HubSpot transfers personal data outside the EU, UK, and Switzerland to countries with lower legal privacy standards, and uses Standard Contractual Clauses as the primary legal mechanism to make those transfers lawful.
This analysis describes what HubSpot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
International data transfers are a high-scrutiny area under GDPR following the Schrems II ruling. The use of SCCs is legally recognized but may require additional technical safeguards depending on the destination country.
Interpretive note: The adequacy of HubSpot's SCCs depends on whether supplementary Transfer Impact Assessments have been completed for each destination country, which the policy discloses but does not detail.
Your personal data collected in the EU, UK, or Switzerland may be transferred to countries with different privacy standards, including the United States. HubSpot states it uses SCCs to protect this data during transfer, but the practical protection depends on HubSpot's implementation of supplementary measures.
How other platforms handle this
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that we may transfer your personal information to countries outside of these regions, including to the United States, where data protection laws may not provide the same level of protection as those...
Where Zendesk transfers personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of pro...
Pinterest, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. When we transfer your personal data from the EEA, Switzerland, or the UK to...
Monitoring
HubSpot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that do not provide an equivalent level of data protection, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognized by the relevant authorities.— Excerpt from HubSpot's HubSpot Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Chapter V on international data transfers, including the European Commission's SCCs issued in 2021. The Irish Data Protection Commission is the lead supervisory authority for HubSpot's EU operations. The UK ICO applies equivalent transfer mechanisms under UK GDPR and the International Data Transfer Agreement framework. Post-Schrems II (Case C-311/18), reliance on SCCs alone may be insufficient without a Transfer Impact Assessment (TIA) evaluating laws and practices in the destination country. GOVERNANCE EXPOSURE: High. Transfers to the United States are particularly scrutinized. If HubSpot has not completed TIAs for each country to which EU/UK personal data is transferred, or if supplementary technical measures (such as encryption with keys held outside the destination jurisdiction) are not in place, this creates regulatory exposure for both HubSpot and its business customers as joint participants in the transfer chain. JURISDICTION FLAGS: EU/EEA and UK create the highest exposure, particularly for business customers whose end-user data originates in these regions. Switzerland applies equivalent requirements under the revised Federal Act on Data Protection. Brazil's LGPD has analogous transfer restriction provisions that may also be relevant for Brazilian user data. CONTRACT AND VENDOR IMPLICATIONS: Business customers relying on HubSpot as a processor for EU/UK personal data should confirm that HubSpot's SCCs are up to date with the 2021 European Commission versions and that applicable TIAs have been completed. Contracts should specify data residency options if available and confirm sub-processor SCC coverage. Audit rights provisions in HubSpot's DPA should be reviewed to assess whether they are practically exercisable. COMPLIANCE CONSIDERATIONS: Compliance teams should request HubSpot's current SCC documentation and TIA summaries as part of vendor due diligence. Data mapping should identify all cross-border personal data flows through HubSpot's infrastructure. Organizations with strict data residency requirements should evaluate HubSpot's data hosting configurations and available regional data centers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
International data transfers are a high-scrutiny area under GDPR following the Schrems II ruling. The use of SCCs is legally recognized but may require additional technical safeguards depending on the destination country.
Your personal data collected in the EU, UK, or Switzerland may be transferred to countries with different privacy standards, including the United States. HubSpot states it uses SCCs to protect this data during transfer, but the practical protection depends on HubSpot's implementation of supplementary measures.
ConductAtlas has identified this type of provision across 11 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by HubSpot.