Last Modified: September 1, 2023
HubSpot customers may collect and manage Personal Data when using our product and services, or what we may refer to as the Subscription Service. "Subscription Service" is defined in the HubSpot Customer Terms of Service and means all of our web-based applications, tools and platforms that you have subscribed to under an Order Form or that we otherwise make available to you, and are developed, operated, and maintained by us, accessible via https://app.hubspot.com or another designated URL, and any ancillary products and services, including website hosting, that we provide to you. When you use the Subscription Service, HubSpot processes Personal Data as a processor under the direction of our customers. Our customers, as data controllers, are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to collecting their customers’ Personal Data using the Subscription Service. Please see Section 1.b "Information We Process on Behalf of our Customers When They Use the Subscription Service" and Section 1.c "Information We Collect and Process When You Use the Subscription Service" as well as our Customer Data Processing Agreement for more information.
When You Visit Our Websites
We collect Personal Data from you when you submit web forms or interact with our websites, for example by subscribing to a HubSpot blog, signing up for a webinar, subscribing to one of our services or requesting customer support. We may ask for your email address, first and last name, job title, and other similar business information. You are free to explore some of our websites without providing any Personal Data about yourself.
INBOUND and Other Event Information
When you register for INBOUND or a HubSpot event, we collect information such as name, address, phone number, and email address. We use this information to communicate with you and in some cases facilitate your registration. Additionally, we may share your registration data with service providers of INBOUND in order to provide event information and improve your experience at INBOUND or future HubSpot events.
Account and User Information
We collect Personal Data when you sign-up for a HubSpot account, create or modify user information, set preferences, or provide any other related information to access or utilize our Subscription Service.
You may also provide payment information, such as a credit card number or bank account numbers, when purchasing products or services. We use secure third-party payment service providers to manage payment processing, which is collected through a secure payment process.
We post customer testimonials and comments on our websites, which may contain Personal Data. We obtain each customer's consent via email or through other agreements between customers and HubSpot prior to posting the customer's name and testimonial.
Our product, or the Subscription Service, allows our customers to create and share marketing, sales and customer service content. When customers use our product, they may collect Personal Data such as first and last name, email address, physical address, phone number, or other information about you. We call the information that our customers submit or collect via the product ‘Customer Data’ under our Customer Terms of Service.
We do not control the content of our customers' webpages or the types of Personal Data that our customers may choose to collect or manage using the Subscription Service. We store our customers' information on our service providers' servers but process it as a processor under our customers’ instructions and in accordance with our Customer Terms of Service, which prohibit us from using the information except as necessary to provide and improve the Subscription Service and as required by law.
Our customers control and are responsible for correcting, deleting or updating the information they process using the Subscription Service and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to HubSpot for processing purposes.
We collect usage data when you or your users in your HubSpot account interact with the Subscription Service. Usage data includes metrics and information regarding your use and interaction with the Subscription Service such as what product features you use the most, when an object (like a ticket) is opened and closed, and how often certain features (like workflows) are triggered in your account.
We engage third party providers to collect usage data. For more information about how we protect your information with these service providers, please see Section 3 "How We Share Personal Data".
When you access or use the Subscription Service via our mobile applications, we automatically collect information such as your device model and version, operating system, or device identifiers.
Third Party Integrations
You may connect third party integrations to your HubSpot account, which may ask for certain permissions to access data or send information to your HubSpot account. It is your responsibility to review any third party integrations you authorize. We may collect information about what types of integrations you use in your HubSpot account.
Any permission(s) granted by you, grants these third parties access to your data, which may include (but is not limited to) granting third party applications access to view, store, and modify your HubSpot account data. We are not responsible for the practices of third party integrations, so please carefully review the permissions you grant to third party applications. For more information on integrations with third party providers, please see here.
If you use the Gmail integration or choose to integrate any other Google Workspace application with HubSpot, you will be asked to give us access to information from your Gmail or Google account. You can learn more about how we access this data here or via in-app notice when you connect to Gmail.
By using the Gmail integration with the Subscription Service you will grant the Subscription Service access to information associated with your account, including contacts, emails, calendar, distribution lists, subject lines, and URLs of tracked links from your email, if you use the email tracking functionality. In addition, the Subscription Service will be able to read, modify, create, and send emails from your connected Gmail account. The Subscription Service will scan the content of your emails to identify which emails you have elected to track in order to provide you with the notifications feature. The Subscription Service will store replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and email bodies. Your email may contain sensitive information, such as names of your contacts, your private communications, or financial or medical information. You understand that the correspondences you track will be visible to other users on your Subscription team.
If you connect your Gmail account via IMAP (or Generic Inbox Connection), the Subscription Service will have access only to email address, password, server information, email metadata, and message bodies. Additionally, connecting your Gmail account via IMAP does not require you to connect any other Google Workspace applications.
Additional Limits on Use of Your Google User Data
HubSpot's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google Calendar Integration
The Subscription Service will have access to both your Google Calendar and any other calendar you access via Google in order to power our Meetings tool, and allow you to associate events with contacts in your HubSpot account. The Subscription Service will have the ability to: create or change your calendars, and update individual calendar events.
Google Drive Integration
As part of connecting your Google Drive, the Subscription Service will be able to: see your files, upload and download your files, and store file contents and titles. The Subscription Service uses these permissions to power the features of our Composer and Collect tools, allowing you to create drafts of blog posts in Drive and then upload directly for publishing.
Google Search Console
You can integrate your Google Search Console with our Content Management System (CMS) and our Marketing Hub product. As part of this integration, the Subscription Service will be able to view, manage and store properties which include the list of sites and domains you control in HubSpot and the Search Console data for your connected properties.
We may receive information about you or other users of your HubSpot account from our global network of partners. We may receive this data from our deal and lead registration process through our partners.
We may also collect information about you through our partner co-marketing partnerships. For example, you may sign up to a webinar or download a white paper published by HubSpot and a HubSpot co-marketing partner. For more information about our co-marketing program and how we share data with our partners please see below and read about our co-marketing program here.
We may receive information from third party service providers, from related companies, and from our business and solution partners.
Personal Data from Different Sources
When you use the Subscription Service, we collect and store the categories of information listed above in logs in the following instances, subject to the customer’s implementation settings:
Buttons, tools, and content from other companies
Other HubSpot Companies
We may receive information about you from other companies that are owned or operated by HubSpot.
We use the account information you provide to HubSpot when signing up for the Subscription Service and Trends services to send you transactional emails or in-app notification about billing, account management, and other administrative matters. We may also send you updates regarding our Customer Terms of Service or other legal agreements, and may also communicate with you about security incidents via email or in-app notification.
We use your information to provide customer support, such as resolving technical issues you encounter and analyzing product outages or bugs.
If you use the HubSpot mobile applications, we may send you push notifications from time to time in order to update you about events and promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We use your account information and Customer Data to provide the product and services to you. For example, we use the email address you provide when signing up for the product to create your user account, and we use your payment information to process payments for paid use of the Subscription Service. We also use this information to authenticate you when you log in and to provide customer support.
We collect usage data about how you or your users interact with our product and services. We use this data to develop and improve our products and services. For example, we use usage data to assess trends and usage across the product to help us determine what new features or integrations our users may be interested in.
We use Customer Data for machine learning that supports certain products and development of features and functionality with the Subscription Service and similar products and services. For example, machine learning helps power the business card scanner tool if you use our mobile apps and allows for easier imports of data into your HubSpot account. You may opt-out of having your Customer Data used for machine learning by emailing firstname.lastname@example.org.
We may publish data about how our product and services are being used across our customer base. When we share statistical information externally in this way, the data will be aggregated and we will not identify individual users or customers. For example, we may publish blog posts on trends or insights into how users are interacting with our product.
We use your account information to investigate and help prevent security incidents. We may also use this information to meet legal requirements. We use your information to verify user accounts, new product sign-ups, and to detect and prevent product abuse. This includes enforcing our Acceptable Use Policy.
We use log files to provide general statistics regarding use of the websites by you, including how you use our websites, what country you are logging in from (for analytics, export control and regulatory purposes) and to help improve the navigation experience. Your IP addresses are also collected and logged for security and debugging purposes, for example to track access patterns, investigate security events and incidents. For these purposes we do link this automatically-collected data to other personal data provided by you such as name, email address, address, and phone number.
We use the information you provide to HubSpot to market and promote the products, services, and other offerings. For example, we use the information, like your email or physical address, to send information or HubSpot content to you which we think may be of interest to you by post, email, or other means and send you marketing communications relating to our business.
You may opt out of receiving this promotional content by following the instructions contained in each communication that we send to you or by contacting us at email@example.com. If you unsubscribe from our marketing lists, we will continue to contact you regarding administrative matters, and to respond to your requests.
We may also reach out to you via telephone to ask about other HubSpot products or services you may be interested in. If you have a call scheduled with a HubSpot representative, we may record and transcribe the call. You will be notified prior to the call that the call is being recorded, and you will be offered an opportunity to opt-out of having the call recorded.
Where required by law, we will only send marketing communications with your consent. Otherwise, we will market and advertise our products and services on the basis of our legitimate business interests.
We share your data with third parties when you give us consent to do so.
If you are a website visitor located in the European Economic Area ("EEA") or United Kingdom ("UK"), HubSpot Ireland Limited is the data controller of your Personal Data. HubSpot's Data Protection Officer can be contacted here.
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data). Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
We may share Personal Data with our third party service providers to support our websites, products, and services. For example, we use service providers for data hosting, application development, marketing, sales support and customer support. We may need to share your information with service providers to provide information about products or services to you. Examples may include removing repetitive information from prospect lists, analyzing data or performing statistical analysis on your use of the Subscription Service or interactions on our websites, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, developing and improving the product and services, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information in this way, we explicitly require the third party service providers to acknowledge and adhere to our privacy and data protection policies and standards.
We may share data with trusted HubSpot partners to contact you based on your request to receive such communications, help us perform statistical analysis, provide sales support, or provide customer support. Partners are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your data.
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by HubSpot on the websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
Our websites may offer publicly accessible message boards, blogs, and community forums (e.g. HubSpot Community and Connect.com). Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums (including profile information associated with the account you use to post the information) it may be read, collected and used by any member of the public who accesses these websites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you may disclose in this way. We will correct or delete any information you have posted on the websites if you so request, as described in Section 7 "Your Privacy Rights and Choices" below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. If you use the Subscription Service, Customer Data is considered Confidential Information and you should review the Confidentiality terms in the Customer Terms of Service for more information. HubSpot shares data about requests for customer information, to learn more see our Data Disclosure and Transparency Report.
To facilitate our global operations, we may transfer information to other HubSpot Affiliates where we have operations for the purposes described in this policy. Please see Annex 3 of our Customer Data Processing Agreement for a list of HubSpot Affiliates and their locations.
HubSpot complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively “the Data Privacy Framework”).
In compliance with the DPF Principles, HubSpot commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. We will investigate and attempt to resolve any DPF Principles-related complaints within 45 days. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF Principles should first contact HubSpot here.
If you have unresolved DPF-related complaints that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the DPF website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The Federal Trade Commission has jurisdiction over HubSpot’s compliance with the DPF Principles.
In the context of an onward transfer, HubSpot is responsible for the processing of Personal Data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. HubSpot shall remain liable under the DPF Principles if our agent processes your Personal Data in a manner inconsistent with the DPF Principles, unless HubSpot is not responsible for the event giving rise to the damage.
Please note that under certain circumstances, we may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use or disclosure. We secure the Personal Data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All Personal Data is protected using appropriate physical, technical and organizational measures. For more on Security at HubSpot, please see trust.hubspot.com.
How long we keep information we collect about you depends on the type of information and how we collect and store it. After a reasonable period of time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We retain Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Data and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in the section "Privacy Rights and Choices" below.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services, such as when you last opened an email from us or ceased using your HubSpot account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
When you visit our websites, sign up for a HubSpot account, attend a HubSpot virtual event, or request more information about HubSpot, we collect information automatically using tracking technologies, like cookies and tracking pixels. For more information, and to learn how to opt out, please refer to our Cookie Policies below.
You have the following data protection rights:
We do not sell personal information.
To exercise any of these rights:
Please note that to protect personal information, we may verify your identity by a method appropriate to the type of request you are making. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.
If you are a customer, prospect, or otherwise interact with a HubSpot customer that uses our Subscription Service and would like to access, correct, amend or delete your data controlled by the customer, please contact the relevant customer directly. HubSpot acts as a processor for our customers and will work with our customers to fulfill these requests when applicable.
Our Acceptable Use Policy applies to us and to our customers and, among other things, prohibits use of the Subscription Service to send unsolicited commercial email in violation of applicable laws, and requires the inclusion in every email sent using the Subscription Service of an "opt-out" mechanism and other required information. We require all of our customers to agree to adhere to the Acceptable Use Policy at all times, and any violations of the Acceptable Use Policy by a customer can result in immediate suspension or termination of the Subscription Service.
You may unsubscribe from our marketing communications through one of the following methods:
Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.
Our customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. Individuals who interact with a HubSpot customer can unsubscribe from our customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting them directly.
This section applies only to California consumers. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”). It describes how we collect, use, and share California consumers' Personal Information in our role as a business, and the rights applicable to such residents. The California Consumer Privacy Act ("CCPA") requires businesses to disclose whether they sell Personal Information. HubSpot is a business, and does not sell Personal Information. We may share Personal Information with authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information.
We have collected the following statutory categories of Personal Information in the past twelve (12) months:
You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
The right of correction means that you have the right to request that we correct any inaccurate personal information that we maintain about you.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
HubSpot does not sell or share Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.
Please use the contact details below, or see Section 7 "Your Privacy Rights and Choices" above, if you would like to:
You may also contact us by postal mail for all HubSpot brands at:
We will never sell your Personal Data to any third party.
The websites, product and services are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect Personal Data about children under 16. If you believe that we have collected Personal Data about a child under 16, please contact us here, so that we may delete the information.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.