Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is HubSpot's publicly published list of sub-processors, third-party companies that HubSpot engages to process personal data on behalf of its business customers who use HubSpot's CRM, marketing, sales, and service platform products. The document discloses the identity, purpose, and processing location of each sub-processor, which is relevant to HubSpot's customers who are themselves data controllers obligated to track and authorize third-party data processing under applicable privacy law. HubSpot's customers may have contractual rights to object to new sub-processors, depending on the terms of their data processing agreements with HubSpot.
This document is HubSpot's sub-processor list, published as a transparency disclosure under data processing obligations most directly associated with the GDPR's requirements for controllers and processors to document and disclose third-party sub-processors engaged in personal data processing. The document identifies third-party vendors to whom HubSpot transfers or grants access to personal data processed on behalf of its customers, categorizing each by name, purpose, and data processing location. The list is operationally significant because under GDPR Article 28, data processors must obtain controller authorization before engaging sub-processors, and this list serves as the mechanism by which HubSpot provides that disclosure to its business customers; however, the document as rendered does not include the full tabular sub-processor data due to HTML truncation, limiting the ability to assess the complete scope of third-party data flows. The document engages the EU General Data Protection Regulation, the UK GDPR, and potentially the Swiss Federal Act on Data Protection, given HubSpot's European customer base and cross-border data transfer obligations. Material compliance considerations include HubSpot customers' obligation to review sub-processor additions or changes and assess whether those changes affect their own data processing agreements, consent frameworks, or data transfer mechanisms such as Standard Contractual Clauses.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get ComplianceMonitoring
HubSpot has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle Cross-Border Data Transfer Disclosure and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.