into system prompt |
| Testing & refinement | 1–2 weeks | Retrieval quality tuning, edge cases, performance optimization |
The admin interface provides:
Phase 3 transforms Lisa from an advisor who tells you what to do into an assistant who helps you do it. Lisa creates a PIP, routes it for approval, and uploads it to the employee file. Lisa initiates a compensation change request. Lisa schedules a follow-up meeting.
Why we wait: Bidirectional integration carries the highest complexity and highest liability of any integration phase. Write-back actions are permanent and affect real employee records. We build this only after Phase 1 and Phase 2 are proven, generating revenue, and validating which specific write-back actions are actually needed based on real usage data.
Deliberately wide range. Scope depends heavily on what Phase 1 and Phase 2 usage reveals about which write-back actions managers actually need.
Approval workflows are configurable per action type per organization. The example above shows a PIP workflow requiring manager → HR review → legal review → employee file upload. Other actions (compensation change, meeting scheduling) may require different approval chains.
| Action | Who Can Initiate | Required Approvals | Org-Configurable |
|---|---|---|---|
| Create PIP document | Manager (direct reports only) | HR + Legal (if risk ≥ medium) | Yes |
| Compensation change request | Manager (direct reports only) | HR + Finance | Yes |
| Schedule follow-up meeting | Manager | None (auto-approved) | Yes |
| Employee file annotation | Manager + HR | HR review | Yes |
| Role/title change request | Manager (direct reports only) | HR + Skip-level manager | Yes |
Every write-back action generates an immutable audit record:
Enterprise integration means handling sensitive employee data — compensation, performance reviews, leave balances. The security framework must be airtight. Lisa's existing multi-tenant isolation (shipped in production) provides the foundation. This section extends it for HRIS data.
The right standard for this market. SOC 2 Type II is the gold standard for SaaS companies handling sensitive data in the SMB/mid-market. It's what Gusto, BambooHR, and Rippling themselves hold. SOX compliance is for public companies — not relevant. HIPAA is for healthcare data — not applicable unless Lisa handles PHI (which it doesn't).
| Layer | Method | Implementation |
|---|---|---|
| In Transit | TLS 1.3 | All API calls, HRIS sync, client-server communication |
| At Rest | AES-256 | Database encryption (managed PostgreSQL), OAuth tokens, cached HRIS data |
| Secrets | AES-256 + Key Rotation | OAuth tokens encrypted with per-org keys, rotated on refresh |
Already built and shipping in production. Each organization's data is completely segregated through:
| Data Type | Manager | HR Admin | Super Admin |
|---|---|---|---|
| Employee roster (own reports) | Read | Read | Read |
| Employee roster (all org) | — | Read | Read |
| Compensation data | Per comp_visibility setting | Full access | Full access |
| Performance reviews | Own reports only | All org | All org |
| Leave balances | Own reports only | All org | All org |
| HRIS connector settings | — | Configure | Configure |
Addressed naturally. When the HRIS org chart syncs, Lisa's visibility model updates automatically. If Sarah moves from Team A to Team B, her new manager gains access and her old manager loses it — no manual security reconfiguration needed. This is a direct consequence of the org-chart-driven permission model.
Nobody is building exactly this combination for the SMB market: HRBP-quality coaching + deep HRIS integration + company-specific knowledge + employment law grounding, purpose-built for the 50–500 employee segment.
Employee self-service and ticket deflection. "How many PTO days do I have?" — not "Help me navigate this termination in California." No specialist agents, no risk classification, no cross-conversation memory.
Tools for running review cycles, engagement surveys, and OKRs. Retrospective analytics, not forward-looking advisory AI. Lisa is complementary — a company could use both.
General-purpose document generation (offer letters, JDs, templates). No multi-turn memory, no risk classification, no legal KB, no PII redaction, no coaching relationship. Template library vs. trusted advisor.
Leadership development and soft skills coaching. Makes managers better leaders — doesn't provide HR-specific guidance with employment law, compensation data, or risk classification. Different focus.
The systems Lisa connects TO, not competes with. They manage HR operations (payroll, benefits, compliance). Lisa provides the judgment layer. Integration makes both more valuable.
Human coaching platform at $3,000–5,000/employee/year. Different price point (100x), different delivery model, different market segment entirely. Personal development, not HR operations.
No one is combining HRBP-quality coaching + deep HRIS integration + company-specific knowledge for the 50–500 employee segment. The enterprise HR tech players (Workday, SAP) serve 5,000+ employee companies. The SMB tools (Gusto, BambooHR) handle operations but not advisory. The AI coaching tools (Valence, BetterUp) focus on leadership development, not HR guidance. Lisa occupies the white space between all of them.
Each integration deepens Lisa's competitive moat through three mechanisms:
Realistic estimates for a solo developer augmented by AI coding tools (Replit Agent, Claude, etc.). These estimates already account for the acceleration AI provides.
| Phase | Scope | Estimate | Cumulative |
|---|---|---|---|
| Phase 1a | First HRIS connector (Gusto or BambooHR) + abstraction layer | 8–12 weeks | 8–12 weeks |
| Phase 1b | Connector abstraction refinement + 2nd connector | 4–6 weeks | 12–18 weeks |
| Phase 2 | RAG knowledge base (pgvector, embedding pipeline, admin UI, retrieval) | 6–8 weeks | 18–26 weeks |
| Phase 1c | 3rd & 4th connectors (can parallel with Phase 2 refinement) | 4–6 weeks | 22–32 weeks |
| SOC 2 Prep | Documentation, policies, controls implementation | 4–6 weeks (overlaps) | — |
| Phase 2 Complete = The Real Value Unlock | ~5–7 months | ||
| Phase 3 | Bidirectional + approval workflows | 12–24 weeks | 34–56 weeks |
| Total Including Phase 3 | ~9–14 months | ||
Each integration phase unlocks a new commercial milestone. Phase 1 justifies the subscription. Phase 2 creates switching costs. Phase 3 makes Lisa a workflow layer that's nearly impossible to rip out.
| Phase | Commercial Impact | Revenue Implication |
|---|---|---|
| Phase 1 | Enables the move from "pilot" to "paid." HRIS integration is the feature that justifies a subscription — generic AI coaching is a nice-to-have, contextual AI coaching is a must-have. | Unlocks paid tier conversion |
| Phase 2 | Makes Lisa sticky. Once a company's handbooks, policies, and compensation philosophy are indexed in Lisa, switching means losing all that company-specific knowledge. The knowledge base creates organic switching costs. | Improves retention & NRR |
| Phase 3 | Lisa becomes a workflow layer — embedded in how the company actually operates. PIPs route through Lisa. Comp changes originate in Lisa. This is the deepest integration and the strongest lock-in. | Enables enterprise tier pricing |
PEOs as a force multiplier. A single partnership with TriNet (22,000+ SMBs) or Justworks (10,000+ companies) gives Lisa distribution access to thousands of potential customers simultaneously. PEOs are motivated partners — Lisa helps their clients' managers navigate HR situations more effectively, which reduces PEO support burden and improves client retention.