BBAA Atlas

Is Coda HIPAA compliant?

Docs & collaborative workspace · vendor site ↗

BAA on select plansPHI with conditionsSOC 2
Will Coda sign a HIPAA BAA?
Sometimes — Coda signs a HIPAA BAA only on specific plans or add-ons.
Coda supports HIPAA-compliant use only on its Enterprise tier, where it offers guidance and a BAA governing PHI handling (launched September 2024, 'available only on the Enterprise tier'). Coda is not an EHR or system of record, support requests must not contain PHI, and Coda Brain and Pack Gallery integrations are not covered by the BAA.
PHI eligibility
PHI is allowed only on an Enterprise plan with a signed BAA and within the documented restrictions (no PHI in support, Coda Brain / Packs excluded); it is not eligible on lower tiers.
SOC 2
SOC 2
Trust center
help.coda.io
Sub-processors
Notes
Older third-party blogs incorrectly state Coda signs no BAA; Coda's own help center and September 2024 launch announcement supersede that.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Coda before storing PHI.

Get notified when this changes

We track Coda's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Coda

Sometimes — Coda signs a HIPAA BAA only on specific plans or add-ons.

Request routeBy request — via trust center or support
  1. 1
    Get on a qualifying plan
    Coda supports HIPAA-compliant use only on its Enterprise tier, where it offers guidance and a BAA governing PHI handling (launched September 2024, 'available only on the Enterprise tier'). Coda is not an EHR or system of record, support requests must not contain PHI, and Coda Brain and Pack Gallery integrations are not covered by the BAA.
  2. 2
    Request the Business Associate Agreement
    Coda provides the BAA on request. Open a request through Coda's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI is allowed only on an Enterprise plan with a signed BAA and within the documented restrictions (no PHI in support, Coda Brain / Packs excluded); it is not eligible on lower tiers. Match your configuration to this scope before putting protected health information into Coda.
Before you sign — watch for
  • A signed BAA here does NOT clear you to deliberately store PHI — the vendor still restricts intentional PHI collection or how it may be used. Confirm the exact scope.
  • Third-party apps / integrations are not covered by this BAA — each needs its own agreement.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Coda before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Coda sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Coda signs a HIPAA BAA only on specific plans or add-ons. Coda supports HIPAA-compliant use only on its Enterprise tier, where it offers guidance and a BAA governing PHI handling (launched September 2024, 'available only on the Enterprise tier'). Coda is not an EHR or system of record, support requests must not contain PHI, and Coda Brain and Pack Gallery integrations are not covered by the BAA.
Is Coda HIPAA compliant?
Coda can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI is allowed only on an Enterprise plan with a signed BAA and within the documented restrictions (no PHI in support, Coda Brain / Packs excluded); it is not eligible on lower tiers.
Can you store PHI (protected health information) in Coda?
PHI is allowed only on an Enterprise plan with a signed BAA and within the documented restrictions (no PHI in support, Coda Brain / Packs excluded); it is not eligible on lower tiers.
Is Coda SOC 2 certified?
Coda reports a SOC 2 attestation according to its public security documentation.
How do I request a HIPAA BAA from Coda?
Coda provides the BAA on request. Open a request through Coda's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Coda before storing PHI.
What plan do I need to sign a BAA with Coda?
Coda supports HIPAA-compliant use only on its Enterprise tier, where it offers guidance and a BAA governing PHI handling (launched September 2024, 'available only on the Enterprise tier'). Coda is not an EHR or system of record, support requests must not contain PHI, and Coda Brain and Pack Gallery integrations are not covered by the BAA.

Sources

Launched: Coda is now available for customers requiring HIPAA compliance
https://community.coda.io/t/launched-coda-is-now-available-for-customers-requiring-hipaa-compliance/51196
Supports: Official Coda announcement that HIPAA-compliant use is Enterprise-onlydated: 2024-09-16
HIPAA compliance information | Coda Help Center
https://help.coda.io/en/articles/9806570-hipaa-compliance-information
Supports: Coda's own doc: BAA governs PHI on Enterprise; Coda Brain / Packs excluded; no PHI in support requestsdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Coda before processing protected health information.

Check another vendor

ActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plansAmazon Web Services (AWS)Signs a BAA

See all HIPAA compliant docs & collaboration tools
Browse all 105 vendors by category →