BBAA Atlas

Is Dropbox Sign HIPAA compliant?

E-signature · vendor site ↗

BAA on select plansPHI with conditions
Will Dropbox Sign sign a HIPAA BAA?
Sometimes — Dropbox Sign signs a HIPAA BAA only on specific plans or add-ons.
Dropbox Sign (formerly HelloSign) supports HIPAA compliance only for customers on an annual Standard or Premium plan who sign a BAA and meet a minimum contract value (the minimum-contract-value requirement was added in June 2024). The Dropbox Sign BAA is separate from the main Dropbox service BAA.
PHI eligibility
PHI may be processed once HIPAA mode is enabled under a signed BAA on a qualifying annual plan; enabling HIPAA mode disables CC on signature requests, emailed PDF copies of signed documents, and editing a document's title/message.
SOC 2
Not publicly confirmed
Trust center
faq.hellosign.com
Sub-processors
Notes
Vendor HIPAA FAQ (dated 2023-08-24) returned 403 on direct fetch; the verbatim plan/BAA terms are quoted via Paubox, which cites that FAQ. SOC 2 left unstated.
Last verified 2026-05-31confidence: medium· Vendor terms change — confirm directly with Dropbox Sign before storing PHI.

Get notified when this changes

We track Dropbox Sign's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Dropbox Sign

Sometimes — Dropbox Sign signs a HIPAA BAA only on specific plans or add-ons.

Request routeBy request — via trust center or support
  1. 1
    Get on a qualifying plan
    Dropbox Sign (formerly HelloSign) supports HIPAA compliance only for customers on an annual Standard or Premium plan who sign a BAA and meet a minimum contract value (the minimum-contract-value requirement was added in June 2024). The Dropbox Sign BAA is separate from the main Dropbox service BAA.
  2. 2
    Request the Business Associate Agreement
    Dropbox Sign provides the BAA on request. Open a request through Dropbox Sign's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may be processed once HIPAA mode is enabled under a signed BAA on a qualifying annual plan; enabling HIPAA mode disables CC on signature requests, emailed PDF copies of signed documents, and editing a document's title/message. Match your configuration to this scope before putting protected health information into Dropbox Sign.
Before you sign — watch for
  • May carry a minimum contract / annual spend commitment — budget for it before you start.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Dropbox Sign before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Dropbox Sign sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Dropbox Sign signs a HIPAA BAA only on specific plans or add-ons. Dropbox Sign (formerly HelloSign) supports HIPAA compliance only for customers on an annual Standard or Premium plan who sign a BAA and meet a minimum contract value (the minimum-contract-value requirement was added in June 2024). The Dropbox Sign BAA is separate from the main Dropbox service BAA.
Is Dropbox Sign HIPAA compliant?
Dropbox Sign can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI may be processed once HIPAA mode is enabled under a signed BAA on a qualifying annual plan; enabling HIPAA mode disables CC on signature requests, emailed PDF copies of signed documents, and editing a document's title/message.
Can you store PHI (protected health information) in Dropbox Sign?
PHI may be processed once HIPAA mode is enabled under a signed BAA on a qualifying annual plan; enabling HIPAA mode disables CC on signature requests, emailed PDF copies of signed documents, and editing a document's title/message.
Is Dropbox Sign SOC 2 certified?
We could not confirm a public SOC 2 report for Dropbox Sign. SOC 2 is separate from a HIPAA BAA — confirm both directly with Dropbox Sign.
How do I request a HIPAA BAA from Dropbox Sign?
Dropbox Sign provides the BAA on request. Open a request through Dropbox Sign's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Dropbox Sign before storing PHI.
What plan do I need to sign a BAA with Dropbox Sign?
Dropbox Sign (formerly HelloSign) supports HIPAA compliance only for customers on an annual Standard or Premium plan who sign a BAA and meet a minimum contract value (the minimum-contract-value requirement was added in June 2024). The Dropbox Sign BAA is separate from the main Dropbox service BAA.

Sources

Is Dropbox Sign HIPAA compliant?
https://www.paubox.com/blog/is-dropbox-sign-hipaa-compliant
Supports: Annual Standard/Premium plan + signed BAA + minimum contract value; HIPAA-mode restrictionsdated: undated
Dropbox Sign and HIPAA compliance (vendor FAQ)
https://faq.hellosign.com/hc/en-us/articles/4470222434189-Dropbox-Sign-and-HIPAA-compliance
Supports: BAA + qualifying plan required for HIPAAdated: 2023-08-24
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Dropbox Sign before processing protected health information.

Check another vendor

Adobe Acrobat SignBAA on select plansDocuSignSigns a BAAPandaDocBAA on select plansSignNowBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plans

See all HIPAA compliant docs & collaboration tools
Browse all 105 vendors by category →