How do I know contacts uploaded to Paubox Marketing are secure?

Featured image

Share this article

Couple on bench in front of lake overlook with mountains in the background

A question about Paubox Marketing recently came to my attention:

How do I know contacts uploaded to Paubox Marketing are secure?

In this post, we’ll answer the question and illustrate several methods to securely upload contacts to Paubox Marketing.

Adding Contacts to Paubox Marketing via Paubox Admin Panel

There are two ways to upload and add contacts to Paubox Marketing.

The first is via the Paubox Admin Panel. We require all Admin Panel logins to use multi-factor authentication (MFA). In addition, the Admin Panel uses secure HTTPS connections for all its pages. Incidentally, the same has been true since day one for all web pages on paubox.com.

See Related: Paubox eliminates obsolete TLS protocols, follows NSA guidance

Once logged in, you can add and upload contacts via the Contacts menu. From here, you can manually type them in or you can upload them in bulk via an Excel spreadsheet. We also provide a template spreadsheet you can download as well (it’s in the upper right corner of the Contacts page).

Adding and uploading contacts via the Paubox Admin Panel are done securely via HTTPS connections.

You can see this in action by looking at your browser (see screenshot below):

Screenshot of browser security options, under URL reads: Security

Adding Contacts to Paubox Marketing via API endpoint

You can also securely upload contacts to Paubox Marketing via its API, which we’ve documented on our Developer Docs site.

For more information on this method, we wrote about how to do it last month: How to add and delete contacts in bulk using the Paubox Marketing API

Contact Storage at Rest

Whether you add contacts by manually typing them in via the Paubox Admin Panel, or uploading them in bulk via spreadsheet or API endpoint, all contacts are encrypted at-rest in our platform.

In fact, encryption at-rest of protected health information (PHI) was a requirement during our HITRUST CSF certification process.

See Related: Paubox renews, expands HITRUST CSF certification through 2023

We document our encryption at-rest policy on our Security page:


The HIPAA Security Rule includes addressable implementation specifications for the encryption of PHI in transmission (“in-transit”) and in storage (“at-rest”). Paubox encrypts PHI in accordance with guidance from the Secretary of Health and Human Services (HHS), “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals.”

Paubox encryption at rest is consistent with HIPAA guidance that is currently in effect. With Paubox at rest encryption, a unique volume encryption key is generated for each Paubox disk volume (hard drive).


Summary: Securely Uploading Contacts to Paubox Marketing

In summary, here is how we allow customers and prospects to securely upload contacts to Paubox Marketing:

  • You can upload contacts via the Paubox Admin Panel. The Admin Panel requires MFA authentication to login and all web pages are encrypted via HTTPS connections.
  • You can also upload contacts via the Paubox Marketing API. All API endpoints at Paubox are also encrypted via HTTPS.
  • All data stored on the Paubox platform, including contacts, are encrypted at-rest.
  • Paubox Marketing is HITRUST CSF certified. HITRUST is the gold standard of certifications in U.S. Healthcare.

Paubox Marketing

Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information without violating HIPAA regulations.

Now you can send your patients personalized messages that include PHI using our HIPAA compliant email marketing service, Paubox Marketing.

  • Grow your business. Send targeted, personalized messages that resonate with your audience.
  • Increase patient engagement. Drive engagement by including PHI in your HIPAA compliant email campaigns to create personalized and relevant messaging.
  • Track results. Access real-time analytics to track marketing campaign performance.
  • Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.

Paubox Marketing is HITRUST CSF certified and is free to use for up to 100 contacts.

The free plan also includes a business associate agreement.

Kickstart your HIPAA compliant email marketing with Paubox Marketing
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022