mintfax supports protected health information (PHI) under a signed Business Associate Agreement. Every paid workspace can sign a BAA at no additional cost. No enterprise plan, no procurement cycle. Encryption, audit logging, retention modes, and cover-page redaction ship on every plan. If you need the BAA itself, skip to signing a BAA. If you need to understand what mintfax does and does not control, read the compliance boundary section.Documentation Index
Fetch the complete documentation index at: https://mintfax.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Sub-pages and related guides
| Topic | Description |
|---|---|
| Webhook signing | HMAC-SHA256 signing scheme, verification recipes, replay protection |
| Error catalog | Every error code, what it means, and what to do next |
| Cover pages | Cover-page templates with token substitution for PHI-bearing faxes |
| Glossary | Fax-domain terms including T.30, ECM, FoIP, and E.164 |
Signing a BAA
mintfax signs a BAA with customers on paid plans at no additional cost. The agreement is the same template at every paid tier, and the legal text does not change at higher volume tiers. How to request one. Sign in to your dashboard, open the workspace where you will be sending faxes, and select “Sign BAA” under Compliance. The agreement is e-signed via DocuSign. You receive a countersigned copy by email within minutes. You can sign separate BAAs for separate workspaces if you operate multiple environments or multiple covered entities. Who qualifies. Any workspace on a paid plan. Sandbox workspaces are not covered because they do not process real PHI. Turnaround. The e-signature flow is self-serve. Countersigned copies arrive within minutes of your signature, not days.Do you need a BAA?
Not every fax workload requires one. A BAA is necessary when PHI passes through mintfax infrastructure, which means the fax document, metadata, or both contain individually identifiable health information as defined by HIPAA. If your fax content contains appointment confirmations, lab results, prescriptions, insurance claims, or any other information that ties a health condition to a specific person, you need a BAA. If your fax content is purely administrative (billing invoices without patient detail, general office correspondence, marketing materials), you likely do not. When in doubt, sign one. It costs nothing.The conduit exception
HIPAA’s conduit exception applies to entities that transport PHI without accessing it - a postal service carrying sealed envelopes, for instance. mintfax does not qualify as a mere conduit. The service stores fax documents in S3, processes metadata in DynamoDB and MySQL, and retains audit log entries tied to each fax. Because mintfax has access to PHI during processing and storage, a BAA is the right instrument.Encryption
At rest. Fax content uploaded via multipart is encrypted before write to S3 using SSE-S3 (AES-256) with AWS-managed keys. DynamoDB tables holding API keys, balances, and idempotency records are encrypted at rest by default. MySQL uses RDS encryption. In transit. TLS 1.2 minimum on all connections, with TLS 1.3 on customer-facing endpoints (API, dashboard, docs). Webhook payloads are delivered over HTTPS and signed with HMAC-SHA256 using a per-workspace signing secret you can rotate at any time. See the webhook signing guide for verification recipes.Retention controls
Two retention modes, configured per workspace. Standard mode. Fax documents, fax images, recipient metadata, and transaction metadata are retained for a configurable period (default 90 days) and then deleted. You can actively delete fax data at any time via the API (DELETE /v1/fax/{id}) without waiting for the retention window to elapse. Billing records, credit transactions, and account information are retained permanently.
Zero-footprint mode. Fax documents and fax-related metadata are deleted after the transaction reaches a terminal state (delivered, permanently failed, or canceled). A short window, measured in minutes, lets you retrieve the fax result via the API before cleanup runs. This mode supports HIPAA’s minimum-necessary principle. Billing records remain.
You can switch between modes per workspace at any time. The change applies to new submissions; existing data is governed by the policy in effect at the time of submission.
What gets deleted vs. retained
| Category | Deleted per retention policy | Retained permanently |
|---|---|---|
| Fax documents in S3 | Yes | |
| Recipient and sender numbers | Yes (nullified) | |
| Fax subject field | Yes (nullified) | |
| PII in audit log properties | Yes (scrubbed) | |
| Fax record shell (id, status, timestamps, page count, cost) | Yes | |
| Credit transactions | Yes | |
| Account and workspace info | Yes | |
| Audit log entries (PII-scrubbed) | Yes |
Audit logging
Every fax submission, status change, balance modification, API key event, webhook delivery, and workspace membership change produces an immutable audit log entry. Logs are scoped per workspace, retained for the lifetime of the workspace, and exportable as JSON or CSV from the dashboard. Two logical streams:- Operational stream. Fax lifecycle events: accepted, sending, retry scheduled, delivered, failed, canceled. Credit hold events: placed, captured, released. Webhook delivery events: dispatched, delivered, failed.
- Audit stream. Workspace configuration changes, API key creation and rotation, member invitations and role changes, credit top-ups.
Cover-page contract
Faxes that contain PHI should include a cover page with a confidentiality notice so the receiving party knows how to handle the document. mintfax supports cover-page templates with token substitution. You define the template once - confidentiality notice, intended recipient, sender information - and mintfax attaches it to each fax automatically. See the cover pages guide for template syntax and available tokens.Compliance boundary disclosureThe controls on this page cover what mintfax operates: API infrastructure, S3 storage, DynamoDB, MySQL, application logs, and the audit log. They do not extend to:
- Upstream carriers. InterFax and future carriers retain their own logs and copies per their own policies. mintfax selects and configures carriers to uphold its compliance commitments (for example, InterFax’s “no fax image retention” mode is enabled), but the carrier’s infrastructure is outside mintfax’s compliance boundary.
- The analog leg. The PSTN leg of a fax call is unencrypted by definition. Fax content over T.30 or T.38 is in the clear between the carrier and the receiving fax machine.
- Recipient fax machines. What happens to the document after it prints or arrives at the receiving device is outside mintfax’s control.
- Your webhook endpoints. Events delivered to your registered URLs leave mintfax’s infrastructure at the point of delivery. Securing your endpoint is your responsibility.
- Third-party payment processors. Stripe processes credit purchases; no PHI flows through Stripe.
Quick-start
- Sign the BAA. Open your workspace settings, select Compliance, and sign the BAA. You will receive a countersigned copy within minutes.
- Choose a retention mode. Under workspace settings, select Standard (with your preferred retention window) or Zero-footprint.
- Send a fax. Use your sandbox API key to send a test fax and verify that audit log entries, webhook events, and retention behavior match your expectations. Then switch to your live API key.