BBAA Atlas

Is FullStory HIPAA compliant?

Product analytics & session replay · vendor site ↗

BAA on select plansPHI with conditions
Will FullStory sign a HIPAA BAA?
Sometimes — FullStory signs a HIPAA BAA only on specific plans or add-ons.
Fullstory provides a BAA to existing customers on a paid plan. The BAA exists mainly to cover inadvertent capture of health data — Fullstory continues to prohibit customers from intentionally collecting PHI through the service.
PHI eligibility
Fullstory prohibits sending health data (medical records, diagnostic data, medical identifiers) to the service; the BAA is a safety net for inadvertent capture rather than a license to store PHI. Limited identifiers like names, emails and IPs are permitted.
SOC 2
Not publicly confirmed
Trust center
fullstory.com
Sub-processors
Notes
A 'yes-but' case: Fullstory signs a BAA yet explicitly bars intentional PHI collection — treat as not a PHI store.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with FullStory before storing PHI.

Get notified when this changes

We track FullStory's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with FullStory

Sometimes — FullStory signs a HIPAA BAA only on specific plans or add-ons.

Request routeBy request — via trust center or support
  1. 1
    Get on a qualifying plan
    Fullstory provides a BAA to existing customers on a paid plan. The BAA exists mainly to cover inadvertent capture of health data — Fullstory continues to prohibit customers from intentionally collecting PHI through the service.
  2. 2
    Request the Business Associate Agreement
    FullStory provides the BAA on request. Open a request through FullStory's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    Fullstory prohibits sending health data (medical records, diagnostic data, medical identifiers) to the service; the BAA is a safety net for inadvertent capture rather than a license to store PHI. Limited identifiers like names, emails and IPs are permitted. Match your configuration to this scope before putting protected health information into FullStory.
Before you sign — watch for
  • A signed BAA here does NOT clear you to deliberately store PHI — the vendor still restricts intentional PHI collection or how it may be used. Confirm the exact scope.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with FullStory before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does FullStory sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — FullStory signs a HIPAA BAA only on specific plans or add-ons. Fullstory provides a BAA to existing customers on a paid plan. The BAA exists mainly to cover inadvertent capture of health data — Fullstory continues to prohibit customers from intentionally collecting PHI through the service.
Is FullStory HIPAA compliant?
FullStory can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). Fullstory prohibits sending health data (medical records, diagnostic data, medical identifiers) to the service; the BAA is a safety net for inadvertent capture rather than a license to store PHI. Limited identifiers like names, emails and IPs are permitted.
Can you store PHI (protected health information) in FullStory?
Fullstory prohibits sending health data (medical records, diagnostic data, medical identifiers) to the service; the BAA is a safety net for inadvertent capture rather than a license to store PHI. Limited identifiers like names, emails and IPs are permitted.
Is FullStory SOC 2 certified?
We could not confirm a public SOC 2 report for FullStory. SOC 2 is separate from a HIPAA BAA — confirm both directly with FullStory.
How do I request a HIPAA BAA from FullStory?
FullStory provides the BAA on request. Open a request through FullStory's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with FullStory before storing PHI.
What plan do I need to sign a BAA with FullStory?
Fullstory provides a BAA to existing customers on a paid plan. The BAA exists mainly to cover inadvertent capture of health data — Fullstory continues to prohibit customers from intentionally collecting PHI through the service.

Sources

Business Associate Agreement (BAA) — Fullstory Help Center
https://help.fullstory.com/hc/en-us/articles/17635706856599-Business-Associate-Agreement-BAA
Supports: Provides a BAA on a paid plan; prohibits intentional PHI collectiondated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with FullStory before processing protected health information.

Check another vendor

HotjarNo BAAActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant product & web analytics
Browse all 105 vendors by category →