Skip to content

Store sensitive data in HubSpot (BETA)

Last updated: May 21, 2024

Available with any of the following subscriptions, except where noted:

Marketing Hub   Enterprise
Sales Hub   Enterprise
Service Hub   Enterprise
Operations Hub   Enterprise
Content Hub   Enterprise



To store sensitive information in your HubSpot account, users with Super admin permissions can turn on the sensitive data setting. Once the setting is turned on, you can create custom properties that store sensitive data, then restrict user access to the properties using field level permissions.

Please note: while in beta, functionality is subject to change. This article will be updated as additional functionality is released.

Before you get started

Before you begin storing sensitive data, review the following information, including requirements, limitations, and recommendations related to sensitive data functionality.

  • You can only store certain types of sensitive data in HubSpot. Refer to the sensitive data terms page to understand which types of sensitive data you can store and where these features are available. You cannot store personal health information protected under HIPAA, credit or debit card numbers, financial account numbers, wire instructions, social security or national identifier information, or personal information of children under child protection laws.
  • Only users with Super admin permissions can turn on sensitive data. Once the sensitive data setting is turned on, it cannot be turned off.
  • Only users with Super admin permissions can create, edit, or delete sensitive data properties.
  • Sensitive data properties are unavailable in certain tools, including personalization tokens, sandboxes, chatbots and playbooks.
  • Since any Super admin can create and view sensitive data, it's recommended to review your list of Super admins and remove admin access for users who don't need it. In your Users & Teams settings, hover over an admin user, then click Actions > Remove super admin.

Turn on sensitive data

Prior to creating sensitive properties, you'll need to turn on sensitive data in your Privacy & Consent settings, and accept the related terms and conditions. Users must have Super Admin permissions to turn on sensitive data.

Please note: once you’ve turned on sensitive data, it’s not possible to turn it off.

  • In your HubSpot account, click the settings settings icon in the top navigation bar.
  • In the left sidebar menu, navigate to Privacy & Consent.
  • Read the terms and conditions, then select the I accept the terms and conditions checkbox.
  • Click Turn on sensitive data settings.

sensitive-data-setting

  • In the dialog box, click Turn on to confirm. Once the setting is turned on, it cannot be turned off.

Create properties to store sensitive data

Super Admins can mark a property as sensitive. By default, data in HubSpot is encrypted in transit and at rest. Marking a property as sensitive adds an additional layer of encryption, application layer encryption, which gives individual accounts and their sensitive data increased protection and isolation. Sensitive data needed for search and reporting are stored in protected environments with highly restricted access. Access to the unencrypted values for sensitive properties is restricted to designated HubSpot applications and user-approved connected private apps. 

  • In your HubSpot account, click the settings settings icon in the top navigation bar.
  • In the left sidebar menu, navigate to Properties.
  • Click Create property.
  • Enter the property’s basic information, then click Next.
  • Select the Yes, this property will store sensitive data checkbox.
  • Select which users should have access to view and edit the property's values, either Everyone or Super admins only. If you’ve selected Everyone, it’s recommended to restrict the property’s view and edit access after the property is saved.

sensitive-data-property

  • Click Next.
  • Finish setting up your property, then click Create. Once a property is created as sensitive, its sensitive data setting cannot be changed.

Please note: score and calculation properties cannot store sensitive data, and you cannot require unique values for sensitive data properties.

Once you’ve created a property to store sensitive data:

  • Super Admins can set up field level permissions to restrict view and edit access for the property to specific users and teams. This is highly recommended to ensure sensitive data can only be seen or modified by select users.
  • Super Admins can edit or delete the sensitive data property.
  • Users with access to the property can update the property’s values manually or via import and workflows. If you’re using a sensitive data property in workflows, it's recommended to limit access to the workflows tool because workflows don't currently enforce field-level permissions.
  • Users with access to the property can use the property in HubSpot tools, including CRM records, views, lists, workflow triggers and actions, reports, search, and mobile. Sensitive data will be unavailable in all other HubSpot tools.
  • Super admins can sync sensitive properties to objects that are available for one-way and two-way syncing with third-party integrations built by HubSpot such as Zapier, Salesforce, Zoho CRM, and more. Per the sensitive data terms, if you choose to integrate with or otherwise use third party products in connection with the Subscription Service, you acknowledge that Customer Data hosted or processed by such Third-Party Products would be hosted in accordance with policies maintained by those third-parties.

Please note: if downgrading from an Enterprise subscription with sensitive data turned on:

  • Super Admins can delete existing sensitive data properties, but cannot create new sensitive data properties or edit the details of existing sensitive data properties.
  • Super Admins will still be able to view and edit a sensitive data property’s values. Non-admin users that previously had access to the values will no longer be able to view or edit them.

Using HubSpot AI tools when storing sensitive data

HubSpot’s AI tools can help you automate tasks, gather data insights, draft content, and more across the HubSpot customer platform. Only users with Super Admin permissions can turn on certain AI tools, such as AI Assistants.

If you turn on sensitive data, your data will not be used to train HubSpot AI models.

Please note: Please avoid sharing any sensitive information in your prompts. To improve the product, HubSpot logs and stores your prompts, generated language, and usage metrics when you use AI tools. HubSpot shares your prompts with OpenAI in order to enable your use of this tool and OpenAI will store your prompts for content moderation purposes. Your prompts will be attributable to you. Your use of HubSpot’s beta AI tools will be governed by our Beta Terms and AI tools incorporated within our Subscription Services will be governed by our Product Specific Terms.

Most of HubSpot's AI tools only process sensitive data if you input sensitive data into a prompt, however, certain AI tools may process incidental sensitive data to generate results, such as:

For more information about HubSpot's AI tools, refer to the AI model cards. Avoid using AI tools if you don't want the AI tools to process your sensitive data.

Additional resources

For more information about HubSpot’s security program, refer to the HubSpot Trust Center.

Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.