HIPAA & BAA ยท Email marketing
Is Klaviyo HIPAA compliant?
No. Klaviyo does not sign a BAA and its Acceptable Use Policy prohibits storing or transmitting Protected Health Information on the platform.
Key facts
- BAA available: No โ vendor will not sign a BAA
- Official source: Klaviyo Acceptable Use Policy (prohibited data types) โ https://www.klaviyo.com/legal/acceptable-use-policy (verified 2026-06)
What to do instead of Klaviyo
- Do not load PHI (diagnoses, treatment info, or any individually identifiable health data) into Klaviyo profiles, events, or messages.
- Use Klaviyo only for non-PHI marketing (general newsletters with no health-status data).
- For PHI workflows, use a HIPAA-friendly platform that signs a BAA (e.g., Paubox, LuxSci).
- Confirm scope with Klaviyo before any healthcare deployment, since AUP enforcement can suspend accounts.
Important caveats
- There is no enterprise tier or add-on that enables PHI/HIPAA use on Klaviyo.
- Klaviyo also prohibits GDPR/UK-GDPR special-category (health) data.
- General marketing to a health/wellness audience is allowed only when no PHI is processed.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Klaviyo correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Klaviyo.
Frequently asked questions
Does Klaviyo sign a BAA?
No. Klaviyo does not sign a Business Associate Agreement, so it should not be used to create, receive, store, or transmit protected health information (PHI).
Is Klaviyo HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Klaviyo offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Klaviyo with PHI?
There is no enterprise tier or add-on that enables PHI/HIPAA use on Klaviyo.
