Skip to content

Security

Security practices that help protect customer trust

Use this starter security page to explain your approach to access control, infrastructure, monitoring, vulnerability management, and incident response.

Trusted by teams building faster campaigns in HubSpot.

Security overview

Give buyers a clear view of how trust is handled

Highlight the controls and operating practices that matter most during evaluation, procurement, and customer onboarding.

Access control

Role-based access, least-privilege practices, and periodic access reviews help limit sensitive system access.

Data protection

Customer data should be protected using appropriate encryption, secure transfer methods, and careful data handling practices.

Monitoring

Security logging, monitoring, and alerting help teams investigate unusual behavior and respond to risks.

Trust details

Security and trust practices

Last updated: June 22, 2026

Template note: This page should describe your actual security program. Replace sample language with your controls, vendors, certifications, subprocessors, and contact process before publishing.

1. Security program

We maintain administrative, technical, and organizational safeguards designed to protect customer information and support reliable service delivery. Our program is reviewed as the business, product, and risk environment changes.

2. Infrastructure and hosting

Production systems should be hosted with reputable infrastructure and platform providers that maintain physical, network, and operational security controls. Replace this section with your actual hosting model and relevant provider details.

3. Access management

Access to production systems and sensitive data should be limited to authorized personnel with a business need. We recommend role-based access, least-privilege permissions, multi-factor authentication where available, and access reviews.

4. Data protection

Customer data should be protected in transit using secure protocols and protected at rest where supported by the underlying systems. Sensitive data should be collected only when needed and retained only as long as appropriate.

5. Application security

Security should be considered throughout development and release workflows. Common practices include code review, dependency updates, input validation, secure configuration, environment separation, and testing before release.

6. Monitoring and logging

Systems should maintain logs and monitoring to help identify availability issues, suspicious activity, and operational risks. Access to logs should be limited to authorized team members.

7. Vulnerability management

We recommend a documented process for identifying, prioritizing, and remediating vulnerabilities in applications, dependencies, and infrastructure. Security reports should be reviewed promptly and tracked through resolution.

8. Incident response

A security incident response process should define how issues are assessed, escalated, contained, investigated, communicated, and remediated. Customer notification should follow contractual and legal obligations.

9. Business continuity

Teams should maintain reasonable backup, recovery, and continuity practices based on customer needs and service criticality. Replace this section with your recovery objectives and operational commitments if applicable.

10. Customer responsibilities

Customers also play an important role in security. Recommended practices include using strong passwords, enabling multi-factor authentication, limiting user access, reviewing integrations, and promptly removing access for users who no longer need it.

11. Reporting a concern

To report a security concern, contact [security@example.com]. Please include enough detail to help us understand and reproduce the issue, and avoid accessing or sharing data that does not belong to you.

Security questions?

Make trust conversations easier for serious buyers

Use this section to route procurement, legal, and security-review questions to the right team or trust contact.

No pressure. See how the system fits your next campaign.