Terms of Service Updates
HubSpot recently updated the July 2019 version of the HubSpot Customer Terms of Service (a.k.a. the TOS) and we wanted to give you some info on what's changed. Archived versions of the TOS are available here for your reference.
We think you’ll be happy to see these updates as these have been informed by what customers have been requesting. We also offer more transparency on how we manage your data. Here's a summary of the changes we've made to our TOS:
Additional Coverage Terms
For customers who have a Total Committed Subscription Value of more than $35,000 USD, we’ve created a new set of terms known as the HubSpot Additional Coverage Terms. These terms will be automatically incorporated into the terms of your Agreement if that threshold is reached. Included in those terms are:
Finally, as we usually do when we update the TOS, we made some drafting clean-ups, clarifications and formatting improvements. Some of these updates were made to help provide a clearer description of the intent of the terms or to make the terms easier to review.
Data Processing Agreement Updates
HubSpot is pleased to announce a new version of our Data Processing Agreement (a.k.a the DPA) which will replace the November 2018 version. Our new DPA will apply across our customer base where HubSpot processes personal data or personally identifiable information on behalf of a customer in connection with their use of HubSpot’s subscription services, and where such personal data is protected by applicable data protection or privacy laws. Archived versions of the DPA are available here for your reference.
You’ll see that we’ve broadened our definition of ‘Data Protection Laws’ to encompass all applicable worldwide data protection and privacy legislation, including the General Data Protection Regulation, the e-Privacy Directive 2002, the California Consumer Privacy Act of 2018 and data protection and privacy laws in Australia and Singapore.
In preparation for Brexit we have included the UK in our definitions of ‘Europe’ and ‘European Data Protection Law’. This is intended to minimise disruption to our UK customers and ensure that their personal data is treated in accordance with applicable national data protection legislation, as currently exists and as may be implemented post Brexit.
Our DPA was originally created specifically for customers subject to European data protection laws and we will continue to maintain our commitments to these customers in line with European data protection laws. Our section entitled ‘Additional Obligations for European Data’ will look very familiar and pulls together all our additional commitments to you.
We’ve clarified that the the Standard Contractual Clauses (‘SCCs’) in Annex 3 of the DPA act as the primary transfer mechanism for data transfers to HubSpot Inc. Privacy Shield is also available as a backup in the event that the SCCs are invalidated in the future.
We've added a new section to the HubSpot DPA called 'Additional Obligations for California Personal Information' which calls out our CCPA obligations. These terms will only apply to customers who process Personal Information subject to the CCPA.
We recognize that our customers’ affiliates may also use our subscription services and may be a data controller under European data protection laws. We have extended our DPA to cover Customer Affiliates where personal data is transferred in their use of the subscription services.
We’d also like to flag that we’ve reorganized our DPA as a result of the above mentioned changes and made it easier to navigate. Our ‘Details of Processing’ section has been moved to Annex 1. Our ‘Security Measures’ section has been consolidated into Annex 2 of the DPA.
Finally, we’ve also made some drafting clean-ups, clarifications, and formatting improvements to our DPA. As a result our terms should more clearly describe the intent of the terms and be easier to review.
Acceptable Use Policy Updates
We’ve updated our Acceptable Use Policy (a.k.a. the ‘AUP’) such that use of the HubSpot services to engage, promote, facilitate, or instruct others to engage in illegal activity is now restricted.
We’ve also restricted use of our services in order to promote, encourage or facilitate hate speech, violence or discrimination based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, veteran status, genetic information, and/or citizenship.