BBAA Atlas

Is Braze HIPAA compliant?

Customer engagement · vendor site ↗

Signs a BAAPHI with conditionsSOC 2 Type II
Will Braze sign a HIPAA BAA?
Yes — Braze will sign a HIPAA Business Associate Agreement (BAA).
Braze publishes a HIPAA Business Associate Addendum and will sign a BAA. The BAA permits customers to submit PHI to the Braze Services when done pursuant to the BAA, but is narrowly scoped to engagement / marketing: it explicitly prohibits storing or submitting medical records, medical images, diagnoses, test results, or similar sensitive medical information, and states the service 'is not intended to be relied upon as part of patient treatment.'
PHI eligibility
PHI is permitted only under a signed BAA and only for engagement / CRM / marketing; do not store clinical data (records, images, diagnoses, test results). Contact-level PHI for messaging is acceptable, clinical content is not.
SOC 2
SOC 2 Type II
Trust center
braze.com
Sub-processors
Notes
Tight content restrictions make Braze usable for patient-engagement messaging but not as a clinical data store.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Braze before storing PHI.

Get notified when this changes

We track Braze's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Braze

Yes — Braze will sign a HIPAA Business Associate Agreement (BAA).

Request routeBy request — via trust center or support
  1. 1
    Confirm your account is covered
    Braze publishes a HIPAA Business Associate Addendum and will sign a BAA. The BAA permits customers to submit PHI to the Braze Services when done pursuant to the BAA, but is narrowly scoped to engagement / marketing: it explicitly prohibits storing or submitting medical records, medical images, diagnoses, test results, or similar sensitive medical information, and states the service 'is not intended to be relied upon as part of patient treatment.'
  2. 2
    Request the Business Associate Agreement
    Braze provides the BAA on request. Open a request through Braze's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI is permitted only under a signed BAA and only for engagement / CRM / marketing; do not store clinical data (records, images, diagnoses, test results). Contact-level PHI for messaging is acceptable, clinical content is not. Match your configuration to this scope before putting protected health information into Braze.
Before you sign — watch for
  • A signed BAA here does NOT clear you to deliberately store PHI — the vendor still restricts intentional PHI collection or how it may be used. Confirm the exact scope.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Braze before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Braze sign a HIPAA Business Associate Agreement (BAA)?
Yes — Braze will sign a HIPAA Business Associate Agreement (BAA). Braze publishes a HIPAA Business Associate Addendum and will sign a BAA. The BAA permits customers to submit PHI to the Braze Services when done pursuant to the BAA, but is narrowly scoped to engagement / marketing: it explicitly prohibits storing or submitting medical records, medical images, diagnoses, test results, or similar sensitive medical information, and states the service 'is not intended to be relied upon as part of patient treatment.'
Is Braze HIPAA compliant?
Braze can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. PHI is permitted only under a signed BAA and only for engagement / CRM / marketing; do not store clinical data (records, images, diagnoses, test results). Contact-level PHI for messaging is acceptable, clinical content is not.
Can you store PHI (protected health information) in Braze?
PHI is permitted only under a signed BAA and only for engagement / CRM / marketing; do not store clinical data (records, images, diagnoses, test results). Contact-level PHI for messaging is acceptable, clinical content is not.
Is Braze SOC 2 certified?
Braze reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Braze?
Braze provides the BAA on request. Open a request through Braze's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Braze before storing PHI.
What plan do I need to sign a BAA with Braze?
Braze publishes a HIPAA Business Associate Addendum and will sign a BAA. The BAA permits customers to submit PHI to the Braze Services when done pursuant to the BAA, but is narrowly scoped to engagement / marketing: it explicitly prohibits storing or submitting medical records, medical images, diagnoses, test results, or similar sensitive medical information, and states the service 'is not intended to be relied upon as part of patient treatment.'

Sources

HIPAA Business Associate Addendum | Braze
https://www.braze.com/company/legal/baa
Supports: Braze signs a BAA; PHI permitted pursuant to the BAA but medical records / images / diagnoses / test results prohibited; engagement-only purposedated: 2026-05-12
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Braze before processing protected health information.

Check another vendor

IterableSigns a BAAActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant email marketing & automation
Browse all 105 vendors by category →