HubSpot Legal Stuff

by: HubSpot Employee
HubSpot Employee

July 2018 Revisions to the TOS and DPA

HubSpot recently updated the April 2018 versions of the Customer Terms of Service (a.k.a. the TOS) and the Data Processing Agreement (a.k.a. the DPA).


As we usually do when we update the TOS and DPA, we’ve made some drafting clean-ups, clarifications and formatting improvements.  Some of these updates were made to help provide a clearer description of the intent of the terms or to make the terms easier to review.


TOS Updates:


You’ll notice a number of changes to reflect the addition of email to the Marketing Hub Starter Product.  The Email Send Limit for Marketing Hub Starter will be five (5) times the Maximum Contacts number per calendar month.  Once you have hit this limit you won’t be able to send any more emails in that month, including any pre scheduled emails, so you will need to purchase additional Contacts in order to increase your Email Send Limit.  Additionally, for customers of Marketing Hub Starter, we determine your Contact tier for the next Billing Period by reviewing the Contacts in your account on the last day of your Billing Period.


The definition of ‘Enrichment Data’ has been updated to clarify that Enrichment Data does not include personally identifiable information, which should be a welcome addition to customers subject to the GDPR.  Additionally, we’ve noted that we may obtain Enrichment Data from both third parties and internal data processes (more on this below).


We’ve added some language to our ‘Customer Support’ section which gives HubSpot the right to limit or deny access to support for those customers who are misusing the service or abusing HubSpot representatives.  


In our ‘Aggregate Data’ section you’ll see that we’ve included an explanation of our use of Customer Data as part of internal data processes to develop and improve Enrichment Data. HubSpot takes the confidentiality of Customer Data very seriously so, we also commit to never disclose, include, or provide Customer Data to other customers or third parties.


We recognize that some individuals are interested in knowing when we update our TOS, but may not be using the subscription frequently enough to see the in-app notice that has traditionally accompanied an update.  We are happy to announce that customers can now sign up to receive an email notice when an update to the TOS has occurred by completing the form found here.   


DPA Updates: 


We’ve re-organized our DPA to help you better navigate the various legal requirements and obligations spelled out in the document. You’ll notice that the ‘Sub Processors’ and ‘Data Transfers’ sections have been removed as subsections of the ‘Obligations of Processor’ section and now stand alone.


In the ‘Audits’ section, we’ve provided more information on our obligations to provide data related to our processing of personal data and our compliance with the obligations of data processors under data protection law.  Additionally, we’ve provided clarity on the process for requesting and performing inspections of our business operations by you or a qualified third party auditor that we have approved.


We’ve moved our list of sub-processors to the HubSpot Sub-Processors Page located here. We’ve also added a way to sign-up to notifications when we add a sub-processor to this list - fill out the form on this page and we’ll send you an email notification that we’ve made an update to the page. For more on how to object to a new sub-processor see section 6(b) of the DPA.  


A change that we think customers will like is the addition of the ‘Data Protection Impact Assessments and Consultation with Supervisory Authorities’ subsection in the ‘Obligations of Processor’ section.  This section outlines our obligations to provide reasonable assistance to Controllers attempting to comply with requirements of article 35 or 36 of the GDPR or equivalent provisions of data protection law.  


We’ve also updated our ‘Data Subject Requests’ section to be clear that we will provide reasonable assistance as required by data protection law to Controllers in the event they do not have the ability to address a data subject request without HubSpot’s assistance. We’ve built functionality into the product that helps you comply with data subject requests, but in the off-chance you need our help in processing a request, we’ve clarified that the customer shall reimburse HubSpot for commercially reasonable costs associated with that assistance.


Well, that’s that!  Please remember that this is just an informal, high-level summary of the most recent changes to the TOS and DPA, and that you should always make sure you’ve read and understood them before you use our software or services. Thanks!