When HubSpot moves your data from Europe or the UK to the United States or other countries, it relies on legal mechanisms like Standard Contractual Clauses or the EU-U.S. Data Privacy Framework to make that transfer lawful.
This analysis describes what HubSpot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause operationalizes HubSpot's compliance framework for international data transfers under GDPR and UK data protection law. The provision documents the specific legal instruments the organization deploys to maintain adequate protection standards when personal data crosses EEA and UK borders.
Your personal data processed by HubSpot (a U.S.-headquartered company) is transferred to the United States, and the legal mechanism protecting that transfer could be challenged or invalidated, potentially leaving your data with reduced legal protections.
How other platforms handle this
Epic Games, Inc. is headquartered in Cary, North Carolina. We and our subsidiaries have offices and operations located around the world that help create and deliver some of your favorite products and services, including games like Fortnite and developer tools like Unreal Engine.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please note that we transfer your personal data to countries outside of these regions, including the United States, which may not provide the same level of data protection as your home country. We rely on app...
Canva is headquartered in Australia, and the Service is operated from Australia. If you are located in the European Economic Area, the United Kingdom, or other regions with laws governing data collection and use, please note that your information may be transferred to and processed in countries that...
Monitoring
HubSpot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When we transfer your personal data outside the EEA or UK, we ensure an adequate level of protection is afforded to it by ensuring at least one of the following safeguards is implemented: transfers are to countries that have been deemed to provide an adequate level of protection for personal data; we use specific contracts approved by the European Commission, known as 'standard contractual clauses'; or the organization is registered under a Privacy Shield or Data Privacy Framework program.— Excerpt from HubSpot's HubSpot Privacy Policy
(1) REGULATORY FRAMEWORK: GDPR Art. 44-49 governs cross-border transfers; the EU-U.S. Data Privacy Framework was adopted by European Commission Adequacy Decision of July 10, 2023, but remains subject to challenge (cf. Schrems II, Case C-311/18). Standard Contractual Clauses are governed by EC Implementing Decision 2021/914. UK transfers are governed by UK GDPR and the UK's International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs. The primary enforcement authority for transfer adequacy is the EDPB and national DPAs. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause operationalizes HubSpot's compliance framework for international data transfers under GDPR and UK data protection law. The provision documents the specific legal instruments the organization deploys to maintain adequate protection standards when personal data crosses EEA and UK borders.
Your personal data processed by HubSpot (a U.S.-headquartered company) is transferred to the United States, and the legal mechanism protecting that transfer could be challenged or invalidated, potentially leaving your data with reduced legal protections.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by HubSpot.