EmailJS

# Health Insurance Portability and Accountability Act

Last modified: June 17th, 2026

The Health Insurance Portability and Accountability Act (opens new window) (HIPAA) is a federal regulation developed by the U.S. Department of Health and Human Services. HIPAA was designed to protect the privacy and security of an individual’s Protected Health Information (PHI) and establishes standards and requirements around the use, disclosure, and protection of that data. HIPAA applies to covered entities and business associates, that create, receive, maintain, access, or send PHI.

# EmailJS and the HIPAA

EmailJS provides comprehensive privacy and security protections that enable our customers to operate our products in compliance with HIPAA.

Customers who are subject to HIPAA compliance and want to partner with EmailJS purchase a Business plan to enter into a Business Associate Agreement (BAA) that covers the applicable products and services.

# Permitted Uses and Disclosures

EmailJS may use or disclose PHI only as necessary to perform the EmailJS services (sending emails) or as required by law. EmailJS shall not use or disclose PHI for any other purpose.

# Safeguards

EmailJS implements appropriate administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA requirements.

# No Storage of PHI

EmailJS does not permanently store PHI. Customers must enable the "Do not save private data" option in their template settings. When this option is enabled, PHI is processed only in memory during email transmission and is not retained after the email is sent.

# Subcontractors

EmailJS does not engage subcontractors that process PHI on its behalf. Any email provider connected to EmailJS is selected and authorized by the Covered Entity.

# Reporting Security Incidents and Breaches

EmailJS shall report to Covered Entity any security incident or Breach involving PHI within 48 hours of discovery.

# Termination

This BAA terminates when Covered Entity ceases using the EmailJS Business plan. Since EmailJS does not store PHI, no return or destruction of PHI is required upon termination.