HIPAA

HIPAA at SiteGPT

The current status of HIPAA compliance and BAA availability at SiteGPT, straight from the source.

Current status

Last Updated: July 2026

This page is the authoritative source for HIPAA availability at SiteGPT. If you have read elsewhere that SiteGPT offers Business Associate Agreements (BAAs) on all paid plans, that is not accurate: BAAs are an Enterprise plan feature. The details are below.

What is true today

  • SiteGPT has been assessed for HIPAA compliance by DPLMC International, covering HIPAA security and privacy safeguards.
  • We have completed a SOC 2 Type II examination with zero exceptions noted across all tested controls.
  • We are GDPR certified by DPLMC International.
  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • Your data is never used to train AI models, by us or by our AI subprocessors.
  • Our full subprocessor list is published at /legal/subprocessors.

Business Associate Agreements

BAAs are available for Enterprise plan customers and are executed as part of enterprise onboarding. Before we sign yours, we complete signed BAA coverage across every vendor that touches Protected Health Information (PHI) in your deployment, because anything less would not genuinely protect you. That diligence is part of onboarding, not an extra you have to ask for.

To request a BAA, email bhanu@sitegpt.ai with a short note about your organization and use case, and we will scope your deployment together.

What this means for PHI

Until a BAA is executed for your account, do not submit PHI through SiteGPT. This includes chatbot training content, end-user conversations, uploaded files, and lead capture. This is a condition of our Terms and Conditions.

If you run a healthcare organization and want to use SiteGPT today for content that contains no PHI (public website FAQs, scheduling guidance, service information), that use is fully supported.

Frequently asked questions

Which plans include a BAA?

BAAs are available on the Enterprise plan. They are not available on Starter, Growth, or Scale today. A self-serve HIPAA tier is planned; email us if you want to be notified when it ships.

Will the BAA cover the AI models you use?

Yes. The entire PHI processing chain for your deployment, including our AI providers, operates under signed agreements before we execute your BAA.

What is the timeline?

BAAs are executed during enterprise onboarding. Timelines depend on your deployment's requirements; contact us and we will scope it with you.

Questions

Email bhanu@sitegpt.ai for BAA early access, or support@sitegpt.ai for anything else.