Skip to content

Understand how Sensitive Data is used in HubSpot tools

Last updated: September 3, 2025

Available with any of the following subscriptions, except where noted:

Once you turn on Sensitive Data in your HubSpot account, certain tools have unique considerations or behavior when using Sensitive Data. In this article, learn more about where Sensitive Data can be used and how to properly manage it within each tool.

For more information about Sensitive Data, refer to the Sensitive Data terms page. To learn how to turn on Sensitive Data and create Sensitive Data properties, refer to this article.

Please note: Sensitive Data is not supported in some tools, including chatbots, personalization tokens, playbooks, and sandboxes. Highly Sensitive Data is further restricted and can only be used in certain scenarios.

Highly Sensitive Data in HubSpot tools

All the following sections apply to Sensitive Data, but only some of the listed tools are supported for Highly Sensitive Data. Highly Sensitive Data can only be used in the following scenarios:

Sensitive Data properties

Once you’ve created a property to store Sensitive Data:

  • Super Admins can set up field level permissions to restrict view and edit access for the property to specific users and teams. This is highly recommended to ensure Sensitive Data can only be seen or modified by select users.
  • Super Admins can view user actions related to Sensitive Data property values in the audit log.
  • Super Admins can edit or delete the Sensitive Data property.

Please note: if downgrading from an Enterprise subscription with Sensitive Data turned on:

  • Super Admins can delete existing Sensitive Data properties, but cannot create new Sensitive Data properties or edit the details of existing Sensitive Data properties.
  • Super Admins will still be able to view and edit a Sensitive Data property’s values. Non-admin users that previously had access to the values will no longer be able to view or edit them.

Sensitive Data property values

Users with access to a Sensitive Data property can update the property’s values manually or via import and workflows. If your account allows HubSpot employees access to troubleshoot support issues, HubSpot employees will not have access to view Sensitive Data property values.

For Highly Sensitive Data properties, users with access to the property’s values must click to decrypt to view or edit the value. For example:

click-to-decrypt-value

Attachments

With the ability to store Sensitive Data and Highly Sensitive Data, you can store files containing sensitive information in tools across HubSpot. Once you turn on the Sensitive Data setting, attachments uploaded in the below ways will be protected by an additional layer of encryption in HubSpot’s database storage. This will also remove the option to share files externally without authentication, and will disallow HubSpot employees from accessing the attachments.

When added via the following methods, files will be protected:

You can control user access to attachments through permissions for each tool. For example, you can restrict access to contacts for specific users who shouldn’t have access to contact files.

Please note: files will not be protected in the following scenarios:

  • Only files uploaded after Sensitive Data is turned on will have the additional protection. Existing files will use the standard level of security even if they were uploaded in the above ways.
  • Files uploaded to and hosted on the files tool will not have additional protection, so files containing Sensitive Data should not be stored in the files tool. In other HubSpot tools, if a user attaches a file stored in the files tool (i.e. via the Choose existing option on upload), those files will use the standard level of security.
  • HubSpot won’t restrict access to CRM attachments if you share the URL with another authenticated user in your account. Avoid sharing attachment URLs with users who shouldn't be able to view the files.

Breeze tools

Breeze, HubSpot’s AI, can help you automate tasks, gather data insights, draft content, and more across the HubSpot customer platform. Only users with Super Admin permissions can turn on certain Breeze tools, such as Breeze Assistant.

Breeze Assistant products are compatible with accounts with Sensitive Data turned on. However, some restrictions are in place, which prevent custom property values for Sensitive Data properties from being used to prevent Sensitive Data exposure.

If you turn on Sensitive Data, the Sensitive Data properties that you create will not be used to train Breeze models. However, other Customer Data within your account may be used to train Breeze models. You may opt-out of having your Customer Data used for machine learning by emailing privacy@hubspot.com. For more information, please review HubSpot’s Terms of Service and HubSpot’s Privacy Policy.

Please note: Please avoid sharing any sensitive information in your configured data inputs for Breeze features, including your prompts. Super Admins can configure generative Breeze features in account management settings. For information on how Breeze uses your data to provide trustworthy AI, with you in control of your data, you can refer to our Breeze Trust FAQs.

For more information about Breeze, refer to the Breeze model cards. Avoid using Breeze if you don't want Breeze to process your Sensitive Data.

Data centers

You can store sensitive information in any Data Center that you use.

If you have not indicated the storage of HIPAA data, you're eligible to migrate from a North America data center to the European Union data center. If you've indicated the storage of HIPAA data, you cannot migrate to another data center.

Data sync

You can sync Sensitive Data through field mappings with data sync apps. When syncing data:

  • The sync can be bi-directional. Because it isn’t always known if a third party app’s fields are sensitive, there are some cases where non-sensitive fields can be synced to and from a HubSpot Sensitive Data property. If it’s known that a third party app’s field is sensitive, it cannot be synced to a non-sensitive HubSpot property.
  • Sensitive Data and Highly Sensitive Data properties are considered the same for data sync apps.

Forms 

With the ability to store Sensitive Data in HubSpot, you can use HubSpot forms and non-HubSpot forms to collect sensitive information from your visitors confidently. Sensitive Data collected via forms will be encrypted and synced into the CRM securely. Any files uploaded via form submissions associated with a Sensitive Data property will also be considered sensitive.

Only users with the appropriate permissions to view Sensitive Data will be able to view form submission values and files marked as sensitive. All form submission notifications will also adhere to the Sensitive Data user permission requirements.

Integrations

Developers can use the API documentation to build integrations that sync Sensitive Data. Per the Sensitive Data terms, if you choose to integrate with or otherwise use third party products in connection with the Subscription Service, you acknowledge that Customer Data hosted or processed by such Third-Party Products would be hosted in accordance with policies maintained by those third-parties.

If you’re storing HIPAA-protected Sensitive Data, the Snowflake Data Share integration is only supported for the following regions: AWS US_EAST_1 and AWS EU_CENTRAL_1.

Multi-account management (BETA)

Accounts using Sensitive Data can’t be a source account for the data mirroring feature in multi-account management. This limitation prevents Sensitive Data from being unintentionally shared to a different account.

Turning on Sensitive Data will prevent your account from being selected as a source account for data mirroring. If your account is already a source account for data mirroring, turning on Sensitive Data will automatically turn off data mirroring for the account.

Notifications

Once Sensitive Data is turned on in your account, certain notifications will not include previews by default (e.g., a preview of a note body) to avoid displaying Sensitive Data. This will currently occur for the following notifications: you're @-mentioned on a record or in a comment, you're assigned or receive a reminder for a task, there's activity on a record you follow, or there's a comment on an activity you're involved in.

For email notifications, previews are hidden by default, but you can choose to allow them:

  1. In your HubSpot account, click the settings settings icon in the top navigation bar.
  2. In the left sidebar menu, navigate to Privacy & Consent.
  3. In the left menu, click Privacy tools.
  4. Click Edit sensitive data settings.
  5. To allow notification previews, toggle the Display full content in notification emails switch on.

screenshot displays a "display full content in notification emails" toggle. It is currently off.

  1. If you've turned on previews in the past, to hide notification previews, toggle the Display full content in notification emails switch off.
  2. Click Done.

Workflows

If you’re using a Sensitive Data property in workflows, it's recommended to limit access to the workflows tool.

You can use Sensitive Data properties with When a filter criteria is met enrollment triggers, and AND/OR workflow branches. The following are not currently supported in workflows:

  • Copy property actions that reference Sensitive Data properties
  • Personalization tokens that use or reference Sensitive Data properties 
  • When an Event occurs enrollment triggers based on changes to Sensitive Data property values.

Additional resources

  • For more information about HubSpot’s security program, refer to the HubSpot Trust Center.
  • To learn how to manage Sensitive Data settings and create Sensitive Data properties, refer to this article.
  • To learn how to manage Sensitive Data via API, refer to the developer documentation.
Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.
Table of contents Menu

Related content

New to HubSpot? Use these guides to get started.