Security & privacy
Lob maintains enterprise-level security and privacy measures to ensure our customer data, information assets, and system infrastructures are thoroughly protected against bad actors. Read on to learn more about our work in this area.
Printing and mailing any Sensitive Personally Identifiable Information (Sensitive PII) will be up to the users’ own discretion. See the USPS Marketing Mail Eligibility guidance around how including personal information can also impact postage and mailing class options. If you require any mailings that contain Sensitive PII to be sent, we strongly recommend they be sent as a sealable Letter mail format.
Lob is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If you require HIPAA-compliant healthcare mailings that include protected health information (PHI) to be sent, we strongly recommend they be sent as a letter, which is a HIPAA-compliant form factor.
Currently, we do not support HIPAA compliance for self-mailers, postcards, or letter-affixed cards.
If you have additional questions about our security posture or need a SOC 2 report (this requires an NDA for teams that are not already Lob customers or a signed contract with Lob for existing customers), reach out to your Customer Success Manager or email [email protected].
Lob has dedicated HIPAA compliant processes and facilities for customers that require it. If your documents require HIPAA compliance, talk to Sales to get a Business Associates Agreement (BAA) executed for even stronger data controls.