Add Business Associate Agreement (BAA) page and docs

.optimize-cache.json

@@ -240,6 +240,8 @@
   "static/images/blog/announcing-relationship-queries/cover.png": "7e615c0a9dcbb3949d5fb7ed71f36bb44de40ae67c8cd832b96ff5bbd4b0f451",
   "static/images/blog/announcing-rust-runtime/cover.png": "a203fe2ef16c40592813ae7efb3c746d4250e68414c9b7d763893dae264f61d7",
   "static/images/blog/announcing-screenshots-api/cover.png": "56555006946b9ead5cd4258544b6a9dda44bce6841706749f7539bc31356383e",
+  "static/images/blog/announcing-self-serve-baa.png": "b66eb0be9b323fb4b28f16218887a463bd1d45f7838c08d6d49e4822a6f95609",
+  "static/images/blog/announcing-self-serve-baa/enable-baa-modal.png": "b07c61f88fad334847c9c7c918511485fb85d682b2dfde5231f81925bc7475ff",
   "static/images/blog/announcing-spatial-columns/cover.png": "b3e73629df86190fb06b715f4fe24aad473631538c1b3e78ae45cc8c5e7cd7d0",
   "static/images/blog/announcing-time-helper-queries/cover.png": "0ee1d4d1edc65bf8fc3376b761b08efaffa55dd8ca84860ab3a9c34f7d78c25b",
   "static/images/blog/announcing-timestamp-overrides/cover.png": "5bfc2ba16b8ca4a82188c0f67b300ed0a7f38b4abc04b06a10ee52b2832fa65b",

src/routes/blog/post/announcing-self-serve-baa/+page.markdoc

@@ -0,0 +1,67 @@
+---
+layout: post
+title: "Announcing self-serve BAA: Enable HIPAA compliance from the Console"
+description: Pro organizations can now accept a Business Associate Agreement directly from the Appwrite Console, without waiting on a sales or legal cycle.
+date: 2026-06-10
+cover: /images/blog/announcing-self-serve-baa.avif
+timeToRead: 4
+author: eldad-fux
+category: announcement
+featured: false
+callToAction: true
+faqs:
+  - question: "What is a Business Associate Agreement (BAA)?"
+    answer: "A BAA is a contract required by HIPAA between a covered entity (such as a healthcare provider or health plan) and a business associate that handles Protected Health Information (PHI) on its behalf. It defines how PHI is used, disclosed, and safeguarded. If your application stores or processes PHI on Appwrite Cloud, you need a BAA in place before going live."
+  - question: "Who needs a BAA with Appwrite?"
+    answer: "Any team building an application that handles PHI for a US user base, such as telehealth platforms, patient portals, or health tracking apps with identifiable data. Appwrite acts as your business associate, and HIPAA requires the agreement before PHI is processed."
+  - question: "How do I enable the BAA add-on?"
+    answer: "An organization owner on the Pro plan can open the organization's Settings tab in the Appwrite Console, find the BAA section, select Enable BAA, review the agreement, and select Accept & Enable. The add-on is active immediately after payment."
+  - question: "How much does the BAA add-on cost?"
+    answer: "The BAA add-on costs $350 per month per organization. When you enable it, the charge is prorated for the remaining days of your current billing cycle, and it renews with your subscription afterwards."
+  - question: "I'm on an Enterprise plan. Do I use the same flow?"
+    answer: "No. Enterprise customers receive a BAA signed by both parties rather than the click-through agreement. Reach out through the [contact form](/contact-us) and we will arrange it as part of your agreement."
+  - question: "Can I disable the BAA add-on later?"
+    answer: "Yes. You can disable it from the same BAA section in your organization settings. The agreement and billing remain active until the end of your current billing cycle, and you can re-enable it at any time."
+---
+
+Healthcare applications carry a compliance requirement that most other software never encounters. If your product stores or processes Protected Health Information (PHI) for a US user base, HIPAA requires a Business Associate Agreement (BAA) between you and every service that touches that data, including your backend.
+
+Until now, getting a BAA with Appwrite meant contacting our team and completing a signing process before you could put PHI on the platform. That works, but it adds days of back and forth to a step that many teams want to clear in minutes, especially when evaluating a backend for a new product.
+
+Today, we are making that step self-serve. Organizations on the Pro plan can now accept a BAA directly from the Appwrite Console and have it active in the time it takes to complete a payment.
+
+# What a BAA covers
+
+Appwrite serves as a business associate to customers that qualify as covered entities under HIPAA, such as healthcare providers and health plans. The BAA defines how Appwrite uses, discloses, and safeguards PHI on your behalf, covering obligations like breach notification, the use of subcontractors, and what happens to your data when the agreement ends. You can read the full agreement on our [Business Associate Agreement](/legal/baa) page.
+
+Keep in mind that the BAA covers the platform layer. Your application remains responsible for its own HIPAA obligations, such as configuring permissions correctly and obtaining patient consent where required.
+
+# Enable it from the Console
+
+The BAA is available as an organization add-on. To enable it, you must be an owner of an organization on the Pro plan:
+
+1. Open your organization in the [Appwrite Console](https://cloud.appwrite.io/) and head to the **Settings** tab.
+2. Find the **BAA** section and select **Enable BAA**.
+3. Review the agreement and pricing summary, then select **Accept & Enable**.
+
+![Enable BAA modal in the Appwrite Console](/images/blog/announcing-self-serve-baa/enable-baa-modal.avif)
+
+The add-on costs **$350 per month** and applies to your entire organization. Your payment method is charged immediately, prorated for the remaining days of your current billing cycle. Accepting the agreement in the Console is what puts the BAA in effect: it is a click-through agreement, so there is no signature exchange and no waiting period.
+
+If you disable the add-on later, the agreement and billing remain active until the end of your current billing cycle, and you can re-enable it at any time from the same place.
+
+# Pro and Enterprise paths
+
+The self-serve flow is designed for **Pro** organizations, where a standard click-through agreement fits the way teams already manage their subscription.
+
+**Enterprise** customers follow a different path. Instead of the click-through agreement, Appwrite signs a BAA with you as part of your contract, tailored to your procurement and legal requirements. If that describes your organization, [contact us](/contact-us) and we will take care of it.
+
+# Available now
+
+The BAA add-on is live on Appwrite Cloud for all Pro organizations. If you have been waiting for a faster path to build healthcare products on Appwrite, you can enable it today and start handling PHI with the agreement in place.
+
+# More resources
+
+- [HIPAA compliance documentation](/docs/advanced/security/hipaa)
+- [Business Associate Agreement](/legal/baa)
+- [Appwrite is now HIPAA compliant](/blog/post/announcing-appwrite-is-hipaa-compliant)

src/routes/docs/advanced/security/hipaa/+page.markdoc

@@ -24,6 +24,14 @@ requiring authentication and authorization through multi-factor authentication (
 
 Appwrite safeguards personal information to the same extent it protects its own, complying with relevant privacy laws and regulations in the jurisdictions where its services are offered.
 
+## Appwrite as a Business Associate
+
+Appwrite serves as a business associate to customers that meet the definition of a [covered entity](https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html) under HIPAA, such as health plans and healthcare providers. A business associate performs certain functions or services that involve the use or disclosure of PHI on behalf of a covered entity. Covered entities may be required to enter into a Business Associate Agreement (BAA) with business associates to meet their HIPAA requirements.
+
+For Enterprise customers subject to HIPAA and processing PHI within their applications, Appwrite will sign a BAA. To request Appwrite's BAA, please [contact us](/contact-us).
+
+For Pro customers, the BAA is a click-through agreement that is not signed. An organization owner can enable it directly from the Appwrite Console: open your organization's **Settings** tab, find the **BAA** section, select **Enable BAA**, then review the agreement and select **Accept & Enable**. The BAA is a paid add-on billed to your organization and prorated for your current billing cycle. You can review the agreement on the [Business Associate Agreement](/legal/baa) page.
+
 ## Data retention
 
 Appwrite gives you full control over your data lifecycle. By default, Appwrite stores user and project data until you explicitly delete it. There's no automatic purging or TTL unless you configure it that way in your application logic or functions.
@@ -41,4 +49,4 @@ Appwrite provides access to different types of logs depending on the context:
 - **Audit logs**: For users or teams with compliance needs, we provide structured audit logs covering authentication events, permission changes, and other relevant activities directly on your console, under an activity tab in the different products the platform offers. Those are retained for different periods per plan.
 
 Please note that while Appwrite Cloud serves as a HIPAA-compliant platform to handle data,
-it is the responsibility of developers to ensure that their application is also compliant with HIPAA regulations.
+it is the responsibility of developers to ensure that their application is also compliant with HIPAA regulations.