HubSpot recently updated the following legal documents, which are all included in our Customer Terms of Service:
November 1, 2021, Master Terms
May 2, 2022, Product Specific Terms
November 1, 2021, Jurisdiction Specific Terms
September 27, 2021, Data Processing Agreement
We wanted to give you some information on what's changed below. Please remember that this is just an informal, high-level summary of the most recent changes to these documents, and that you should always make sure you’ve read and understood the complete Customer Terms of Service before you use our products or services.
General Terms Update
We updated the name of our main terms to “General Terms.” We also made the following updates:
We removed a reference to capacity packs as an example in the definition of “Add-Ons.” You can review our Product and Services Catalog for product and services information.
We added a statement to clarify that knowledge base articles are not incorporated into the Agreement; they are for information only.
We made some updates to our fees and payments language, including adding a new definition for Authorized Payment Methods and a transparent authorization to use your Authorized Payment Method to pay outstanding fees.
We clarified that “Confidential Information” includes information that would reasonably be considered confidential.
We simplified the references to Alpha/Beta Services to Beta Services.
We tried to simplify our Service Uptime Commitment language.
We updated our Phone Support section to reflect response times during our Company-wide week of rest.
Jurisdiction Specific Terms
We are delighted to have opened multiple new offices across the globe! Accordingly, we updated our Jurisdiction Specific Terms.
We have added new Contracting Entities for Customers in Spain and The Netherlands.
We have worked to remove duplicative terms between the Jurisdiction Specific Terms and the General Terms.
We have also stated our commitment to compliance for our customers in the European Economic Area.
Data Processing Agreement
Our Customer Data Processing Agreement (DPA) provides transparency into how we protect and process your data and ensures that we do so in line with all applicable laws. We’ve updated our DPA to ensure that we continue to provide the most up to date and detailed information possible. Here is a quick summary of the important changes:
We previously included the full text of Module Two of the European Union Standard Contractual Clauses (SCC’s) in the DPA, we now incorporate these by reference together with Module Three to support Processor to Processor transfers (when applicable). We have also incorporated the International Data Transfer Addendum issued by the UK Information Commissioner (the UK Addendum) to supplement the SCC’s when we transfer data out of the UK. You can access the full text of the SCCs and the UK Addendum through the link in the DPA, or download the DPA PDF which includes the full text.
We’ve made updates to Annex 2 - Security Measures, to provide greater detail on the steps we take to keep your data safe. This includes linking out to HubSpot’s Security page where you can download additional resources such as our SOC 2 Type II Report, SOC 3 Report, Security Overview and Penetration Test Summaries. We also provide more information on areas that include:
Physical and environmental security
The way in which we perform penetration tests
Our access controls around your data
Our employee background checks; and
Disaster recovery planning
We are also excited to add our two new HubSpot entities to our list of Sub-Processors in Annex 3: HubSpot Spain, S.L. and HubSpot Netherlands B.V.n
simplifying definitions and adding more context to how we use defined terms, such as the HubSpot Subscription Service; and
better organizing our content to remove repetition and ensure the information is easy to find, whether you want to know what data we collect, how we use it or how we share it with third parties.
We’ve provided additional transparency around our data practices including how we collect, store and share your data and for what purposes, these include:
Greater detail on how we collect and store log files (including what data these log files include!);
How usage data is collected, used and shared.