What are the institutional and regulatory implications of this document?

(1) REGULATORY EXPOSURE: This policy engages GDPR Art. 6 (lawful bases for processing), Art. 13/14 (transparency obligations), Art. 17 (right to erasure), Art. 28 (processor agreements), and Art. 46 (cross-border transfer mechanisms including SCCs and EU-U.S. Data Privacy Framework); UK GDPR and UK Data Protection Act 2018; CCPA §1798.100 and CPRA amendments (right to know, delete, opt-out of sale/sharing); and broadly applicable FTC Act Section 5 unfair or deceptive practices standards. Primar…

How does HubSpot's HubSpot Privacy Policy affect users?

HubSpot's privacy policy affects consumers in two ways: directly, if they use HubSpot's own products, and indirectly, if a third-party business has uploaded their contact information into HubSpot's platform without their explicit knowledge. HubSpot shares personal data with advertising networks and third-party service providers for purposes including targeted advertising and analytics, which may exceed the expectations of consumers who have only interacted with a business that happens to use Hu…

How often is HubSpot's HubSpot Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when HubSpot updates this document?

Yes. Watcher subscribers ($9.99/month) can add HubSpot to their watchlist and receive same-day email alerts whenever this document or any other HubSpot document changes.

HubSpot Privacy Policy — HubSpot

8 Total

2 High severity

6 Medium severity

0 Low severity

Summary

HubSpot's Privacy Policy explains how HubSpot collects and uses personal information about visitors to its website, people who sign up for its services, and the contacts that HubSpot's business customers upload into HubSpot's CRM and marketing tools. The most important thing for everyday people to know is that if a business uses HubSpot's software, your contact details — including your email address, browsing behavior on that business's website, and any form submissions — may be stored and processed by HubSpot on that business's behalf. If you believe a business has submitted your data to HubSpot without your consent, you can submit a data removal request at https://app.hubspot.com/reports-dashboard/1316849 or by emailing privacy@hubspot.com.

Technical Summary

This document is HubSpot's global Privacy Policy governing the collection, use, storage, and disclosure of personal data across HubSpot's CRM platform, marketing tools, and related services, with legal bases including consent, legitimate interests, and contractual necessity under GDPR Art. 6. The policy creates obligations for HubSpot to respond to data subject access, deletion, correction, and portability requests, and obligates business customers ('Customers') to maintain their own legal bases for processing end-user ('Contact') data submitted to HubSpot's platform. Notably, HubSpot operates a dual-controller model in which it acts as both a data controller (for its own marketing and service data) and a data processor (for Customer-submitted Contact data), and the policy discloses sharing of personal data with a broad list of third-party service providers, advertising networks, and business partners without requiring opt-in consent for many such transfers. The policy engages GDPR (EU/UK), CCPA/CPRA (California), and other applicable data protection laws, with HubSpot relying on Standard Contractual Clauses and the EU-U.S. Data Privacy Framework for cross-border data transfers; material compliance considerations include the adequacy of HubSpot's legitimate interest assessments, the comprehensiveness of its cookie consent mechanisms, and the sufficiency of its processor agreements with Customers who upload third-party Contact data.

Evidence Provenance

Captured April 29, 2026 06:29 UTC

Document ID CA-D-000208

Version ID CA-V-001002

Source URL https://legal.hubspot.com/privacy-policy

Wayback Machine View archived versions →

SHA-256 0b409b8ec17f587604fdac05da3808ab1ae351f054aaf811d52a7285c68b876d

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 29, 2026 — Document updated low

HubSpot reorganized their Privacy Policy navigation menu on April 29, 2026. The 'Privacy Policy' link moved from the 'For Customers' section to the 'For Everyone' section of their Legal Center navigation. This is a structural navigation change and does not alter the actual content of the privacy policy itself.

· 1 modified
View diff → View full record →
0b409b8e…
April 23, 2026 — Document updated low

HubSpot updated their privacy policy on April 23, 2026, making a minor change to the navigation footer of the document. Specifically, two tools — 'Website Grader' and items like 'Blog Ideas Generator,' 'Invoice Generator,' and 'Campaign Assistant,' and 'Landing Page Creator' — were removed from the listed product links in the footer. This is a cosmetic update to the document's navigation and does not affect any privacy rights, data handling practices, or user protections.

· 1 modified
View diff → View full record →
9ce013c8…
April 22, 2026 — Document updated low

HubSpot updated its Privacy Policy page navigation on April 22, 2026. The main changes are structural: a 'Privacy Policy' link was added under the 'For Customers' section, a 'HubSpot Developer Terms' link was added under 'For Partners', and a standalone 'Privacy Policy' link was removed from the 'For Everyone' section. This is a navigation/menu reorganization and does not change the actual content of the privacy policy or any consumer rights.

· 1 modified
View diff → View full record →
61fdb974…
April 18, 2026 — Initial capture

Initial snapshot — monitoring begins

f962c470…

View full version history (0 captures) →

Analyzed Changes

3 changes analyzed since monitoring began.

Updated April 29, 2026

low

What changed HubSpot updated their HubSpot Privacy Policy on April 29, 2026. Change detected: 1 sentence(s) modified. Document contained 372 sentences after update.

Consumer impact HubSpot reorganized its Legal Center navigation so the Privacy Policy link now appears under a 'For Everyone' section rather than 'For Customers.' The underlying privacy policy content has not changed. This has no practical impact on consumer data rights or protections.

Why it matters This change is purely navigational and does not affect any privacy rights or data practices. Users looking for HubSpot's Privacy Policy will now find it listed under 'For Everyone' rather than 'For Customers' in the Legal Center.

Updated April 23, 2026

low

What changed HubSpot updated their HubSpot Privacy Policy on April 23, 2026. Change detected: 1 sentence(s) modified. Document contained 372 sentences after update.

Consumer impact HubSpot's privacy policy update on April 23, 2026 only affects the navigational footer links embedded in the document, removing references to a few product tools such as Website Grader, Blog Ideas Generator, Invoice Generator, Campaign Assistant, and Landing Page Creator. There are no changes to how HubSpot collects, uses, or shares personal data, nor any changes to consumer rights or protections. No action is required from consumers in response to this update.

Why it matters This change has no meaningful impact on users — it is purely a housekeeping update to the navigation links embedded in the privacy policy page. No data rights, privacy protections, or policy terms were altered.

Updated April 22, 2026

low

What changed HubSpot updated their HubSpot Privacy Policy on April 22, 2026. Change detected: 1 sentence(s) modified. Document contained 372 sentences after update.

Consumer impact HubSpot reorganized the navigation menu on its Privacy Policy page, moving the Privacy Policy link from the 'For Everyone' section to the 'For Customers' section and adding a Developer Terms link under 'For Partners'. The actual text and substance of the privacy policy — including your data rights, collection practices, and protections — was not changed. This update has no material impact on how your personal data is handled.

Why it matters This change only affects how users navigate to legal documents on HubSpot's website, not the substance of any policy. No consumer rights, data practices, or legal protections were altered.

Recent Clause-Level Changes Apr 29, 2026

8 provisions unchanged.

View full change record →

High Severity — 2 provisions

Dual Controller-Processor Model for Contact Data

When a business uses HubSpot's software, HubSpot stores and processes that business's customer list (including your email and contact details) on the business's behalf. The business — not HubSpot — is responsible for making sure it had your permission to put your data there.

Added April 18, 2026
Third-Party Data Sharing with Advertising and Analytics Partners

HubSpot shares your personal data with outside companies for advertising purposes, meaning your information may be used to show you targeted ads on other websites and social media platforms.

Added April 18, 2026

Medium Severity — 6 provisions

Cross-Border Data Transfers (SCCs and EU-U.S. Data Privacy Framework)

When HubSpot moves your data from Europe or the UK to the United States or other countries, it relies on legal mechanisms like Standard Contractual Clauses or the EU-U.S. Data Privacy Framework to make that transfer lawful.

Added April 18, 2026
California Residents' Rights (CCPA/CPRA)

California residents have the legal right to ask HubSpot what personal data it holds about them, to have it deleted, and to stop HubSpot from selling or sharing it with advertisers — and HubSpot cannot penalize you for exercising these rights.

Added April 18, 2026
Data Subject Rights (GDPR — Access, Deletion, Portability, Objection)

EU and UK users have the legal right to see, correct, delete, or move their personal data held by HubSpot, and can object to how HubSpot uses it.

Added April 18, 2026
Cookies and Tracking Technologies

HubSpot uses cookies and tracking tools to monitor your activity on its website and services, and you can tell your browser to block cookies, though this may affect how the site works.

Added April 18, 2026
Data Retention

HubSpot keeps your personal data for as long as it needs it for the purposes described in the policy, or as long as the law requires, but does not specify fixed retention periods for most data categories.

Added April 18, 2026
Use of Data for Product Improvement and AI/ML

HubSpot uses your personal data to improve its own products, build new features, and personalize your experience on its platform.

Added April 18, 2026

Cross-platform context

See how other platforms handle Dual Controller-Processor Model for Contact Data and similar clauses.

Compare across platforms →

Applicable Regulations

United States Federal

CAN-SPAM

United States Federal

GDPR

European Union