BBAA Atlas

Is Amplitude HIPAA compliant?

Product analytics · vendor site ↗

Signs a BAAPHI with conditionsSOC 2 Type II
Will Amplitude sign a HIPAA BAA?
Yes — Amplitude will sign a HIPAA Business Associate Agreement (BAA).
Amplitude's Trust, Security and Privacy page states 'Amplitude can enter a Business Associates Agreement to help you maintain your HIPAA compliance.' It adds that all of Amplitude's AI features are covered under its BAAs and that it holds corresponding BAAs with its third-party AI subprocessors. The page does not tie the BAA to a specific pricing tier, indicating it is offered to qualifying covered-entity / business-associate customers (typically negotiated with sales).
PHI eligibility
Behavioral data that constitutes PHI can be stored in Amplitude only under a signed BAA and with appropriate data-governance / minimization controls; PHI is not allowed absent a BAA.
SOC 2
SOC 2 Type II
Trust center
amplitude.com
Sub-processors
Notes
Some third-party blogs claim Amplitude will not sign a BAA, but Amplitude's own current security page explicitly says it will; the first-party statement governs. Tier for the BAA is not stated (likely sales-negotiated).
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Amplitude before storing PHI.

Get notified when this changes

We track Amplitude's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Amplitude

Yes — Amplitude will sign a HIPAA Business Associate Agreement (BAA).

Request routeThrough sales / your account team
  1. 1
    Confirm your account is covered
    Amplitude's Trust, Security and Privacy page states 'Amplitude can enter a Business Associates Agreement to help you maintain your HIPAA compliance.' It adds that all of Amplitude's AI features are covered under its BAAs and that it holds corresponding BAAs with its third-party AI subprocessors. The page does not tie the BAA to a specific pricing tier, indicating it is offered to qualifying covered-entity / business-associate customers (typically negotiated with sales).
  2. 2
    Request the Business Associate Agreement
    Amplitude arranges the BAA through its sales / account team. If you have an account executive, ask them to start the BAA for your plan; otherwise contact Amplitude sales (or open a request from its trust center) and reference the qualifying plan above.
  3. 3
    Confirm what PHI is allowed before you store any
    Behavioral data that constitutes PHI can be stored in Amplitude only under a signed BAA and with appropriate data-governance / minimization controls; PHI is not allowed absent a BAA. Match your configuration to this scope before putting protected health information into Amplitude.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Amplitude before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Amplitude sign a HIPAA Business Associate Agreement (BAA)?
Yes — Amplitude will sign a HIPAA Business Associate Agreement (BAA). Amplitude's Trust, Security and Privacy page states 'Amplitude can enter a Business Associates Agreement to help you maintain your HIPAA compliance.' It adds that all of Amplitude's AI features are covered under its BAAs and that it holds corresponding BAAs with its third-party AI subprocessors. The page does not tie the BAA to a specific pricing tier, indicating it is offered to qualifying covered-entity / business-associate customers (typically negotiated with sales).
Is Amplitude HIPAA compliant?
Amplitude can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. Behavioral data that constitutes PHI can be stored in Amplitude only under a signed BAA and with appropriate data-governance / minimization controls; PHI is not allowed absent a BAA.
Can you store PHI (protected health information) in Amplitude?
Behavioral data that constitutes PHI can be stored in Amplitude only under a signed BAA and with appropriate data-governance / minimization controls; PHI is not allowed absent a BAA.
Is Amplitude SOC 2 certified?
Amplitude reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Amplitude?
Amplitude arranges the BAA through its sales / account team. If you have an account executive, ask them to start the BAA for your plan; otherwise contact Amplitude sales (or open a request from its trust center) and reference the qualifying plan above. Confirm current terms directly with Amplitude before storing PHI.
What plan do I need to sign a BAA with Amplitude?
Amplitude's Trust, Security and Privacy page states 'Amplitude can enter a Business Associates Agreement to help you maintain your HIPAA compliance.' It adds that all of Amplitude's AI features are covered under its BAAs and that it holds corresponding BAAs with its third-party AI subprocessors. The page does not tie the BAA to a specific pricing tier, indicating it is offered to qualifying covered-entity / business-associate customers (typically negotiated with sales).

Sources

Trust, Security and Privacy | Amplitude
https://amplitude.com/security-and-privacy
Supports: First-party statement that Amplitude can enter a BAA and that AI features / subprocessors are BAA-covereddated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Amplitude before processing protected health information.

Check another vendor

MixpanelBAA on select plansPostHogBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAA

See all HIPAA compliant product & web analytics
Browse all 105 vendors by category →