Is Mailchimp HIPAA compliant?
No BAANot for PHI
Will Mailchimp sign a HIPAA BAA?
No — Mailchimp does not sign a HIPAA Business Associate Agreement (BAA).
Mailchimp (Intuit) does not sign a BAA on any plan; its Acceptable Use Policy bars importing sensitive personal information regulated by applicable law.
PHI eligibility
PHI must not be uploaded, sent, or stored; Mailchimp's terms place HIPAA suitability and liability entirely on the user.
SOC 2
Not publicly confirmed
Trust center
Sub-processors
—
Notes
Mailchimp's AUP does not name HIPAA/PHI explicitly; the prohibition is via the broad 'regulated sensitive data' clause, corroborated by HIPAA Journal.
Get notified when this changes
We track Mailchimp's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with Mailchimp
No — Mailchimp does not sign a HIPAA Business Associate Agreement (BAA).
There is no BAA to request — Mailchimp will not sign one. Mailchimp (Intuit) does not sign a BAA on any plan; its Acceptable Use Policy bars importing sensitive personal information regulated by applicable law.
Need a vendor in this space that does? See which HIPAA compliant email marketing & automation sign a BAA →
Before you sign — watch for
- A signed BAA here does NOT clear you to deliberately store PHI — the vendor still restricts intentional PHI collection or how it may be used. Confirm the exact scope.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Mailchimp before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does Mailchimp sign a HIPAA Business Associate Agreement (BAA)?
No — Mailchimp does not sign a HIPAA Business Associate Agreement (BAA). Mailchimp (Intuit) does not sign a BAA on any plan; its Acceptable Use Policy bars importing sensitive personal information regulated by applicable law.
Is Mailchimp HIPAA compliant?
Mailchimp is not HIPAA-ready: it does not sign a Business Associate Agreement (BAA), so you cannot use it to process protected health information (PHI). PHI must not be uploaded, sent, or stored; Mailchimp's terms place HIPAA suitability and liability entirely on the user.
Can you store PHI (protected health information) in Mailchimp?
PHI must not be uploaded, sent, or stored; Mailchimp's terms place HIPAA suitability and liability entirely on the user.
Is Mailchimp SOC 2 certified?
We could not confirm a public SOC 2 report for Mailchimp. SOC 2 is separate from a HIPAA BAA — confirm both directly with Mailchimp.
How do I request a HIPAA BAA from Mailchimp?
You can't — Mailchimp does not sign a HIPAA Business Associate Agreement. Mailchimp (Intuit) does not sign a BAA on any plan; its Acceptable Use Policy bars importing sensitive personal information regulated by applicable law.
What plan do I need to sign a BAA with Mailchimp?
Mailchimp does not offer a BAA on any plan, so no plan qualifies. Mailchimp (Intuit) does not sign a BAA on any plan; its Acceptable Use Policy bars importing sensitive personal information regulated by applicable law.
Sources
https://mailchimp.com/legal/acceptable_use/
https://www.hipaajournal.com/is-mailchimp-hipaa-compliant/
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Mailchimp before processing protected health information.
Check another vendor
See all HIPAA compliant email marketing & automation →
Browse all 105 vendors by category →