The policy discloses the use of HubSpot (via a WordPress plugin, version 11.3.51) for page analytics tracking, and Google Tag Manager (container ID GTM-T4HBBQG) for tag management and analytics. These integrations authorize the transfer of visitor behavior and identifier data to HubSpot and Google as third-party processors.
This analysis describes what Boston Dynamics's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that personal data collected through the Boston Dynamics website is processed by HubSpot and Google as third-party service providers, creating data processing relationships subject to GDPR Article 28 (if EU users are involved) and CCPA service provider requirements (if California users are involved). The operational scope of data transferred to these vendors depends on the specific HubSpot and Google Tag Manager configuration.
Interpretive note: The full scope of data transmitted to HubSpot and Google cannot be determined from the document text alone; it depends on the specific HubSpot and Google Tag Manager configuration deployed on the site.
Under these terms, visitor data including page view behavior and potentially identifiers is transmitted to HubSpot and Google for analytics and marketing purposes, subject to the consent configuration described elsewhere in the policy. The agreement establishes that this data sharing occurs as part of the website's standard operational infrastructure.
Cross-platform context
See how other platforms handle Third-Party Marketing and Analytics Data Sharing and similar clauses.
Compare across platforms →Monitoring
Boston Dynamics has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"var _hsq = _hsq || []; _hsq.push(["setContentType", "standard-page"]); <!-- DO NOT COPY THIS SNIPPET! Start of Page Analytics Tracking for HubSpot WordPress plugin v11.3.51-->— Excerpt from Boston Dynamics's Boston Dynamics Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages GDPR Articles 28 and 46 (data processing agreements and cross-border transfers), CCPA/CPRA service provider provisions, and the EU-US Data Privacy Framework (to the extent applicable). The relevant enforcement authorities are EU/EEA Data Protection Authorities, the UK ICO, the California Privacy Protection Agency, and the FTC. Transfers of EU personal data to HubSpot and Google (US-based entities) require valid transfer mechanisms such as Standard Contractual Clauses or reliance on the EU-US Data Privacy Framework where applicable. 2. GOVERNANCE EXPOSURE: Medium. The use of HubSpot and Google Tag Manager is standard in enterprise marketing contexts, but the absence of explicit confirmation of data processing agreements and transfer mechanisms in the public policy text creates a documentation gap relative to GDPR Article 28 and Article 46 requirements. This exposure is heightened if the HubSpot integration captures form submissions containing personal data such as name, email, and company affiliation. 3. JURISDICTION FLAGS: EU/EEA and UK users face the highest exposure due to cross-border transfer requirements. California users may have rights to know the categories of third parties with whom their data is shared. Organizations in regulated industries (financial services, healthcare) accessing the Boston Dynamics website should assess whether employee browsing data transmitted to HubSpot or Google creates secondary compliance obligations. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should verify the existence and adequacy of data processing agreements with HubSpot and Google. They should also assess whether HubSpot's processing of form submission data (including contact inquiries and job applications) is scoped appropriately as a service provider under CCPA or as a processor under GDPR, rather than as an independent controller. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should map all data flows to HubSpot and Google to confirm that the data processing agreements are current, that transfer mechanisms are documented, and that the consent management system correctly gates HubSpot and Google Tag Manager tags prior to consent. A data inventory update may be required to reflect these third-party relationships.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that personal data collected through the Boston Dynamics website is processed by HubSpot and Google as third-party service providers, creating data processing relationships subject to GDPR Article 28 (if EU users are involved) and CCPA service provider requirements (if California users are involved). The operational scope of data transferred to these vendors depends on the specific HubSpot …
Under these terms, visitor data including page view behavior and potentially identifiers is transmitted to HubSpot and Google for analytics and marketing purposes, subject to the consent configuration described elsewhere in the policy. The agreement establishes that this data sharing occurs as part of the website's standard operational infrastructure.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Boston Dynamics.