Vendor compliance profile

Is Pipedrive HIPAA compliant?

Pipedrive should be treated as a conditional SaaS option for HIPAA-regulated workflows until BAA availability, covered services, security evidence, and configuration requirements are verified directly with the vendor. Do not store or transmit PHI unless your organization confirms the exact use case.

Visit vendor site

HIPAA status signal

Conditional

BAA public signal

Public signal - verify scope

SOC 2 evidence signal

Yes

PHI warning: Any field, note, file, message, automation, support ticket, or integration that contains patient-identifying health context may create PHI exposure.

HIPAA, BAA, and SOC 2 summary

HIPAADataset HIPAA signal: Conditional. Verify plan, configuration, BAA scope, and intended workflow before handling PHI.
BAAThe dataset contains a positive BAA signal, but BAA availability must be verified for the exact product, plan, region, and use case.
SOC 2The dataset contains a SOC 2 evidence signal. Review the current report scope, period, covered systems, trust services criteria, and exceptions.
CategoryHIPAA-Compliant CRM and Marketing Tools

What it may be used for

  • General business workflows that do not include PHI.
  • Healthcare-adjacent operations after BAA scope and configuration have been verified.
  • Vendor risk review, procurement research, and compliance planning.

What not to use it for

  • Storing diagnosis, treatment, patient notes, or identifiers without verified BAA coverage.
  • Sending PHI through unsupported forms, messages, automations, or integrations.
  • Replacing legal, compliance, security, or vendor contract review.

What to verify with the vendor

  • Whether the vendor will sign a BAA for your exact product, plan, and use case.
  • Which services, add-ons, regions, and support channels are covered by the agreement.
  • Whether your intended workflow stores, transmits, or processes PHI.
  • Which admin, access control, retention, audit log, and encryption settings must be enabled.

Safer alternatives and related profiles

HubSpot

HIPAA: Conditional | SOC 2: Public evidence

Klaviyo

HIPAA: Unable to confirm | SOC 2: Verify with vendor

Salesforce

HIPAA: Conditional | SOC 2: Public evidence

Shopify

HIPAA: Not supported for PHI | SOC 2: Public evidence

Wix

HIPAA: Conditional | SOC 2: Verify with vendor

FAQ

Is Pipedrive HIPAA compliant?

Pipedrive should be treated as a conditional SaaS option for HIPAA-regulated workflows until BAA availability, covered services, security evidence, and configuration requirements are verified directly with the vendor. Do not store or transmit PHI unless your organization confirms the exact use case.

Will Pipedrive sign a BAA?

The dataset contains a positive BAA signal, but BAA availability must be verified for the exact product, plan, region, and use case.

Can Pipedrive be used with PHI?

Do not use this vendor with PHI until your organization verifies BAA scope, covered services, configuration, access controls, data retention, and connected integrations.

Last checked and source notes

Last checked
2026-04-30
Confidence
Low
Dataset rows
267 vendors
  • ComplySaaS public vendor dataset entry.
  • Vendor trust center, legal terms, BAA documentation, and covered services should be re-checked before use.