HubSpot · HubSpot Privacy Policy · View original document ↗

Data Subject Rights (GDPR — Access, Deletion, Portability, Objection)

Medium severity Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for HubSpot Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

EU and UK users have the legal right to see, correct, delete, or move their personal data held by HubSpot, and can object to how HubSpot uses it.

This analysis describes what HubSpot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision operationalizes HubSpot's compliance obligations under GDPR by explicitly acknowledging enforceable individual rights and establishing a mechanism (contact process) through which data subjects may exercise those rights. The clause creates a procedural framework for handling data access, rectification, and deletion requests.

Consumer impact (what this means for users)

EU and UK residents can exercise six distinct GDPR rights over their HubSpot personal data, including deletion and portability, by contacting privacy@hubspot.com — and HubSpot is legally required to respond within one month.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Email privacy@hubspot.com specifying your request type (access, deletion, portability, or objection). HubSpot is required under GDPR to respond within 30 days.

How other platforms handle this

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

Tinder Medium

Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to access your personal information, the right to correct inaccurate data, the right to delete your data, the right to portability, the right to object to processing, and ...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

See all platforms with this clause type →

Monitoring

HubSpot has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you are in the EEA or UK, you have certain data protection rights under GDPR. HubSpot aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal information. If you wish to be informed of what personal information we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights: the right to access, update or delete the information we have on you; the right of rectification; the right to object; the right of restriction; the right to data portability; and the right to withdraw consent.

— Excerpt from HubSpot's HubSpot Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 15 (right of access), Art. 16 (rectification), Art. 17 (erasure), Art. 18 (restriction), Art. 20 (portability), Art. 21 (objection), and Art. 77 (right to lodge a complaint). UK GDPR mirrors these provisions. Response deadline is one month, extendable by two months for complex requests with notification (Art. 12(3)). Enforcement by EU/EEA national DPAs and UK ICO; fines up to €20 million or 4% of global turnover for non-compliance. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    EU/EEA and UK residents should contact their national Data Protection Authority or the UK ICO for GDPR enforcement; U.S. state AGs handle equivalent state-level complaints.
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
HubSpot Privacy Policy
Entity
HubSpot
Document last updated
May 5, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002979
Document ID
CA-D-00208
Evidence Provenance
Source URL
https://legal.hubspot.com/privacy-policy
Wayback Machine
View archived versions →
Content hash (SHA-256)
9086069c646a8fb26903326cd813947f9a89ebc0ea991c257cd0694abc31cafb
Analysis generated
April 18, 2026 11:21 UTC
Methodology
summarize_document-v7
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: HubSpot
Document: HubSpot Privacy Policy
Record ID: CA-P-002979
Captured: 2026-04-18 11:21:28 UTC
SHA-256: 9086069c646a8fb2…
URL: https://conductatlas.com/platform/hubspot/hubspot-privacy-policy/data-subject-rights-gdpr-access-deletion-portability-objection/
Accessed: June 17, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories
Privacy rights

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does HubSpot's Data Subject Rights (GDPR — Access, Deletion, Portability, Objection) clause do?

This provision operationalizes HubSpot's compliance obligations under GDPR by explicitly acknowledging enforceable individual rights and establishing a mechanism (contact process) through which data subjects may exercise those rights. The clause creates a procedural framework for handling data access, rectification, and deletion requests.

How does this clause affect you?

EU and UK residents can exercise six distinct GDPR rights over their HubSpot personal data, including deletion and portability, by contacting privacy@hubspot.com — and HubSpot is legally required to respond within one month.

Is ConductAtlas affiliated with HubSpot?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by HubSpot.