Logo - Full (Color)

Your Information is Safe and Available

Data Protection meets high-scale systems

Our products and services are transforming the customer service, sales and marketing industries with the Inbound revolution, but the backbone of our success is providing a safe and trustworthy place for your data

  • In-transit Encryption

    Sessions between you and your portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.

    TLS for HubSpot-hosted sites

    TLS is enabled by default on HubSpot-hosted websites. You can also select the versions of TLS that are available to your site’s visitors.  Please see our Connect your domain and SSL and domain security pages for more detail.

    Web Application and network firewalls

    HubSpot monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the HubSpot platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.

    Software development lifecycle (SDLC) Security

    HubSpot implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

  • Physical security

    HubSpot products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

  • Patch management

    HubSpot’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

    Security incident response

    HubSpot's security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

  • Vulnerability assessment

    HubSpot tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.

    Penetration testing

    HubSpot leverages 3rd party penetration testing firms several times a year to test the HubSpot products and product infrastructure.

    Bug bounty program

    In addition to our internal processes, HubSpot crowd-sources vulnerability assessment with our bug bounty program. Rewards are available for helping us spot potential flaws. Are you interested? Check out our bounty program.

    External audit & certification

    HubSpot maintains its TRUSTe certification for Enterprise Privacy. Our infrastructure providers maintain ISO 27001, SOC2 Type II, and many other certifications (AWS) (GCP). As a publicly traded company, HubSpot’s key IT controls are audited on a recurring basis as part of its Sarbanes Oxley compliance; public information about HubSpot’s SOX compliance is available as part of our SEC filings.

Have questions about HubSpot’s Reliability & Availability?

Check out HubSpot’s reliability page.

Looking for more information about HubSpot protections?

Download the Security and Risk Management Overview
 
Download complete Security Control Matrix