We wanted to give you some information on what's changed below. Please remember that this is just an informal, high-level summary of the most recent changes to these documents, and that you should always make sure you’ve read and understood the complete Customer Terms of Service before you use our products or services.
We’ve also made minor drafting clean-ups and clarifications across the terms.
General Terms Updates
We updated the definition of ‘Add-Ons’ to reflect the updated titles in our Product and Services Catalog for continuity and ease of reference.
We updated the definition of Personal Data to include personal information and match the definition provided in the DPA.
We removed some examples of exceeding Limits. You can refer to the ‘Limits’ section of the General Terms, the Product Specific Terms, and the Product and Services Catalog for additional information about Limits.
We included additional information about updated payment information we may receive from our vendors to avoid disruptions in billing.
We clarified the account information required to be kept up to date.
We included information about how customers can opt out of having Customer Data used for Machine Learning.
We pointed out the definition and details of Security Measures can be found in our DPA.
We incorporated our Code of Use Good Judgment from our company website, but clarified other information available on that site which is not incorporated.
We will not accept terms included in a supplier portal.
Product Specific Terms Updates
We included our recommendation for customers to retrieve Customer Data prior to the end of your term in the Product Specific Terms.
We removed language about purchasing additional calling minutes. You can learn more about purchasing additional calling minutes in our Product and Services Catalog.
Jurisdiction Specific Terms Updates
We have updated the structure of our Jurisdiction Specific Terms. The table shows each HubSpot entity contracting in that Customer Location, and now includes a link to additional terms applicable for that jurisdiction.
We updated the notice address for some of our entities.
We updated the jurisdiction specific terms for Colombia to support customers who reject invoices within three (3) business days.
We updated the jurisdiction specific terms for Australia to include additional language addressing Australia’s Unfair Contract Term rules.
We updated the jurisdiction specific terms for Japan to include additional compliance representations.
We updated the jurisdiction specific terms for Asia-Pacific to include compliance representations.
Acceptable Use Policy Updates
We added a restriction against using another User’s unique login credentials.
We added a restriction against using the Subscription Services from embargoed countries.
We included NFTs on our Restricted Industries list.
Data Processing Agreement Updates
We included language addressing the California Privacy Rights Act of 2020 (CPRA) within the definitions section and within the body of the DPA.
We updated the definition of Data Protection Laws to align with our General Terms and be clear that we prohibit Sensitive Information and exclude laws governing Sensitive Information.
We added the privacy laws of Japan to the list of countries included under the definition of Data Protection Laws.
We included our recommendation that customers retrieve data before the end of their term with us and included knowledge base articles on how to retrieve data.
We moved the ability to object to engaging with new Sub-Processors to the Sub-Processor section of the DPA.
In order to meet the obligations required by applicable law (in addition to GDPR), we have moved our Demonstration of Compliance language into its own section of the document.
We made minor updates to the headings of some sections.
We included additional information about Google reGAPTCHA Enterprise.
We included additional instructions on how to opt-out of receiving promotional content and marketing email at the beginning of the document, and removed other references lower in the document.
We confirmed we will send marketing communication with consent where required by law.
We included additional examples of third party service providers with whom we may share personal information.
We clarified we do not rely on EU-US Privacy Shield as a data transfer mechanism, even though we keep the framework in our DPA.
For ease of review, we have added references to other sections to help readers navigate the privacy policy.
For security reasons, we have updated our Privacy Policy and practices to allow us to verify the identity of a person making a request to access personal data.
We have included additional information about the right to correct inaccurate personal information for California Residents.