BBAA Atlas

Is Snowflake HIPAA compliant?

Cloud data platform · vendor site ↗

BAA on select plansPHI with conditionsSOC 2 Type II
Will Snowflake sign a HIPAA BAA?
Sometimes — Snowflake signs a HIPAA BAA only on specific plans or add-ons.
Snowflake's Terms of Service require a mutually executed BAA before any HIPAA Data is processed in the Service. Per Snowflake documentation, HIPAA-eligible accounts are provided on the higher-tier Business Critical edition (with Virtual Private Snowflake for the strictest needs).
PHI eligibility
PHI/HIPAA Data may be processed only after a signed BAA is executed and only when provided as Customer Data, in practice on a Business Critical (or VPS) edition account; without a BAA Snowflake disclaims all HIPAA liability.
SOC 2
SOC 2 Type II
Trust center
trust.snowflake.com
Sub-processors
snowflake.com
Notes
Terms of Service confirm BAA gating but do not name an edition; the Business Critical requirement comes from Snowflake product docs. Published certifications include SOC 1/2 Type II, ISO 27001/27017/27018, HITRUST CSF, FedRAMP and PCI DSS.
Last verified 2026-05-31confidence: high· Vendor terms change — confirm directly with Snowflake before storing PHI.

Get notified when this changes

We track Snowflake's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.

One email per change. No newsletter, no selling your address.

How to request and sign a BAA with Snowflake

Sometimes — Snowflake signs a HIPAA BAA only on specific plans or add-ons.

Request routeBy request — via trust center or support
  1. 1
    Get on a qualifying plan
    Snowflake's Terms of Service require a mutually executed BAA before any HIPAA Data is processed in the Service. Per Snowflake documentation, HIPAA-eligible accounts are provided on the higher-tier Business Critical edition (with Virtual Private Snowflake for the strictest needs).
  2. 2
    Request the Business Associate Agreement
    Snowflake provides the BAA on request. Open a request through Snowflake's trust center and ask for the current Business Associate Agreement covering your plan.
  3. 3
    Confirm what PHI is allowed before you store any
    PHI/HIPAA Data may be processed only after a signed BAA is executed and only when provided as Customer Data, in practice on a Business Critical (or VPS) edition account; without a BAA Snowflake disclaims all HIPAA liability. Match your configuration to this scope before putting protected health information into Snowflake.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Snowflake before you rely on it. This is cited public information, not legal advice.

Frequently asked questions

Does Snowflake sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Snowflake signs a HIPAA BAA only on specific plans or add-ons. Snowflake's Terms of Service require a mutually executed BAA before any HIPAA Data is processed in the Service. Per Snowflake documentation, HIPAA-eligible accounts are provided on the higher-tier Business Critical edition (with Virtual Private Snowflake for the strictest needs).
Is Snowflake HIPAA compliant?
Snowflake can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI/HIPAA Data may be processed only after a signed BAA is executed and only when provided as Customer Data, in practice on a Business Critical (or VPS) edition account; without a BAA Snowflake disclaims all HIPAA liability.
Can you store PHI (protected health information) in Snowflake?
PHI/HIPAA Data may be processed only after a signed BAA is executed and only when provided as Customer Data, in practice on a Business Critical (or VPS) edition account; without a BAA Snowflake disclaims all HIPAA liability.
Is Snowflake SOC 2 certified?
Snowflake reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Snowflake?
Snowflake provides the BAA on request. Open a request through Snowflake's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Snowflake before storing PHI.
What plan do I need to sign a BAA with Snowflake?
Snowflake's Terms of Service require a mutually executed BAA before any HIPAA Data is processed in the Service. Per Snowflake documentation, HIPAA-eligible accounts are provided on the higher-tier Business Critical edition (with Virtual Private Snowflake for the strictest needs).

Sources

Snowflake Terms of Service
https://www.snowflake.com/en/legal/terms-of-service/
Supports: BAA required before processing HIPAA Data; no liability for HIPAA Data without a BAA; HIPAA Data only as Customer Datadated: 2026-04-16
Snowflake Trust Center
https://trust.snowflake.com/
Supports: Snowflake maintains SOC 2 Type II among its compliance certifications, downloadable via the Trust Centerdated: undated
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Snowflake before processing protected health information.

Check another vendor

ConfluentSigns a BAADatabricksSigns a BAAElastic CloudSigns a BAAFivetranBAA on select plansActiveCampaignBAA on select plansAcuity SchedulingBAA on select plans

See all HIPAA compliant databases & data platforms
Browse all 105 vendors by category →