BBAA Atlas

Is Mailgun (Sinch) HIPAA compliant?

Transactional email API · vendor site ↗

BAA on select plansPHI with conditionsSOC 2 Type II
Will Mailgun (Sinch) sign a HIPAA BAA?
Sometimes — Mailgun (Sinch) signs a HIPAA BAA only on specific plans or add-ons.
Mailgun (Sinch) publishes a HIPAA Business Associate Addendum and will sign a BAA when it meets the definition of a Business Associate, applying to a valid Service Order. Industry reporting indicates the BAA is offered on negotiated enterprise plans rather than self-serve tiers.
PHI eligibility
PHI is permitted only under a signed BAA; the customer must encrypt PHI, obtain end-user consent, and accept that standard email transmits unencrypted over the public internet.
SOC 2
SOC 2 Type II
Trust center
trust.sinch.com
Sub-processors
Notes
The published BAA addendum (revised 2020-11-20) does not state plan/tier restrictions; the enterprise-only gating comes from third-party reporting, not the legal page itself, hence plan_gated at medium confidence. Confirm a fully executed BAA in writing before sending PHI.
Last verified 2026-05-31confidence: medium· Vendor terms change — confirm directly with Mailgun (Sinch) before storing PHI.

Get notified when this changes

We track Mailgun (Sinch)'s BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Mailgun (Sinch)

Sometimes — Mailgun (Sinch) signs a HIPAA BAA only on specific plans or add-ons.

Request routeSelf-serve — enable it in your account
  1. 1
    Get on a qualifying plan
    Mailgun (Sinch) publishes a HIPAA Business Associate Addendum and will sign a BAA when it meets the definition of a Business Associate, applying to a valid Service Order. Industry reporting indicates the BAA is offered on negotiated enterprise plans rather than self-serve tiers.
  2. 2
    Request the Business Associate Agreement
    Mailgun (Sinch) lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI is permitted only under a signed BAA; the customer must encrypt PHI, obtain end-user consent, and accept that standard email transmits unencrypted over the public internet. Match your configuration to this scope before putting protected health information into Mailgun (Sinch).
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Mailgun (Sinch) before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Mailgun (Sinch) sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Mailgun (Sinch) signs a HIPAA BAA only on specific plans or add-ons. Mailgun (Sinch) publishes a HIPAA Business Associate Addendum and will sign a BAA when it meets the definition of a Business Associate, applying to a valid Service Order. Industry reporting indicates the BAA is offered on negotiated enterprise plans rather than self-serve tiers.
Is Mailgun (Sinch) HIPAA compliant?
Mailgun (Sinch) can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI is permitted only under a signed BAA; the customer must encrypt PHI, obtain end-user consent, and accept that standard email transmits unencrypted over the public internet.
Can you store PHI (protected health information) in Mailgun (Sinch)?
PHI is permitted only under a signed BAA; the customer must encrypt PHI, obtain end-user consent, and accept that standard email transmits unencrypted over the public internet.
Is Mailgun (Sinch) SOC 2 certified?
Mailgun (Sinch) reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Mailgun (Sinch)?
Mailgun (Sinch) lets you obtain the BAA without a sales call. Follow the path named in the plan requirement above — typically an in-product toggle or a billing / compliance settings page — then request and accept the agreement from your own account. Confirm current terms directly with Mailgun (Sinch) before storing PHI.
What plan do I need to sign a BAA with Mailgun (Sinch)?
Mailgun (Sinch) publishes a HIPAA Business Associate Addendum and will sign a BAA when it meets the definition of a Business Associate, applying to a valid Service Order. Industry reporting indicates the BAA is offered on negotiated enterprise plans rather than self-serve tiers.

Sources

HIPAA Business Associate Addendum — Mailgun
https://www.mailgun.com/legal/hipaa-baa/
Supports: Mailgun signs a BAA when it meets the Business Associate definition; customer must encrypt PHI and obtain consent; email is unencrypted over the public internetdated: 2020-11-20
HIPAA Compliance & Sinch
https://www.sinch.com/hipaa/
Supports: Sinch has product-level BAAs as addenda to Terms of Service; primary HIPAA responsibility rests with the customerdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Mailgun (Sinch) before processing protected health information.

Check another vendor

PostmarkNo BAAActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plans

See all HIPAA compliant transactional email & messaging APIs
Browse all 105 vendors by category →