BBAA Atlas

Is Klaviyo HIPAA compliant?

Marketing automation · vendor site ↗

No BAANot for PHISOC 2 Type II
Will Klaviyo sign a HIPAA BAA?
No — Klaviyo does not sign a HIPAA Business Associate Agreement (BAA).
Klaviyo does not sign a BAA; its Acceptable Use Policy bars storing, processing, or transmitting PHI as defined under HIPAA.
PHI eligibility
PHI and other special-category data are prohibited on the platform, so it cannot be used by covered entities for protected health information.
SOC 2
SOC 2 Type II
Trust center
trust.klaviyo.com
Sub-processors
Notes
SOC 2 Type II and ISO 27001 are confirmed via Klaviyo's own trust pages, but PHI is explicitly forbidden.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Klaviyo before storing PHI.

Get notified when this changes

We track Klaviyo's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Klaviyo

No — Klaviyo does not sign a HIPAA Business Associate Agreement (BAA).

There is no BAA to request — Klaviyo will not sign one. Klaviyo does not sign a BAA; its Acceptable Use Policy bars storing, processing, or transmitting PHI as defined under HIPAA.

Need a vendor in this space that does? See which HIPAA compliant email marketing & automation sign a BAA →

Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Klaviyo before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Klaviyo sign a HIPAA Business Associate Agreement (BAA)?
No — Klaviyo does not sign a HIPAA Business Associate Agreement (BAA). Klaviyo does not sign a BAA; its Acceptable Use Policy bars storing, processing, or transmitting PHI as defined under HIPAA.
Is Klaviyo HIPAA compliant?
Klaviyo is not HIPAA-ready: it does not sign a Business Associate Agreement (BAA), so you cannot use it to process protected health information (PHI). PHI and other special-category data are prohibited on the platform, so it cannot be used by covered entities for protected health information.
Can you store PHI (protected health information) in Klaviyo?
PHI and other special-category data are prohibited on the platform, so it cannot be used by covered entities for protected health information.
Is Klaviyo SOC 2 certified?
Klaviyo reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Klaviyo?
You can't — Klaviyo does not sign a HIPAA Business Associate Agreement. Klaviyo does not sign a BAA; its Acceptable Use Policy bars storing, processing, or transmitting PHI as defined under HIPAA.
What plan do I need to sign a BAA with Klaviyo?
Klaviyo does not offer a BAA on any plan, so no plan qualifies. Klaviyo does not sign a BAA; its Acceptable Use Policy bars storing, processing, or transmitting PHI as defined under HIPAA.

Sources

Acceptable Use Policy — Klaviyo
https://www.klaviyo.com/legal/acceptable-use-policy
Supports: Users may not store/process/transmit health information including PHI as defined in HIPAAdated: undated
Trust at Klaviyo
https://www.klaviyo.com/trust
Supports: Klaviyo undergoes annual SOC 2 and ISO 27001 third-party auditsdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Klaviyo before processing protected health information.

Check another vendor

ActiveCampaignBAA on select plansCustomer.ioSigns a BAAAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant email marketing & automation
Browse all 105 vendors by category →