Skip to content

Understand how Sensitive Data is used in HubSpot tools

Last updated: February 4, 2025

Available with any of the following subscriptions, except where noted:

Marketing Hub   Enterprise
Sales Hub   Enterprise
Service Hub   Enterprise
Operations Hub   Enterprise
Content Hub   Enterprise

Once you turn on Sensitive Data in your HubSpot account, certain tools have unique considerations or behavior when using Sensitive Data. In this article, learn more about where Sensitive Data can be used and how to properly manage it within each tool.

For more information about Sensitive Data, refer to the Sensitive Data terms page. To learn how to turn on Sensitive Data and create Sensitive Data properties, refer to this article.

Please note: Sensitive Data is not supported in some tools, including chatbots, personalization tokens, playbooks, and sandboxes. Highly Sensitive Data is further restricted and can only be used in certain scenarios.

Highly Sensitive Data in HubSpot tools

All the following sections apply to Sensitive Data, but only some of the listed tools are supported for Highly Sensitive Data. Highly Sensitive Data can only be used in the following scenarios:

Sensitive Data properties

Once you’ve created a property to store Sensitive Data:

  • Super Admins can set up field level permissions to restrict view and edit access for the property to specific users and teams. This is highly recommended to ensure Sensitive Data can only be seen or modified by select users.
  • Super Admins can view user actions related to Sensitive Data property values in the audit log.
  • Super Admins can edit or delete the Sensitive Data property.

Please note: if downgrading from an Enterprise subscription with Sensitive Data turned on:

  • Super Admins can delete existing Sensitive Data properties, but cannot create new Sensitive Data properties or edit the details of existing Sensitive Data properties.
  • Super Admins will still be able to view and edit a Sensitive Data property’s values. Non-admin users that previously had access to the values will no longer be able to view or edit them.

Sensitive Data property values

Users with access to a Sensitive Data property can update the property’s values manually or via import and workflows. If your account allows HubSpot employees access to troubleshoot support issues, HubSpot employees will not have access to view Sensitive Data property values.

For Highly Sensitive Data properties, users with access to the property’s values must click to decrypt to view or edit the value. For example:

Attachments

With the ability to store Sensitive Data and Highly Sensitive Data, you can store files containing sensitive information in tools across HubSpot. Once you turn on the Sensitive Data setting, attachments uploaded in the below ways will be protected by an additional layer of encryption in HubSpot’s database storage. This will also remove the option to share files externally without authentication, and will disallow HubSpot employees from accessing the attachments.

When added via the following methods, files will be protected:

You can control user access to attachments through permissions for each tool. For example, you can restrict access to contacts for specific users who shouldn’t have access to contact files.

Please note: files will not be protected in the following scenarios:

  • Only files uploaded after Sensitive Data is turned on will have the additional protection. Existing files will use the standard level of security even if they were uploaded in the above ways.
  • Files uploaded to and hosted on the files tool will not have additional protection, so files containing Sensitive Data should not be stored in the files tool. In other HubSpot tools, if a user attaches a file stored in the files tool (i.e. via the Choose existing option on upload), those files will use the standard level of security.
  • HubSpot won’t restrict access to CRM attachments if you share the URL with another authenticated user in your account. Avoid sharing attachment URLs with users who shouldn't be able to view the files.

Breeze AI Tools

Breeze, HubSpot’s AI, can help you automate tasks, gather data insights, draft content, and more across the HubSpot customer platform. Only users with Super Admin permissions can turn on certain AI tools, such as AI Assistants.

If you turn on Sensitive Data, the Sensitive Data properties that you create will not be used to train HubSpot’s AI models. However, other Customer Data within your account may be used to train HubSpot’s AI models. You may opt-out of having your Customer Data used for machine learning by emailing privacy@hubspot.com. For more information, please review HubSpot’s Terms of Service and HubSpot’s Privacy Policy.

Please note: avoid sharing any sensitive information in your prompts. To improve the product, HubSpot logs and stores your prompts, generated language, and usage metrics when you use AI Products. HubSpot shares your prompts with AI Service Providers in order to enable your use of AI Products and AI Service Providers will store your prompts for content moderation purposes. Your prompts will be attributable to you. Your use of HubSpot’s beta AI Products will be governed by our Beta Terms and AI Products incorporated within our Subscription Services will be governed by our Product Specific Terms.

HubSpot’s AI Products are not part of the Sensitive Data features. Certain AI Products may process Sensitive Data which you may not have intended to include when generating results based on the prompt entered. These tools include:

For example, if you discuss Sensitive Data during a conversation, you should not use the Conversations Summaries tool. While you may not have intended to input Sensitive Data in your prompt, the Conversation Summaries tool would process all content in the conversation. 

For more information about HubSpot's AI tools, refer to the AI model cards. Avoid using AI tools if you don't want the AI tools to process your Sensitive Data.

Data centers

You can store sensitive information in any Data Center that you use. However, once you turn on the Sensitive Data setting, you won’t be able to migrate to a different Data Center at this time.

Data sync

You can sync Sensitive Data through field mappings with data sync apps. When syncing data:

  • The sync can be bi-directional. Because it isn’t always known if a third party app’s fields are sensitive, there are some cases where non-sensitive fields can be synced to and from a HubSpot Sensitive Data property. If it’s known that a third party app’s field is sensitive, it cannot be synced to a non-sensitive HubSpot property.
  • Sensitive Data and Highly Sensitive Data properties are considered the same for data sync apps.

Forms 

With the ability to store Sensitive Data in HubSpot, you can use HubSpot forms and non-HubSpot forms to collect sensitive information from your visitors confidently. Sensitive Data collected via forms will be encrypted and synced into the CRM securely. Any files uploaded via form submissions associated with a Sensitive Data property will also be considered sensitive.

Only users with the appropriate permissions to view Sensitive Data will be able to view form submission values and files marked as sensitive. All form submission notifications will also adhere to the Sensitive Data user permission requirements.

Integrations

Developers can use the API documentation to build integrations that sync Sensitive Data. Per the Sensitive Data terms, if you choose to integrate with or otherwise use third party products in connection with the Subscription Service, you acknowledge that Customer Data hosted or processed by such Third-Party Products would be hosted in accordance with policies maintained by those third-parties.

If you’re storing HIPAA-protected Sensitive Data, the Snowflake Data Share integration is only supported for the following regions: AWS US_EAST_1 and AWS EU_CENTRAL_1.

Notifications

Once Sensitive Data is turned on in your account, certain notifications will not include previews (e.g., a preview of a note body) to avoid displaying Sensitive Data. This will currently occur for the following notifications: you're @-mentioned on a record or in a comment, you're assigned or receive a reminder for a task, there's activity on a record you follow, or there's a comment on an activity you're involved in.

Workflows

If you’re using a Sensitive Data property in workflows, it's recommended to limit access to the workflows tool because workflows don't currently enforce field-level permissions.

The following are not currently supported in workflows:

  • Association actions that use or reference Sensitive Data properties
  • Personalization tokens that use or reference Sensitive Data properties 
  • Enrollment triggers based on changes to Sensitive Data property values

Additional resources

  • For more information about HubSpot’s security program, refer to the HubSpot Trust Center.
  • To learn how to manage Sensitive Data settings and create Sensitive Data properties, refer to this article.
  • To learn how to manage Sensitive Data via API, refer to the developer documentation.
Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.