Security & privacy

Lob maintains enterprise-level security and privacy measures to ensure our customer data, information assets, and system infrastructures are thoroughly protected against bad actors. Read on to learn more about our work in this area.

Single Sign-On (SSO)

If your business requires Single Sign-On, you can configure Lob SSO with other popular IDPs in the market. See instructions for SSO setup.

Data privacy

Sensitive PII

Printing and mailing any Sensitive Personally Identifiable Information (Sensitive PII) will be up to the users’ own discretion. See the USPS Marketing Mail Eligibility guidance around how including personal information can also impact postage and mailing class options. If you require any mailings that contain Sensitive PII to be sent, we strongly recommend they be sent as a sealable Letter mail format.


Lob is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If you require HIPAA-compliant healthcare mailings that include protected health information (PHI) to be sent, we strongly recommend they be sent as a letter, which is a HIPAA-compliant form factor.
Currently, we do not support HIPAA compliance for self-mailers, postcards, or letter-affixed cards.

Corporate policy

Read more about our data collection and use practices of Lob on our privacy policy page.


Lob is SOC 2 compliant; our related SOC 3 report can be downloaded directly from our Security page.
If you have additional questions about our security posture or need a SOC 2 report (this requires an NDA for teams that are not already Lob customers or a signed contract with Lob for existing customers), reach out to your Customer Success Manager or email [email protected].
Lob has dedicated HIPAA compliant processes and facilities for customers that require it. If your documents require HIPAA compliance, talk to Sales to get a Business Associates Agreement (BAA) executed for even stronger data controls.
Read more about our comprehensive security features available.

HackerOne bug bounty program

Lob has a bug bounty program via our private HackerOne program, where any security vulnerability can be responsibly reported. If you’d like to join, send your HackerOne username or email to [email protected] so we can invite you to our program.