Scan and redact Sensitive Data

Once you’ve started storing Sensitive Data in your HubSpot account, Super Admins can scan your account to view a list of activities that may contain Sensitive Data. Then, you can review the data and permanently remove it from the account.

Being able to review and remove this data, can help maintain data hygiene and reduce compliance risks. For example, if a customer accidentally emails their credit card or ID information, you can review and remove those details.

Before you get started

Before you begin working with this feature, make sure to fully understand what steps should be taken ahead of time, as well as the limitations of the feature and potential consequences of using it. 

Understand requirements

Understand limitations & considerations

• You can scan information from the last 60 days.
• You can scan an account once every 30 days. 

Scan for Sensitive Data

If you're a Super Admin and Sensitive Data is turned on in your account, you can scan your account to detect Sensitive Data in activities from the last 60 days.

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Security.
3. Navigate to the Sensitive Data tab. 
4. In the Sensitive Data Scan section, click Start scan. If you've done a scan before, click Scan again.
   
   
5. In the right panel, select the checkboxes next to the types of data you want to scan. 
6. In the Exclude keywords from your scan section, enter any keywords you'd like to exclude. Press Enter after each keyword to add it.
7. In the bottom right, click Next. 
8. Review the information and select the checkbox to agree. 
9. Click Start scan. 

Once the scan starts, there will be a Scan in progress banner in the Sensitive Data Scan section. You'll receive an email when the results are ready.

Review your Sensitive Data scan

If you're a Super Admin, once you've scanned your account, you can review your results and remove Sensitive Data from your account. All of the actions you take will be recorded in your audit logs.

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Security.
3. Navigate to the Sensitive Data tab. 
4. In the Sensitive Data Scan section, click View results.
5. Click the dropdowns a the top to filter by Activity type, Data type, and Status. To filter by record name, enter record names in the searchIcon search bar.
6. To review an activity, hover over the activity and click View details.
7. In the right panel, review the data. Click View activity to view the full activity details.
   • After reviewing, if you decide you don't need to redact the information, select the Mark as non-sensitive checkbox.
     • Click Next.
     • Click Next again.
     • Click Confirm.
   • After reviewing, if you decide you want to remove this information from your account, click Next.
     • Select the checkbox next to the value you want to remove, and click Next.
     • Click Confirm. 

Once information has been redacted, it'll be replaced with generic language. For example, a specific account number will be replaced with "REDACTED-ACCOUNT-NUMBER."