HIPAA-Compliant Error Tracking

GlitchTip provides HIPAA-aligned error monitoring for covered entities and business associates building software in regulated environments.
Business Associate Agreements (BAA) are available on a Large plan, hosted on app.glitchtip.com (US — DigitalOcean NYC1, New York).

Contact Sales

Is GlitchTip Right for your Application?

If your application generates error events or logs that may contain Protected Health Information (PHI), you need a monitoring vendor willing to sign a BAA and operate under HIPAA's Security Rule requirements. GlitchTip is designed for teams who also want:

An open-source, auditable codebase with no hidden data pipelines. You don't need a lawyer to understand our license.
A vendor that does not use your data to train AI models

Security Controls

GlitchTip's hosted infrastructure is designed to align with the HIPAA Security Rule: covering encryption, access controls, audit trails, backup retention, and breach notification. For a full breakdown, see our Security & Architecture page.

Sub-Processors

Burke Software operates as the data processor. We maintain a minimized set of sub-processors:

Sub-Processor	Purpose
DigitalOcean (NYC1)	Infrastructure & hosting
Mailgun	Transactional email (alerts)
Stripe	Payment processing (billing data only)
Cloudflare	DNS & network proxy (app.glitchtip.com)

Plan Options

Hosted: HIPAA Add-On

All hosted plans run on the same security-controlled infrastructure: encryption at rest, TLS in transit, private VPC, and 90-day data retention. The difference is contractual:

Free, Small, Medium: HIPAA-aligned security controls in place, but no BAA is available. Suitable for organizations that need the technical safeguards but do not require a signed agreement.
Large: BAA available. Required if your organization is a covered entity or business associate that must have a signed BAA with all vendors handling PHI.

To discuss Enterprise pricing and get a BAA in place, contact sales@glitchtip.com.

Frequently Asked HIPAA Questions

Does GlitchTip sign a Business Associate Agreement?

Yes. BAAs are available on our Large plan. Contact sales@glitchtip.com to get a BAA in place before processing PHI.

Is the EU-hosted region (eu.glitchtip.com) covered under a US BAA?

No. BAAs are currently available only for the US instance (app.glitchtip.com) hosted on DigitalOcean NYC1. The EU instance is not covered under a US BAA.

Can I self-host for HIPAA compliance?

Yes. GlitchTip is open-source and can be self-hosted on your own HIPAA-compliant infrastructure. You are responsible for your own security controls, BAAs with sub-processors, and compliance obligations.

What is GlitchTip's breach notification timeline?

Burke Software will notify affected customers without undue delay and no later than 72 hours after discovery of a confirmed breach, in alignment with GDPR and HIPAA requirements.