Now live · Talk to Ellie — DIAL3D's voice agent. No demo call required.
DIAL3D
(855) 715-0051 Book a demo
Trust center

Business Associate Agreement.

Last reviewed · May 19, 2026

Summary

DIAL3D signs a Business Associate Agreement (BAA) with every customer that processes Protected Health Information (PHI) through our platform. This includes the free Trial plan — there is no plan tier at which we ask you to process PHI without a BAA.

The BAA is countersigned during onboarding before any PHI is processed. A standard template is available; customer-provided BAA templates are also acceptable as long as the substantive HIPAA-required terms are present.

Standard BAA scope

The BAA covers the standard HIPAA-required terms: (a) permitted uses and disclosures of PHI, (b) administrative, physical, and technical safeguards consistent with the HIPAA Security Rule, (c) reporting of security incidents and breaches, (d) subcontractor flow-down requirements, (e) compliance with applicable provisions of HIPAA's Privacy Rule, (f) availability of PHI to the customer on request, and (g) return or destruction of PHI at contract termination.

Specific terms — including breach notification timeframes, audit rights, and indemnification language — are negotiable within reasonable bounds.

42 CFR Part 2 QSOA

For customers operating federally-assisted treatment programs subject to 42 CFR Part 2, DIAL3D signs a Qualified Service Organization Agreement (QSOA) under 42 CFR § 2.11 in addition to the standard BAA. The QSOA permits DIAL3D to receive Part 2 information in the course of providing the service and binds us to maintain its confidentiality consistent with the rule.

If your program is subject to Part 2, we recommend executing the QSOA at the same time as the BAA. Both can be countersigned in one session.

Subcontractor flow-down

DIAL3D uses a limited set of subprocessors that may handle PHI in the course of operating the service. All subprocessors that handle PHI have executed BAAs with DIAL3D and are bound by terms substantially similar to those in the customer-facing BAA.

The current subprocessor list is available on request and is updated when material changes occur. Customers may request to be notified of new subprocessors before they handle PHI; opt-out is available within a reasonable transition period.

How to execute

Standard process: during onboarding, our compliance team sends the BAA via DocuSign for countersignature. Typical turnaround from request to fully-executed is 24-72 hours.

If your organization requires a custom BAA template, send it to dpo@dial3d.ai with your legal contact. Our compliance team will review and respond within one business day.

After execution

Once executed, the BAA remains in effect for the duration of the customer's use of DIAL3D plus the retention period for PHI specified in the BAA. Termination of the underlying service contract terminates the BAA's forward-looking obligations, but does not terminate the retention, return, and destruction obligations.

Need this document, a security questionnaire, or a deeper conversation?

Need to execute a BAA, request a copy of the standard template, or have legal questions about scope? Our compliance team responds to most requests within one business day.

Contact our compliance team

Other trust + compliance pages

Next step

See how DIAL3D handles compliance in production.

Thirty minutes. We screen-share the agent through a real call, then show you the audit trail, the consent record, and the encryption posture.

Call (855) 715-0051 Try the chat Book a demo
Chat with Ellie