Is Netlify HIPAA compliant?
BAA on select plansPHI with conditionsSOC 2 Type II
Will Netlify sign a HIPAA BAA?
Sometimes — Netlify signs a HIPAA BAA only on specific plans or add-ons.
Netlify offers a HIPAA-compliant service offering and will execute a BAA, but only for Enterprise customers handling PHI; standard plans are not covered.
PHI eligibility
PHI may be transmitted/processed on Netlify's HIPAA service offering once an Enterprise BAA is executed.
SOC 2
SOC 2 Type II
Trust center
Sub-processors
—
Notes
HIPAA offering announced 2024-08-15 alongside SOC 2 Type 2, ISO 27001/27018 and PCI DSS v4.0.
Get notified when this changes
We track Netlify's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with Netlify
Sometimes — Netlify signs a HIPAA BAA only on specific plans or add-ons.
Request routeBy request — via trust center or support
- 1Get on a qualifying planNetlify offers a HIPAA-compliant service offering and will execute a BAA, but only for Enterprise customers handling PHI; standard plans are not covered.
- 2Request the Business Associate AgreementNetlify provides the BAA on request. Open a request through Netlify's trust center and ask for the current Business Associate Agreement covering your plan.
- 3Confirm what PHI is allowed before you store anyPHI may be transmitted/processed on Netlify's HIPAA service offering once an Enterprise BAA is executed. Match your configuration to this scope before putting protected health information into Netlify.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Netlify before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does Netlify sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Netlify signs a HIPAA BAA only on specific plans or add-ons. Netlify offers a HIPAA-compliant service offering and will execute a BAA, but only for Enterprise customers handling PHI; standard plans are not covered.
Is Netlify HIPAA compliant?
Netlify can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI may be transmitted/processed on Netlify's HIPAA service offering once an Enterprise BAA is executed.
Can you store PHI (protected health information) in Netlify?
PHI may be transmitted/processed on Netlify's HIPAA service offering once an Enterprise BAA is executed.
Is Netlify SOC 2 certified?
Netlify reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Netlify?
Netlify provides the BAA on request. Open a request through Netlify's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Netlify before storing PHI.
What plan do I need to sign a BAA with Netlify?
Netlify offers a HIPAA-compliant service offering and will execute a BAA, but only for Enterprise customers handling PHI; standard plans are not covered.
Sources
https://www.netlify.com/blog/netlify-launches-a-hipaa-compliant-service-offering/
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Netlify before processing protected health information.
Check another vendor
See all HIPAA compliant cloud infrastructure & hosting →
Browse all 105 vendors by category →