Is Brevo HIPAA compliant?
No BAANot for PHI
Will Brevo sign a HIPAA BAA?
No — Brevo does not sign a HIPAA Business Associate Agreement (BAA).
Brevo (formerly Sendinblue) does not sign a BAA and is not HIPAA-compliant, so it cannot be used in conjunction with PHI. Non-PHI marketing (e.g. general wellness content) is permissible.
PHI eligibility
PHI/ePHI must not be transmitted through Brevo; with no BAA available, treat the service as inappropriate for any patient health information.
SOC 2
Not publicly confirmed
Trust center
Sub-processors
—
Notes
The 'no BAA' verdict rests on two reputable secondary sources (AccountableHQ, Paubox); Brevo publishes no first-party 'we don't sign a BAA' statement, as is typical for vendors that don't offer one.
Get notified when this changes
We track Brevo's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with Brevo
No — Brevo does not sign a HIPAA Business Associate Agreement (BAA).
There is no BAA to request — Brevo will not sign one. Brevo (formerly Sendinblue) does not sign a BAA and is not HIPAA-compliant, so it cannot be used in conjunction with PHI. Non-PHI marketing (e.g. general wellness content) is permissible.
Need a vendor in this space that does? See which HIPAA compliant email marketing & automation sign a BAA →
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Brevo before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does Brevo sign a HIPAA Business Associate Agreement (BAA)?
No — Brevo does not sign a HIPAA Business Associate Agreement (BAA). Brevo (formerly Sendinblue) does not sign a BAA and is not HIPAA-compliant, so it cannot be used in conjunction with PHI. Non-PHI marketing (e.g. general wellness content) is permissible.
Is Brevo HIPAA compliant?
Brevo is not HIPAA-ready: it does not sign a Business Associate Agreement (BAA), so you cannot use it to process protected health information (PHI). PHI/ePHI must not be transmitted through Brevo; with no BAA available, treat the service as inappropriate for any patient health information.
Can you store PHI (protected health information) in Brevo?
PHI/ePHI must not be transmitted through Brevo; with no BAA available, treat the service as inappropriate for any patient health information.
Is Brevo SOC 2 certified?
We could not confirm a public SOC 2 report for Brevo. SOC 2 is separate from a HIPAA BAA — confirm both directly with Brevo.
How do I request a HIPAA BAA from Brevo?
You can't — Brevo does not sign a HIPAA Business Associate Agreement. Brevo (formerly Sendinblue) does not sign a BAA and is not HIPAA-compliant, so it cannot be used in conjunction with PHI. Non-PHI marketing (e.g. general wellness content) is permissible.
What plan do I need to sign a BAA with Brevo?
Brevo does not offer a BAA on any plan, so no plan qualifies. Brevo (formerly Sendinblue) does not sign a BAA and is not HIPAA-compliant, so it cannot be used in conjunction with PHI. Non-PHI marketing (e.g. general wellness content) is permissible.
Sources
https://www.accountablehq.com/post/sendinblue-hipaa-compliance-does-brevo-sign-a-baa-and-is-it-safe-for-phi
https://www.paubox.com/blog/is-sendinblue-hipaa-compliant
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Brevo before processing protected health information.
Check another vendor
See all HIPAA compliant email marketing & automation →
Browse all 105 vendors by category →