Data & Integrations
      Back to home
      1. Help Center
      2. Projects, Process & Support
      3. Data & Integrations

      What is Sensitive Data?

      This articles explains what is regarded as sensitive data.

      Sensitive information refers to data that requires protection due to the potential harm that could result from unauthorized access, disclosure, or misuse. Here's a non-exhaustive list of common types of sensitive information.


      Hubspot terms and conditions indicate the type of Sensitive Data that can be stored in HubSpot. 

       

      COVERED SERVICES

      You agree to use only the Covered Services for the categories of Permitted Sensitive Data detailed in the 'Covered Services Table.'

      COVERED SERVICES TABLE
      Permitted Features and Data 

      COVERED SERVICES

      PERMITTED SENSITIVE DATA 

       

       

       

       

      The HubSpot Enterprise Subscription Services support Permitted Sensitive Data within the following features:

      • CRM object properties, including manual update, import, export, properties API and import API
      • CRM activities (notes, emails, calls*, tasks, meetings)
      • CRM objects API
      • list creation
      • workflows
      • search
      • reporting
      • integrations
      • forms
      • form submissions authenticated API 
      • CRM attachments added to records manually, via notes, call logs*, meetings, tasks, email, forms and sensitive file properties

       

       


      *(call logs are permitted, but call recordings and transcripts including Sensitive Data are not permitted)
      • Citizenship and immigration status
      • Limited government issued identification information (for example, passport numbers, driver's licenses, and government issued identification cards) 
      This does NOT include government-issued numbers used to grant access to highly sensitive information for example Social Security Numbers or tax identifiers.
      • Last 4 digits of bank or financial institution account numbers.

      Full account numbers are NOT included in Permitted Sensitive Data.
      • Last 4 digits of credit or debit card numbers

      Full card numbers and card security codes (CSCs) are NOT included in Permitted Sensitive Data.
      • Payment history (for example payments due, missed payments, remaining balance)
      • Income and salary data (for example,  income history, individual salary, salary bands/average salary data)
      • Gender
      • Professional performance reviews
      • Employment history
      • Veteran status
      • Demographic data (for example ethnicity, gender, age, religion and sexual orientation)
      • Children's information protected under any applicable child data protection laws (for example, age, grade level, attendance, credits, discipline, etc.)

      For the avoidance of doubt, the Subscription Services and the Sensitive Data Covered Services are not permitted for use by i) anyone under 18 years of age, ii) entities maintaining online services that specifically target children, or iii) entities engaging in targeted advertising to children protected under applicable child data protection laws.
      • Health data / For example, fitness information, wellness information and sensitive health information of individuals subject to GDPR. 
      • Protected Health Information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA)). This includes health information in the US such as patient information, provider information and medical history.

       

      3.  BETA COVERED SERVICES

      You agree to use only the Beta Covered Services for the categories of Permitted Sensitive Data detailed in the 'Beta Covered Services Table.'  Some Beta Covered Services may be available to a limited number of select customers as determined by HubSpot and will be indicated as such in the Beta Covered Services Table ("Private Beta Covered Services”). As a reminder, the HubSpot Beta Terms available at https://legal.hubspot.com/hubspot-beta-terms apply to all Beta services.  

      BETA COVERED SERVICES TABLE
      Permitted Features and Data in Beta

      BETA

      COVERED SERVICES

      PERMITTED SENSITIVE DATA IN BETA

      HubSpot Enterprise Subscription Services customers participating in the Highly Sensitive Data Beta may use Permitted Sensitive Data in Beta with the following features:

      • CRM object properties, including manual update, import, export, properties API and import API
      • integrations
      • CRM objects API
      • forms
      • form submissions authenticated API
      • CRM attachments added to records manually, via notes, call logs*, meetings, tasks, email, forms and sensitive file properties

       

      *(call logs are permitted, but call recordings and transcripts including Sensitive Data are not permitted)

       



       

       

      • Full bank account numbers
      • International Bank Account Numbers (IBAN)
      • Tax return information
      • Bank statements
      • Full Social Security Numbers (SSN) 

      The use of the Subscription Service for directly processing payments is strictly prohibited.

      PRIVATE BETA

      COVERED SERVICES

      		 PERMITTED SENSITIVE DATA IN PRIVATE BETA

      [No services currently in private beta]


      This article was last updated on 07/01/2025.