Table of Contents
Lob maintains enterprise-level security and privacy measures to ensure our customer data, information assets, and system infrastructures are thoroughly protected against bad actors. Read on to learn more about our work in this area.
Single Sign-On (SSO)
If your business requires Single Sign-On, you can configure Lob SSO with other popular IDPs in the market. See the Lob sign-in page for SSO setup instructions.
Printing and mailing any Sensitive Personally Identifiable Information (Sensitive PII) will be up to the users’ own discretion. See the USPS Marketing Mail Eligibility guidance around how including personal information can also impact postage and mailing class options. If you require any mailings that contain Sensitive PII to be sent, we strongly recommend they be sent as a Letter form factor.
PHI & HIPAA
Lob is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If you require HIPAA-compliant healthcare mailings that include protected health information (PHI) to be sent, we strongly recommend they be sent as a letter, which is a HIPAA-compliant form factor.
Currently, we do not support HIPAA compliance for self-mailers, postcards, or letter-affixed cards. HIPPA
Lob is SOC 2 compliant; our related SOC 3 report can be downloaded directly from our Security page.
If you have additional questions about our security posture or need a SOC 2 report (this requires an NDA for teams that are not already Lob customers or a signed contract with Lob for existing customers), reach out to your Customer Success Manager or email firstname.lastname@example.org.
Lob has dedicated HIPAA-compliant processes and facilities for customers that require it. If your documents require HIPAA compliance, talk to Sales to get a Business Associates Agreement (BAA) executed for even stronger data controls.
Read more about our comprehensive security features available.
Lob has a bug bounty program via our private HackerOne program, where any security vulnerability can be responsibly reported. If you’d like to join, send your HackerOne username or email to email@example.com so we can invite you to our program.