Find answers and general information quickly about the HubSpot Cloud Infrastructure.
- Where is HubSpot's product infrastructure hosted?
- Does HubSpot transfer all customer data to the United States?
- Does the GDPR require personal data to be stored in the EU?
- What does HubSpot do to ensure lawful data transfers from the EU?
- Can I restrict where my HubSpot data is stored to a particular geographic region?
Hubspot’s product infrastructure is hosted on Amazon Web Services (AWS) in the United States East region. HubSpot leverages the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany region) to support the processing of local customer data that is critical to our customers' businesses. This includes leads, email events, and analytics. By hosting these services in both AWS in the US and GCP in Germany, HubSpot has increased the performance and reliability of those services by locating them closer to end users in the EU.
Yes. Customer data is processed and secured in the EU before being transmitted and stored in the US. The cloud infrastructure hosted on GCP provides additional redundancy for all HubSpot customers for critical components of our system. A number of HubSpot services are routed through the GCP EU data center before being securely transferred to the US and securely stored in AWS.
No. There is no obligation under the GDPR for data to be stored in the EU and the rules regarding transfer of personal data outside the EU remain largely unchanged. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.
The EU-U.S. Privacy Shield continues to be one valid way to ensure adequate safeguards are in place for personal data transfer from the EU to the U.S. The EU model clauses also remain a valid mechanism to lawfully transfer personal data.
HubSpot offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers. We are also Privacy Shield certified.
No. The core HubSpot products are currently hosted in U.S.-based data centers. Public content is globally distributed through HubSpot's content delivery network in order to ensure a positive user experience and address potential distributed denial of service attacks and similar threats. It is not possible to modify this architecture on a per-account basis.
HubSpot has a robust privacy program that is designed to align with many regions’ data hosting needs. HubSpot's service is Privacy Shield certified and HubSpot offers a Data Processing Agreement for EU-based customers. These guarantees are structured to assure the appropriate groups that HubSpot’s data-handling processes meet rigorous policy requirements.