Legal Stuff
Talk legal to me
We at HubSpot (HubSpot, Inc. and its Affiliates) are committed to protecting your privacy. This Product Privacy Policy applies to your use of the HubSpot Subscription Service as a customer of HubSpot (HubSpot, Inc. and its Affiliates listed on this page). This Product Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data. It also describes your choices regarding use, as well as your rights of access and correction of your Personal Data.
This Product Privacy Policy also describes how we process Customer Data on behalf of our customers in connection with the HubSpot Subscription Services. This Product Privacy Policy does not apply to any information or data collected by HubSpot as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes. Please find the HubSpot Privacy Policy that covers this information or data by clicking here.
HubSpot processes Customer Data under the direction of our Customers, and has no direct control or ownership of the Personal Data we process on behalf of our customers. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to HubSpot for processing purposes. Terms not otherwise defined herein shall have the meaning as set forth in the HubSpot Customer Terms of Service. In the event of a conflict between this Product Privacy Policy and the Customer Terms of Service, the terms of the Customer Terms of Service will control.
We periodically update this Product Privacy Policy. We will post any changes on this page and, if the changes are material, we will provide an update through the notification app in your HubSpot account.
1. Use of the Subscription Service
A. The HubSpot Subscription Service
Our online Subscription Service allows users (typically small to medium size businesses) to create and share marketing, sales and customer service content. The Subscription Service can also be used to help organize sales data about a company’s sales pipeline (e.g., leads, customers, deals, etc.). The information added to the Subscription Service, either by site visitors providing their contact information or when a Subscription Service user adds the information, is stored and managed on our service providers' servers. HubSpot provides the Subscription Service to our customers for their own marketing, sales, CRM, and customer service needs.
B. Use By Our Customers
Our customers use the Subscription Service to build webpages that people can visit to learn more about their business. When customers use the Subscription Service, they may collect Personal Data such as first and last name, email address, physical address, or phone number. HubSpot does not control the content of these webpages or the types of Personal Data that our customers may choose to collect or manage using the Subscription Service. That Personal Data is controlled by them and is used, disclosed and protected by them according to their privacy policies. HubSpot processes our customers' information as they direct and in accordance with our agreements with our customers, and we store it on our service providers' servers.
Our agreements with our customers prohibit us from using that information, except as necessary to provide and improve the Subscription Service, as permitted by this Product Privacy Policy, and as required by law.
We have no direct relationship with individuals who provide Personal Information to our customers. Our customers control and are responsible for correcting, deleting or updating information they have collected from using the Subscription Service. We may work with our customers to help them provide notice to their visitors about their data collection, processing and usage.
2. How we Share Information we Collect
A. With Service Providers
We employ other third-party service providers to provide services on our behalf to visitors to our websites, our customers, and Users of the Subscription Service and may need to share your information with them to provide information, products or services to you. Examples may include removing repetitive information from prospect lists, analyzing data or performing statistical analysis, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies. Examples of these third-party service providers can be found on this page.
B. Due to Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by HubSpot on the websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
C. In accordance with Compelled Disclosure
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
3. HubSpot Product Specific Privacy Disclosures
A. All Product Tiers
i. Third Parties
We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any Personal Data by such third parties, and we encourage you to review those third parties' privacy notices and ask them questions about their privacy practices as they relate to you.
ii. Google Integrations
If you choose to integrate your Gmail or any other G Suite application with the Subscription Service you may use the following integrations and allow HubSpot access to your Google user data:
- (1) Gmail Integration
By using the ‘Gmail Integration’ with the Subscription Service you will grant the Subscription Service access to information associated with your account, including contacts, emails, calendar, distribution lists, subject lines, and URLs of tracked links from your email, if you use the email tracking functionality. In addition, the Subscription Service will be able to read, modify, create, and send emails from your connected Gmail account. The Subscription Service will scan the content of your emails to identify which emails you have elected to track in order to provide you with the notifications feature. The Subscription Service will store replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and Email bodies. Your email may contain sensitive information, such as names of your contacts, your private communications, or financial or medical information. You understand that the correspondences you track will be visible to other users on your Subscription team.
If you connect your Gmail account via IMAP (or Generic Inbox Connection), the Subscription Service will have access only to email address, password, server information, email metadata, and message bodies. Additionally, connecting your Gmail account via IMAP does not require you to connect any other G Suite applications.
Additional Limits on Use of Your Google user Data:
Notwithstanding anything else in this Product Privacy Policy, if you provide HubSpot with access to your Gmail data using the Gmail Integration, our use of that data will be subject to these additional restrictions:
- We will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and to enhance the email experience for productivity purposes.
- We will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- HubSpot will not use this Gmail data for serving advertisements.
- HubSpot will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for HubSpot's internal operations when the data have been aggregated and anonymized. - (2) Google Calendar Integration
The Subscription Service will have access to both your Google Calendar and any other calendar you access via Google in order to power our Meetings tool, and allow you to associate events with contacts in the CRM. The Subscription Service will have the ability to: create or change your calendars, and update individual calendar events.
(3) Google Drive Integration
As part of connecting your Google Drive, the Subscription Service will be able to: see your files, upload and download your files, and store file contents and titles. The Subscription Service uses these permissions to power the features of our Composer and Collect tools, allowing you to create drafts of blog posts in Drive and then upload directly for publishing.
(4) Google Search Console
You can integrate your Google Search Console with our Content Management System (CMS). As part of this integration, the Subscription Service will be able to: manage the list of sites and domains you control, view and manage the list of sites and domains you control, view and manage the owners of domains you control. - (5) Chrome Extensions
Sales Extension: you can install the HubSpot Sales Chrome extension to track Gmail and G Suite emails through your Chrome browser. The extension can read and change all your data on the websites you visit and display notifications. It logs all emails from Gmail and can be used in conjunction with the Inbox Integration. - Collect Extension: the Collect Extension integrates with your Google Drive, allowing you to upload files and text directly from your Chrome Browser into your drive. These files will then be available for your use through the Google Drive integration.
- Social Extension: The HubSpot Social Chrome Extension allows sharing of pages, text, and images from around the web with the HubSpot Social Composer tool. You are able to draft or schedule posts, assign campaigns, and then see posts on the Social Calendar tool or in Social Reports once published. The Social extension is only accesses information about the current page, after its toolbar button is clicked, utilizing the permissions granted here: https://developer.chrome.com/extensions/activeTab#motivation
iii. HubSpot Sales Outlook Add-In
If you use the Outlook integration with the HubSpot Product, the Subscription Service will have access to information associated with your account, including contacts, emails, calendar, distribution lists, subject lines, and URLs of tracked links from your email, if you use the email tracking functionality. The HubSpot Product will scan the content of your emails to identify which emails you have elected to track in order to provide you with the Notifications feature. The Subscription Service will store, replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and message bodies. Correspondences you track will be visible to other Users on your Subscription.
iv. Generic Inbox Connection (IMAP)
If you connect your email account via IMAP (or Generic Inbox Connection), the Subscription Service will have access only to email address, password, server information, email metadata, and message bodies. Additionally, connecting your Outlook account via IMAP does not require you to connect any other Microsoft applications.
v. Documents Tool
If you use the Documents feature of the Subscription Service, files that you upload using this ‘Documents’ feature are stored by us and shared with other users of your HubSpot CRM team.
vi. Conversations
If you choose to use the shared inbox feature of our Conversations functionality you understand that any User may have access to or visibility into the contents of this inbox.
vii. Data Practices and Service Data
We automatically collect metrics and information about how Users interact with and use the Subscription Service. We use this information to develop and improve the Subscription Services and the Consulting Services, and to inform our sales and marketing strategies. We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any Customer Data or identify Users.
If you access the Subscription Services via our mobile applications, we may also collect your device model and version, device identifier, and OS version. We may send you push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality within the Subscription Service.
When you use the Subscription Service, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Subscription Service and for security purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes.
You can log in to our site using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you the option to share certain Personal Data with us such as your name.
viii. Enrichment Data
When you add company records to the HubSpot CRM, we populate certain fields with company level Enrichment Data. You’ll recognize Enrichment Data in the HubSpot CRM because it is flagged with a grey information icon (or highlighted in some other way), which on hover, identifies the property as being filled from HubSpot’s Insights database. These properties may include information such as company name, company location, and company address. This data is obtained from public and third party sources. We do not use Customer Data to populate Enrichment Data.
ix. Integrations with the HubSpot Platform
You may choose to connect any number of applications or integrations, including our certified partner applications, with your HubSpot account. If you give an integration provider access to your HubSpot account then your use of these integrations is subject to the service terms and privacy terms made available by that integrator. We are not responsible for third party integrators and in no case are such integration providers our sub-processors. For more information on our partners, please see: https://ecosystem.hubspot.com/marketplace/apps.
B. Sales Hub
i. Email Template Tools
In addition to the Inbox Integration described above, if you opt to use our template building tools, the Subscription Service will scan the content of your sent emails to identify possible templates for use by Users of your HubSpot account.
ii. Call Transcription
The ‘Call Transcription’ feature allows you to transcribe calls that you record with Sales Hub products. We use Google Cloud Platform’s Cloud Speech-to-Text API and Google Cloud Storage to provide Call Transcription, which requires us to share call data with Google for use, analysis, and storage by Google.
In order to use the Call Transcription feature you must consent to Google’s use of your call data via an in-app modal. If you do not consent, we are unable to provide the Call Transcription service to you. You are responsible for compliance with all call recording laws and obtaining any required consents from callers.
C. Marketing Hub
i. HubSpot Video
If you want to use the default video application provided by Vidyard through the Subscription Service, you must agree to Vidyard’s Terms of Service and Privacy Policy. Any data processed by Vidyard will be subject to Vidyard’s own terms available here: https://www.vidyard.com/privacy/
ii. HubSpot Tracking Code for WordPress Plugin
To connect your WordPress installation with your HubSpot account, we may use WordPress account information such as your email address to authenticate the connection. You grant permission to us and our licensors to collect data from your WordPress instance only as necessary to provide the Subscription Service and Consulting Services to you and as permitted by this the Customer Terms of Service.
iii. Content Membership
The Content Membership functionality allows you to gate certain content to Contacts based on an authentication list and passwords. Passwords are not stored in the Subscription Service and are hashed. We do not have access to your Contacts’ passwords.
D. Social Integrations
i. Youtube Integration
If you use the YouTube Integration, you agree to be bound by YouTube's terms, available at: https://www.youtube.com/t/terms.
If you choose to connect your YouTube account with our Social Tool (subject to your product tier), as part of posting to YouTube through the Subscription Service, the HubSpot platform will store your posts and publish them at the scheduled time as selected by you. Additionally, the Subscription Service will add tracking code to any post URL generated through the HubSpot Platform, solely for the purpose of tracking clicks. The Subscription Service stores comments and replies on your posts, as well as analytics for the performance of your posts.
ii. Twitter Integration
You may choose to integrate your Twitter account with the HubSpot Platform (depending on product tier) in order to manage your Twitter. As part of posting Tweets through the Subscription Service, the HubSpot platform will store your Tweets and post Tweets upon their scheduled time as selected by you. Additionally, the Subscription Service will add tracking code to any Tweet URL generated through the HubSpot Platform, solely for the purpose of tracking clicks. The Subscription Service will store replies to and analytics for the performance of your Tweets.
iii. LinkedIn Integrations
Your use of the LinkedIn Ads integration is also subject to the terms and conditions provided by LinkedIn, available at: https://www.linkedin.com/legal/sas-terms. The Subscription Service will be able to view and manage your account, as well as store your LinkedIn Ads account number. As part of the integration, the Subscription Service receives user token with permissions on ad accounts and pages. The Subscription Service can view but does not store all the LinkedIn ads accounts and pages that you have permission for. LinkedIn will share with the Subscription Service: settings details (e.g., name, budget, bid strategy, creative) and performance metrics (impressions, clicks, etc.) for all campaigns, ad sets, and ads in the ad accounts the user has “connected” to the Subscription Service.
If you choose to sync leads, the Subscription Service will receive webhook updates when a new lead form submission occurs on a Page the user has “connected” to your account. The Subscription Service will pull all lead submissions for Pages the user has connected. The Subscription Service will log these submissions as form submissions in the CRM.
If you choose to connect your LinkedIn account with our Social Tool (subject to your product tier), as part of posting to LinkedIn through the Subscription Service, the HubSpot platform will store your posts and publish only at the time you schedule. Additionally, the Subscription Service will add tracking code to any post URL generated through the HubSpot Platform, solely for the purpose of tracking clicks. The Subscription Service stores comments and replies on your posts, as well as analytics for the performance of your posts.
As part of any LinkedIn integration the Subscription Service will store your account name and profile picture.
iv. Google AdWords Integration
Your use of the Google AdWords integration is subject to Google’s terms at: https://support.google.com/adspolicy/answer/54818. The Subscription Service will be able to view and manage your account, and stores your Google Ads account number. As part of the integration, the Subscription Service receives user token with permissions on ad accounts and pages. The Subscription Service can view but does not store all the Google ad accounts that you have permission for. Google will share with the Subscription Service: settings details (e.g., name, budget, bid strategy, creative) and performance metrics (impressions, clicks, etc.) for all campaigns, ad sets, and ads in the ad accounts the user has “connected” to the Subscription Service.
If you choose to sync leads, the Subscription Service will receive webhook updates when a new lead form submission occurs and will log these submissions as form submissions in the CRM.
v. Facebook and Instagram Integrations
Facebook Ads
If you share any data from your HubSpot Account with Facebook, as part of our Ads integration, Facebook’s ad terms will apply: https://www.facebook.com/legal/self_service_ads_terms. As part of the integration, the Subscription Service receives user token with permissions on ad accounts and pages. The Subscription Service can view but does not store all the ad accounts and pages that you have permission for. Facebook will share with the Subscription Service: settings details (e.g., name, budget, bid strategy, creative) and performance metrics (impressions, clicks, etc.) for all campaigns, ad sets, and ads in the ad accounts the user has “connected” to the Subscription Service.
If you choose to sync leads, the Subscription Service will receive webhook updates when a new lead form submission occurs on a page a user has connected to your account. The Subscription Service will pull all lead submissions for Pages the user has connected. The Subscription Service will log these submissions as form submissions in the CRM.
Facebook and Instagram
If you choose to connect your Facebook and/or Instagram account with our Social Tool (subject to your product tier), as part of posting to Facebook and/or Instagram through the Subscription Service, the HubSpot platform will store your posts and publish only at the time you schedule. Additionally, the Subscription Service will add tracking code to any post URL generated through the HubSpot Platform, solely for the purpose of tracking clicks. The Subscription Service stores comments and replies on your posts, as well as analytics for the performance of your posts
Ad Network Pixel and Tags
The Subscription Service will receive the selected ad network (for all Ad Network) pixel/tag identification as part of connecting you account to that network. The Subscription Service will automatically place this pixel/tag on the user’s website pages where HubSpot tracking code is present. This pixel/tag sends and tracks information about your website visitors back to the network, enabling conversion tracking and website audience creation.
4. Data Subject Requests
If you are a customer, prospect, or otherwise interact with one of our Customers and would no longer like to be contacted by one of our customers that use our Subscription Service, please contact the customer that you interact with directly. If you want to access, correct, amend, or delete data controlled by a HubSpot customer, you should direct your query to the HubSpot Customer (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.
You may request the deletion of your HubSpot account or Subscription Service by sending a request here. You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.
If you are seeking to exercise your data subject access rights for the data HubSpot processes as a controller, please see this Privacy Policy.
5. Data Retention
Customer Data collected during your use of the Subscription Service is retained in accordance with the provisions of the DPA and is retained for as long as you have a paid Subscription and/or remain an active customer in your portal. Your data is deleted upon your written request or after an established period following the termination of all customer agreements. In general, Customer Data is deleted after your paid Subscription ends and your portal becomes inactive.
6. How We Transfer Data We Collect Internationally
International Transfers within HubSpot’s Entities
To facilitate our global operations, we transfer information to either Ireland or the United States and allow access to that information from countries in which the HubSpot Affiliates have operations for the purposes described in this policy.
This Privacy Policy shall apply even if we transfer Personal Data to other countries. We have taken appropriate safeguards to require that your Personal Data will remain protected. When we share information about you within and among HubSpot’s Affiliates, we make use of standard contractual data protection clauses, which have been approved by the European Commission. We have also certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to help safeguard the transfer of information we collect from the European Economic Area (EEA), the United Kingdom, and Switzerland. Please see our Privacy Shield notice below for more information.
International Transfers to Third Parties
Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use a variety of legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms. For transfers to or from the United Kingdom, we make use of the standard contractual clauses. Please contact us if you need more information about the legal mechanisms we rely on to transfer Personal Information outside the EEA, Switzerland and the United Kingdom.
Privacy Shield Notice
HubSpot, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. HubSpot is committed to the Frameworks' applicable principles regarding transfers of Personal Data received from the European Economic Area (EEA), the United Kingdom, and Switzerland, in reliance on each Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.
HubSpot is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. HubSpot complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, HubSpot is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, HubSpot may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You may direct any inquiries or complaints related to our Privacy Shield compliance here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Contact
Data Protection Officer (DPO)
Nicholas Knoop
HubSpot, Inc.
25 First Street, 2nd Floor
Cambridge, MA 02141 USA
