BBAA Atlas

Is Iterable HIPAA compliant?

Customer engagement · vendor site ↗

Signs a BAAPHI with conditionsSOC 2 Type II
Will Iterable sign a HIPAA BAA?
Yes — Iterable will sign a HIPAA Business Associate Agreement (BAA).
Iterable's trust center lists HIPAA among its compliance frameworks alongside SOC 2 Type 2 and ISO 27001, and Iterable will sign a BAA on request (per Paubox's verified review). The trust center itself does not contain an explicit 'we sign a BAA' sentence.
PHI eligibility
PHI may be processed across Iterable's channels (email, SMS, push, in-app) once a BAA is executed; per the secondary review, Iterable's sub-processors have signed BAAs.
SOC 2
SOC 2 Type II
Trust center
trust.iterable.com
Sub-processors
Notes
Iterable's own trust center lists HIPAA + SOC 2 Type 2 but stops short of stating BAA execution; the explicit BAA-signing confirmation is from Paubox. Confirm the BAA directly with Iterable.
Last verified 2026-05-31confidence: medium· Vendor terms change — confirm directly with Iterable before storing PHI.

Get notified when this changes

We track Iterable's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Iterable

Yes — Iterable will sign a HIPAA Business Associate Agreement (BAA).

Request routeBy request — via trust center or support
  1. 1
    Confirm your account is covered
    Iterable's trust center lists HIPAA among its compliance frameworks alongside SOC 2 Type 2 and ISO 27001, and Iterable will sign a BAA on request (per Paubox's verified review). The trust center itself does not contain an explicit 'we sign a BAA' sentence.
  2. 2
    Request the Business Associate Agreement
    Iterable provides the BAA on request. Open a request through Iterable's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may be processed across Iterable's channels (email, SMS, push, in-app) once a BAA is executed; per the secondary review, Iterable's sub-processors have signed BAAs. Match your configuration to this scope before putting protected health information into Iterable.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Iterable before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Iterable sign a HIPAA Business Associate Agreement (BAA)?
Yes — Iterable will sign a HIPAA Business Associate Agreement (BAA). Iterable's trust center lists HIPAA among its compliance frameworks alongside SOC 2 Type 2 and ISO 27001, and Iterable will sign a BAA on request (per Paubox's verified review). The trust center itself does not contain an explicit 'we sign a BAA' sentence.
Is Iterable HIPAA compliant?
Iterable can be used in a HIPAA-compliant way: it signs a Business Associate Agreement (BAA), which HIPAA requires before you process PHI with a vendor. PHI may be processed across Iterable's channels (email, SMS, push, in-app) once a BAA is executed; per the secondary review, Iterable's sub-processors have signed BAAs.
Can you store PHI (protected health information) in Iterable?
PHI may be processed across Iterable's channels (email, SMS, push, in-app) once a BAA is executed; per the secondary review, Iterable's sub-processors have signed BAAs.
Is Iterable SOC 2 certified?
Iterable reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Iterable?
Iterable provides the BAA on request. Open a request through Iterable's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Iterable before storing PHI.
What plan do I need to sign a BAA with Iterable?
Iterable's trust center lists HIPAA among its compliance frameworks alongside SOC 2 Type 2 and ISO 27001, and Iterable will sign a BAA on request (per Paubox's verified review). The trust center itself does not contain an explicit 'we sign a BAA' sentence.

Sources

Iterable Trust Center
https://trust.iterable.com/
Supports: Lists HIPAA compliance and SOC 2 Type 2dated: 2026-04-30
Are we sure Iterable is HIPAA compliant? (2026 update)
https://www.paubox.com/blog/are-we-sure-iterable-is-hipaa-compliant
Supports: Iterable will sign a BAA on requestdated: 2023-02-27
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Iterable before processing protected health information.

Check another vendor

BrazeSigns a BAAActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant email marketing & automation
Browse all 105 vendors by category →