Is UserPilot HIPAA compliant? (2026 update)

Userpilot is a product growth and product experience platform that helps teams track user behavior, create in-app experiences, collect feedback, run session replays, and improve user onboarding across digital products.

With Userpilot, companies can use product analytics, in-app engagement, surveys, session replay, email, workflows, and AI-powered product insights to understand and improve the customer experience.

Is Userpilot HIPAA compliant? Yes, Userpilot is HIPAA compliant.

What changed this year?

As of June 2026, our review did not identify any publicly disclosed changes to Userpilot HIPAA-related policies or BAA terms.

Userpilot’s public website still describes the platform as supporting HIPAA compliance. Its security page states, “Userpilot ensures HIPAA compliance to demonstrate its commitment to providing the highest security standards for customers and potential prospects in the health industry.”

Userpilot also states, “It is important to note that Userpilot does not inherently work with PHI. However, for our customers who store and process PHI, we want to reassure them that our application strictly adheres to the HIPAA framework, providing a secure environment for handling sensitive health information.”

Will Userpilot sign a business associate agreement (BAA)?

Userpilot does not publish a standalone BAA for public review, so healthcare organizations should contact Userpilot directly before sending or processing PHI through the platform.

What does the Userpilot BAA cover?

Userpilot does not appear to publish the full BAA terms publicly, so the exact contractual coverage should be confirmed directly with Userpilot before using the platform for PHI.

Conclusion

Userpilot is HIPAA compliant when used with a signed BAA and proper security configurations, but healthcare organizations should confirm the current BAA terms directly with Userpilot before using the platform for PHI.

Learn more: HIPAA Compliant Email: The Definitive Guide

FAQs

What is a business associate agreement?

A BAA is a legally binding contract establishing a relationship between a covered entity under HIPAA and its business associates. The purpose of this agreement is to ensure the proper protection of PHI as required by HIPAA regulations.

What is HIPAA?

HIPAA sets national standards for protecting the privacy and security of certain health information.

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

Who does HIPAA apply to?

HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.