HubSpot · HubSpot Privacy Policy

Data Subject Rights (GDPR — Access, Deletion, Portability, Objection)

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

EU and UK users have the legal right to see, correct, delete, or move their personal data held by HubSpot, and can object to how HubSpot uses it.

Consumer impact (what this means for users)

EU and UK residents can exercise six distinct GDPR rights over their HubSpot personal data, including deletion and portability, by contacting privacy@hubspot.com — and HubSpot is legally required to respond within one month.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Email privacy@hubspot.com specifying your request type (access, deletion, portability, or objection). HubSpot is required under GDPR to respond within 30 days.

Cross-platform context

See how other platforms handle Data Subject Rights (GDPR — Access, Deletion, Portability, Objection) and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights under GDPR are enforceable by law, and if HubSpot fails to honor them within the required 30-day window, you can escalate to your national Data Protection Authority.

View original clause language
If you are in the EEA or UK, you have certain data protection rights under GDPR. HubSpot aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal information. If you wish to be informed of what personal information we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights: the right to access, update or delete the information we have on you; the right of rectification; the right to object; the right of restriction; the right to data portability; and the right to withdraw consent.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 15 (right of access), Art. 16 (rectification), Art. 17 (erasure), Art. 18 (restriction), Art. 20 (portability), Art. 21 (objection), and Art. 77 (right to lodge a complaint). UK GDPR mirrors these provisions. Response deadline is one month, extendable by two months for complex requests with notification (Art. 12(3)). Enforcement by EU/EEA national DPAs and UK ICO; fines up to €20 million or 4% of global turnover for non-compliance. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU/EEA and UK residents should contact their national Data Protection Authority or the UK ICO for GDPR enforcement; U.S. state AGs handle equivalent state-level complaints.
    File a complaint →

Provision details

Document information
Document
HubSpot Privacy Policy
Entity
HubSpot
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002979
Document ID
CA-D-00208
Evidence Provenance
Source URL
https://legal.hubspot.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
9086069c646a8fb26903326cd813947f9a89ebc0ea991c257cd0694abc31cafb
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: HubSpot | Document: HubSpot Privacy Policy | Record: CA-P-002979
Captured: 2026-04-18 11:21:28 UTC | SHA-256: 9086069c646a8fb2…
URL: https://conductatlas.com/platform/hubspot/hubspot-privacy-policy/data-subject-rights-gdpr-access-deletion-portability-objection/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document