Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Is UserPilot HIPAA compliant?

Is UserPilot HIPAA compliant?

UserPilot provides features that comply with HIPAA security standards and offers customers a business associate agreement (BAA). Although not mentioned explicitly in its security section, this makes it clear that UserPilot is HIPAA compliant.


What is UserPilot?

Userpilot enhances the user experience for SaaS companies and digital product teams by providing a versatile product experience platform. This platform specializes in improving user onboarding and feature adoption through its suite of tools. Key features include customizable, code-free user interface elements, creating interactive product experiences. It also offers in-depth analytics for precise user behavior tracking, enabling businesses to gain insights into user engagement. 

See also: HIPAA Compliant Email: The Definitive Guide


UserPilot and business associate agreement

Given Userpilot's functionalities, such as creating interactive product experiences and handling user data, it could be categorized as a business associate when used within healthcare settings, mainly if any user data includes protected health information (PHI).

Based on their security information, Userpilot offers a BAA to its clients. Potential clients should contact Userpilot for more information. 

See also: What is the purpose of a business associate agreement?


UserPilot and data security

UserPilot mentions its commitment to data security through its compliance with SOCII and GDPR. Specific measures include: 

  1. User access control: User access is transparent and finely controlled, ensuring only authorized users can access specific data and features.
  2. Multi-Factor Authentication (MFA): Userpilot enhances security with MFA, requiring a code from a mobile device for login, which can be enforced for all team members.
  3. Network and application security: Their infrastructure spans multiple AWS (Amazon Web Services) availability zones for failover and disaster recovery. In case of a data center failure, their services continue to operate.
  4. Virtual private cloud: Userpilot's servers are within a private cloud with strict network access control lists, ensuring a secure network environment.
  5. Permissions and authentication: Access to customer data is strictly limited to authorized employees who need it for their job.
  6. Incident response: They have a protocol for handling security events, including escalation procedures.
  7. Infrastructure: Their infrastructure primarily uses AWS and partially Google Cloud Platform (GCP), with real-time data syncing and multiple daily backups.
  8. Privacy initiatives: They commit to data privacy by offering Standard Contractual Clauses for compliant data transfer outside the EU, privacy by design principles, and an updated Privacy Policy.

See also: What is data security?



Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.