HubSpot Developer Policy
Last Modified: February 17, 2022
Thank you for choosing to develop on the HubSpot platform. Our goal is to provide an ecosystem where Customers and developers can easily build, deploy, and grow their business through a wide range of tools, integrations, websites, plugins, modules, etc that connect to their HubSpot Accounts. Developers are required to comply with this HubSpot Developer Policy (this “Policy”), our Developer Terms and our Acceptable Use Policy (“AUP”). All capitalized terms used in this Policy are the same as those in the Developer Terms.
We’re focused on providing a secure, high-quality, and data protection and privacy-focused environment for Customers), and this policy outlines our expectations for all of our developers. This policy may not cover every type of Application or Integration, and there may be instances where your Application and/or Integration is not addressed by this Policy. We reserve the right to take any action or steps necessary we deem necessary if your Application and/or Integration violates the terms or spirit of this policy, or we feel that such action is necessary to preserve the integrity of our Developer ecosystem or to protect Customers.
Violations of this Developer Policy may result in your Application and/or Integration (as defined in the Developer Terms) being blocked from connecting to the HubSpot Platform. We reserve the right to make changes to this Policy with or without notification to you.
If you have questions about this Policy or our Developer ecosystem please contact HubSpot Support.
A. Data Protection
We take Data Protection very seriously at HubSpot and expect a high standard from our Developers. We expect that you will comply with all applicable laws and regulations. As such we have the following guidelines for data protection and privacy standards:
- You will not create Applications and/or Integrations which violate the applicable data protection laws and regulations.
- You will not create Applications and/or Integrations which enable Customers to circumvent or violate the HubSpot Terms of Service, Developer Terms, Customer Data Processing Agreement (DPA), and/or AUP.
- You will not create Applications and/or Integrations which enable Customers to circumvent or violate the terms or policies of other platforms, applications, integrations, or any entity that has a relationship with the Customer.
- You will not sell, rent, exploit, or distribute HubSpot Customer Data without express consent from the Customer.
- Your Application and/or Integration should not collect, store, and/or use personal data (meaning any information relating to an identified or identifiable natural person) without the consent of the data subject or a lawful basis to collect, store, or use such information.
- If your Application and/or Integration stores the personal data for a Customer and the Customer requests for their data or Content to be erased, you must erase their data and/or Content.
- If your Application and/or Integration stores the personal data for a Customer and the Customer modifies their data, you must either erase or update the data.
- Your use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- In the event HubSpot Customer Data or the HubSpot Platform is breached, compromised, or exploited by your Application and/or Integration, or by your organization, you must contact all affected Customers and HubSpot immediately.
In addition to Data Protection, we take security very seriously. We expect the following of our ecosystem developers:
- You will enforce a form of authentication for your Application and/or Integration, and will audit logins to secure your Application and/or Integration with the Hubspot Platform.
- You will securely handle any Customer credentials using industry-standard protocols.
- In order to be considered eligible for any benefits from HubSpot, you must use OAuth 2.0 as per our guide here.
- You will not make any misleading and/or deceptive statements about your Application functionality, performance, origin, or data use.
- You will not transmit any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system or HubSpot Customer Data.
- You will not attempt to reverse engineer or otherwise derive source code, trade secrets, or know-how in our APIs.
- You will only ask Customers for permissions that your Application needs, and will not ask for permissions beyond the scope what is required for the operation of your Application.
C. Using Customer Data.
- You will not collect, store, and/or use HubSpot Customer Data without obtaining proper consent of the Customer, as determined by applicable law.
- You will not ask Customers to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords, or information that violates the HubSpot Terms of Service or AUP.
- Unless such information is necessary as part of your Application and/or Integration’s legitimate function and purpose, and You will not enable Customer to store or process such information through the HubSpot Platform.
- You will not create Applications and/or Integrations that encourage or allow Customers to circumvent or interfere with their own data privacy and security policies in a negative way.
- You will not request, use scopes, or permissions not required for your Application and/or Integration’s functionality.
D. Compliance with Laws
We expect Developers to comply with applicable laws and regulations (in addition to data/privacy protection laws). As such we prohibit you or your Application and/or Integration from:
- Spamming, harassing, stalking, intimidating, or threatening Customers or other Developers.
- Allowing impersonation of Users or otherwise allowing for false representations within your Application and/or Integration.
- Facilitating violations of the law.
- Infringing on anyone else's intellectual property rights (including HubSpot’s).
- Representing that your Application is authorized by or produced by another company or organization.
- Allowing or facilitating financial transactions conducted in an insecure and unapproved manner.
We want our Developers to create applications that are well designed and easy to use.
F. User Experience.
- Your Application should not violate the HubSpot brand guidelines.
- Your Application should not violate any third party’s trademark, copyright, or patent.
- The design of your application should comply with all applicable laws and regulations.
- We reserve the right to require you to make changes to the look and feel of your Application. We will do our best to provide you written notice with an explanation of changes required to the design of your application.
- We encourage you to develop Applications and/or Integrations which enable Customers to comply with applicable data protection and privacy laws.
We expect all Applications and/or Integrations to provide a good user experience, so we require the following:
- Your Application and/or Integration should not degrade or compromise the performance or user experience of the HubSpot Services.
- Your Application and/or Integration should not use vulgar or obscene language or images. Likewise, your Application or Integration should not contain or offer content that is violent, pornographic, extreme, or that a reasonable person would consider inappropriate.You should provide appropriate customer assistance.
- Every Application and/or Integration must include a link to technical instructions and customer support information, including a contact for customer support.
- You must keep your Application and/or Integration updated and provide timely and accurate support to Customers.Your Application and/or Integration must operate and function in accordance with the documentation you make available to Customer.
If requested, you must provide us with proof of compliance with this policy.
Violations of this policy may result in removal from our marketplace, token revocation, developer suspension, having your Application and/or Integration blocked, Customer notification, legal action or any other action deemed necessary solely by HubSpot.
If you violate this policy we may or may not provide notice before taking action. Please note that we may periodically audit Applications and Integrations. If you fail an audit before notifying us of any issues, penalties will be more severe.