How do I know contacts uploaded to Paubox Marketing are secure?

Couple on bench in front of lake overlook with mountains in the background

A question about Paubox Marketing recently came to my attention:

How do I know contacts uploaded to Paubox Marketing are secure?

In this post, we’ll answer the question and illustrate several methods to securely upload contacts to Paubox Marketing.

Adding Contacts to Paubox Marketing via Paubox Admin Panel

There are two ways to upload and add contacts to Paubox Marketing.

The first is via the Paubox Admin Panel. We require all Admin Panel logins to use multi-factor authentication (MFA). In addition, the Admin Panel uses secure HTTPS connections for all its pages. Incidentally, the same has been true since day one for all web pages on paubox.com.

See Related: Paubox eliminates obsolete TLS protocols, follows NSA guidance

Once logged in, you can add and upload contacts via the Contacts menu. From here, you can manually type them in or you can upload them in bulk via an Excel spreadsheet. We also provide a template spreadsheet you can download as well (it’s in the upper right corner of the Contacts page).

Adding and uploading contacts via the Paubox Admin Panel are done securely via HTTPS connections.

You can see this in action by looking at your browser (see screenshot below):

Screenshot of browser security options, under URL reads: Security

Adding Contacts to Paubox Marketing via API endpoint

You can also securely upload contacts to Paubox Marketing via its API, which we’ve documented on our Developer Docs site.

For more information on this method, we wrote about how to do it last month: How to add and delete contacts in bulk using the Paubox Marketing API

Contact Storage at Rest

Whether you add contacts by manually typing them in via the Paubox Admin Panel, or uploading them in bulk via spreadsheet or API endpoint, all contacts are encrypted at-rest in our platform.

In fact, encryption at-rest of protected health information (PHI) was a requirement during our HITRUST CSF certification process.

See Related: Paubox renews, expands HITRUST CSF certification through 2023

We document our encryption at-rest policy on our Security page:


The HIPAA Security Rule includes addressable implementation specifications for the encryption of PHI in transmission (“in-transit”) and in storage (“at-rest”). Paubox encrypts PHI in accordance with guidance from the Secretary of Health and Human Services (HHS), “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals.”

Paubox encryption at rest is consistent with HIPAA guidance that is currently in effect. With Paubox at rest encryption, a unique volume encryption key is generated for each Paubox disk volume (hard drive).


Summary: Securely Uploading Contacts to Paubox Marketing

In summary, here is how we allow customers and prospects to securely upload contacts to Paubox Marketing:

  • You can upload contacts via the Paubox Admin Panel. The Admin Panel requires MFA authentication to login and all web pages are encrypted via HTTPS connections.
  • You can also upload contacts via the Paubox Marketing API. All API endpoints at Paubox are also encrypted via HTTPS.
  • All data stored on the Paubox platform, including contacts, are encrypted at-rest.
  • Paubox Marketing is HITRUST CSF certified. HITRUST is the gold standard of certifications in U.S. Healthcare.

Paubox Marketing

Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information without violating HIPAA regulations.

Now you can send your patients personalized messages that include PHI using our HIPAA compliant email marketing service, Paubox Marketing.

  • Grow your business. Send targeted, personalized messages that resonate with your audience.
  • Increase patient engagement. Drive engagement by including PHI in your HIPAA compliant email campaigns to create personalized and relevant messaging.
  • Track results. Access real-time analytics to track marketing campaign performance.
  • Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.

Paubox Marketing is HITRUST CSF certified and is free to use for up to 100 contacts.

The free plan also includes a business associate agreement.

Kickstart your HIPAA compliant email marketing with Paubox Marketing

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport