HubSpot's privacy policy footer navigation was updated on May 14, 2026 to include two new product references ('HubSpot AEO' and 'AEO Sensor') and one new navigation link ('Sustainability'), while also reorganizing some product menu items. These are navigation and menu updates in the footer of the policy document, not changes to substantive privacy terms, data practices, or user rights.
This change affects the navigation and product references displayed in the footer of HubSpot's privacy policy document. No substantive privacy terms, data collection practices, rights, or obligations were modified. The updates add navigation links to new products and company information without altering how HubSpot collects, uses, or protects user data.
This change has no operational significance to privacy practices or user rights. The footer navigation updates add product and company information links without modifying how HubSpot collects, processes, or protects data.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This is a footer navigation update only. No substantive changes to privacy obligations, data practices, or regulatory commitments were introduced. The addition of product references and navigation links does not trigger compliance or contract review obligations. No internal policies, DPAs, or privacy notices require updating as a result of this change.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002066.
This new provision explicitly discloses HubSpot's reliance on legitimate interests as a legal basis under GDPR, providing transparency about processing activities that may not require explicit consent.
This separated provision provides more detailed and structured disclosure of third-party sharing practices, including explicit requirement that third parties comply with legal obligations, which was previously embedded in a broader provision.
This standalone high-severity provision was replaced by separate, more granular provisions on data sharing and advertising tracking; the removal of the explicit high-severity classification may indicate reduced emphasis on third-party sharing risks.
This provision addressing product improvement, analytics, and personalization is no longer explicitly stated, though similar practices may now be covered under the new 'Legitimate Interests' provision or implied in other sections.
Simplified and clarified the controller-processor relationship, removing references to 'Customer Data' and 'Contacts' terminology in favor of more standardized 'personal data' language, and emphasized regulatory compliance responsibility.
Removed reference to Privacy Shield framework and simplified to focus on SCCs and equivalent mechanisms; added Switzerland explicitly; removed the 'at least one of' multiple safeguards language in favor of a more singular approach.
Removed detailed technical cookie definition, completed the truncated text about browser instructions, added explicit warning about service limitations if cookies are refused, and integrated third-party advertising partner disclosure into this provision.
Broadened from GDPR-specific (EEA/UK only) to location-agnostic language ('depending on your location and subject to applicable law'), completed the truncated list with explicit rights including objection, restriction, portability, and consent withdrawal, and provided a specific contact email address.
Added explicit reference to CCPA as 'amended by' CPRA, simplified 'use, disclose, and sell' to just 'collect', added new right to correct inaccurate personal information (CPRA-specific), and reworded non-discrimination right from 'for exercising' to 'against for exercising'.
Removed the parenthetical example explaining legal obligations retention and changed terminology from 'personal information' to 'personal data'; severity downgraded from medium to low.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorHubSpot's Terms of Service navigation menu was updated on May 14, 2026 to reflect product and company changes. The updated …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.