HubSpot Legal Stuff

KSims
by: HubSpot Employee
HubSpot Employee

June 2024, Legal Stuff Update

June 4, 2024, Legal Stuff Update

HubSpot recently updated the following legal documents, which are all included in our Customer Terms of Service:

We wanted to give you some information on what's changed.  Please remember that this is just an informal, high-level summary of the most recent changes to these documents, and that you should always make sure you’ve read and understood the complet Customer Terms of Service before you use our products or services.

 

We’ve also made minor drafting clean-ups and clarifications across the terms.

____________________________________________________

General Terms

  • We are excited to support Sensitive Data in HubSpot! We have incorporated our Sensitive Data Terms into the General Terms (more details in the Sensitive Data Terms section below), and we made changes throughout the terms to support this shift. 

    • We removed the previous definition for “Sensitive Information” under our terms; you can find the updated information in the HubSpot Sensitive Data Terms.  
    • Similarly, we removed the previous restrictions prohibiting sensitive data, and now allow Permitted Sensitive Data within the Covered Services, as detailed in the HubSpot Sensitive Data Terms.  
  • We moved the User access credential information from the ‘Acceptable Use’ section to the ‘Access’ section to group similar information together in an effort to simplify review.  
  • While our practices have not changed, we updated the language under the ‘Effect of Termination or Expiration’ section to clarify unpaid fees remain due and remove possibly confusing phrasing.

Product Specific Terms

  • We updated the knowledge base article information in the ‘Retrieval of Customer Data’ section for your ease of reference.
  • Under the ‘Marketing Contacts Products Email Send Limit’ section, we’ve removed the duplicate limit information and included a link to the Product & Services Catalog for  up-to-date information regarding limits, tiers, add-ons, and more.  
  • We corrected legacy references from “Subscription Term” to “Current Term,” where applicable.  
  • We added information to the introduction of the ‘Commerce Hub’ section, which includes a short description of Commerce Hub, Stripe payment processing, and HubSpot payments, to help illustrate how the features are distinguishable from one another and how they may work together.  Given this restructuring, we removed the prior sections regarding Stripe payment processing and HubSpot payments.  
  • The ‘HubSpot Payments Terms of Use’ were updated to include the Platform Fee and the Processing Fee (more details in the HubSpot Payments Terms of Use section below); the ‘Commerce Hub’ section of the Product Specific Terms reflects similar updates for consistency.  
  • We updated the ‘WhatsApp Integration’ section to reflect updated product functionality that allows for integration with your HubSpot Account, generally, rather than specifically as a channel or through your inbox.  

Sensitive Data Terms (NEW!)

Legacy Marketing Hub 

  • We updated the definition of ‘Marketing Hub Products’ to remove the specific product examples.  
  • Under the ‘Marketing Hub Subscription Fee and Limits’ section, we’ve removed the duplicate limit information and included a link to the Product & Services Catalog for up-to-date information regarding limits, tiers, add-ons, and more; accordingly, we’ve also removed the prior Marketing Hub Email Send Limit section.
  • We corrected legacy references from “Subscription Term” to “Current Term,” where applicable. 
  • We updated the knowledge base article information in the ‘Retrieval of Customer Data’ section for your ease of reference.

 

Data Processing Agreement 

  • Similar to the updates in the General Terms and the Sensitive Data Terms, we have updated the Data Processing Agreement throughout the document to now support sensitive data.  
    • We removed the exclusion for sensitive data in the “Data Protection Laws” definition. 
    • In Annex 1 - Details of Processing, under the ‘Description of Transfer’ section, the Categories of Personal Data Transferred now includes processing of Sensitive Data. 
  • We updated the knowledge base article information in the ‘Deletion or Return of Personal Data’ section for your ease of reference.  
  • We’ve updated ‘Annex 2 - Security Measures’ to include additional details regarding our security protocols. 
    • We’ve added the ‘Information Security Policy’ section to reflect our internal controls regarding implementation and adherence to policies and procedures.  You can visit the HubSpot Trust Center, which provides an overview of our security standards. 
    • In the ‘Physical and environmental security’ section, we clarified the physical and environmental security controls are supported by our infrastructure providers.  
    • We updated the ‘Application Programming Interface (API) access’ section to reflect the standards included in our Security Overview.  You can learn more about APIs in this KB article.
    • We added the ‘Endpoint Harding’ section with details about our endpoint safeguards.  
    • The ‘Penetration testing’ and ‘Bug bounty’ sections moved under the new ‘Vulnerability Management Program’ section, which also includes additional new subsections for ‘Vulnerability Remediation Schedule’ and ‘Vulnerability scanning.’ 
    • We added the ‘Privileged Access Management’ section to describe how we may support your account within standard protocols.  
    • The ‘Background check’ information moved under the new ‘Personnel Management’ section. 
    • We updated the description of encryption capabilities in line with supported functionality.
    • The section previously titled 'Input Control' is now 'Incident Management, Logging, and Monitoring.'
    • We’ve added the ‘Incident Response Plan’ section to reflect our internal controls regarding implementation and adherence to policies and procedures.  
    • In the ‘Online replicas and backups’ section, we clarified the Online replicas and backups section to reflect the nature of redundant instances.
    • We added a new section reflecting ‘Personnel Management’ and the efforts we take to employ qualified staff.  

Sub-Processors Page 

  • We’ve updated the Litmus Software, Inc. processing location, including for data subjects in the EU, to the United States if you choose to engage with the functionality they support.  

Regional Data Hosting Policy 

  • We added Litmus Software, Inc. as a Sub-Processor processing personal data in the United States.     

Jurisdiction Specific Terms

  • The Governing Law for the United Kingdom now includes Wales.   

Jurisdiction Specific Terms - Australia/New Zealand 

  • We’ve updated the knowledge base article information to direct to updated titles and URLs.
  • We refined the ‘Effect of Termination of Expiration’ section to clarify the additional language does not apply where the agreement is terminated for cause.   

HubSpot Payments Terms of Use

  • We have updated the “Fees'' section to now include any applicable Platform Fee for HubSpot payments.  Accordingly, You’ll see updates throughout the page referring to the Platform Fee or Processing Fee, as applicable.  
  • We’ve updated the ‘Termination’ section to include your discontinued use of the payments services as a termination option.