BAA & HIPAA Compliance

Faxbot is designed for self‑hosted deployments that help organizations keep PHI under their control. Our architecture and documentation support HIPAA compliance programs, security reviews, and due diligence.

Self‑Hosted PHI Control HIPAA‑Ready Architecture BAA Available Audit‑Friendly Events HTTPS & Signature Verification

Core Principles

Self‑hosted by default — PHI remains within your trust boundary.
Least‑privilege operational model — API keys and scoped access.
Audit‑friendly events — lifecycle logging for faxes and admin actions.
Transport security — HTTPS enforcement and signature verification support.

Security Overview

High‑level view of where data flows and the controls applied.

BAA for Managed Services

If we host or operate Faxbot for you, we provide a Business Associate Agreement (BAA). Our BAA process is streamlined and designed for rapid turnaround.

Standard BAA with clear roles and responsibilities.
Architecture documentation describing components, boundaries, and data flows.
Change control and incident response procedures available for review.

We welcome security assessments and audits of our stack. Contact us for documentation and a review session.

Download BAA Contact for BAA & Compliance View Docs

Data Flow Overview

Faxbot supports pluggable backends (e.g., Phaxio, Sinch Fax, SIP/Asterisk). You choose the integration that fits your environment. Our docs provide guidelines for network boundaries, keys, and callback verification.