BBAA Atlas

Is Slack HIPAA compliant?

Team chat · vendor site ↗

BAA on select plansPHI with conditionsSOC 2 Type II
Will Slack sign a HIPAA BAA?
Sometimes — Slack signs a HIPAA BAA only on specific plans or add-ons.
Slack's HIPAA help page states you "must be using a Slack Enterprise plan" (the Enterprise Grid tier) to be covered under its BAA. The page does not name the Free, Pro, or Business+ tiers, so their exclusion is inferred from the Enterprise-only requirement rather than explicitly stated by Slack.
PHI eligibility
PHI may appear only in message content and uploaded files on Enterprise Grid with a signed BAA and proper configuration; not in profiles or names, and Slack must not be the system of record.
SOC 2
SOC 2 Type II
Trust center
slack.com
Sub-processors
slack.com
Notes
Enterprise Grid requires a sales conversation. Third-party apps are not covered by Slack's BAA and need their own.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Slack before storing PHI.

Get notified when this changes

We track Slack's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Slack

Sometimes — Slack signs a HIPAA BAA only on specific plans or add-ons.

Request routeThrough sales / your account team
  1. 1
    Get on a qualifying plan
    Slack's HIPAA help page states you "must be using a Slack Enterprise plan" (the Enterprise Grid tier) to be covered under its BAA. The page does not name the Free, Pro, or Business+ tiers, so their exclusion is inferred from the Enterprise-only requirement rather than explicitly stated by Slack.
  2. 2
    Request the Business Associate Agreement
    Slack arranges the BAA through its sales / account team. If you have an account executive, ask them to start the BAA for your plan; otherwise contact Slack sales (or open a request from its trust center) and reference the qualifying plan above.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI may appear only in message content and uploaded files on Enterprise Grid with a signed BAA and proper configuration; not in profiles or names, and Slack must not be the system of record. Match your configuration to this scope before putting protected health information into Slack.
Before you sign — watch for
  • Third-party apps / integrations are not covered by this BAA — each needs its own agreement.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Slack before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Slack sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Slack signs a HIPAA BAA only on specific plans or add-ons. Slack's HIPAA help page states you "must be using a Slack Enterprise plan" (the Enterprise Grid tier) to be covered under its BAA. The page does not name the Free, Pro, or Business+ tiers, so their exclusion is inferred from the Enterprise-only requirement rather than explicitly stated by Slack.
Is Slack HIPAA compliant?
Slack can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI may appear only in message content and uploaded files on Enterprise Grid with a signed BAA and proper configuration; not in profiles or names, and Slack must not be the system of record.
Can you store PHI (protected health information) in Slack?
PHI may appear only in message content and uploaded files on Enterprise Grid with a signed BAA and proper configuration; not in profiles or names, and Slack must not be the system of record.
Is Slack SOC 2 certified?
Slack reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Slack?
Slack arranges the BAA through its sales / account team. If you have an account executive, ask them to start the BAA for your plan; otherwise contact Slack sales (or open a request from its trust center) and reference the qualifying plan above. Confirm current terms directly with Slack before storing PHI.
What plan do I need to sign a BAA with Slack?
Slack's HIPAA help page states you "must be using a Slack Enterprise plan" (the Enterprise Grid tier) to be covered under its BAA. The page does not name the Free, Pro, or Business+ tiers, so their exclusion is inferred from the Enterprise-only requirement rather than explicitly stated by Slack.

Sources

Slack and HIPAA
https://slack.com/help/articles/360020685594-Slack-and-HIPAA
Supports: Source states "must be using a Slack Enterprise plan" for BAA coverage (lower-tier exclusion inferred); PHI limited to messages/files; not system of recorddated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Slack before processing protected health information.

Check another vendor

ActiveCampaignBAA on select plansAcuity SchedulingBAA on select plansAdobe Acrobat SignBAA on select plansAircallSigns a BAAAirtableBAA on select plansAmazon Web Services (AWS)Signs a BAA

See all HIPAA compliant docs & collaboration tools
Browse all 105 vendors by category →