Access control
Role-based access, least-privilege practices, and periodic access reviews help limit sensitive system access.
Security
Use this starter security page to explain your approach to access control, infrastructure, monitoring, vulnerability management, and incident response.
Trusted by teams building faster campaigns in HubSpot.
Security overview
Highlight the controls and operating practices that matter most during evaluation, procurement, and customer onboarding.
Role-based access, least-privilege practices, and periodic access reviews help limit sensitive system access.
Customer data should be protected using appropriate encryption, secure transfer methods, and careful data handling practices.
Security logging, monitoring, and alerting help teams investigate unusual behavior and respond to risks.
Trust details
Last updated: June 22, 2026
Template note: This page should describe your actual security program. Replace sample language with your controls, vendors, certifications, subprocessors, and contact process before publishing.
We maintain administrative, technical, and organizational safeguards designed to protect customer information and support reliable service delivery. Our program is reviewed as the business, product, and risk environment changes.
Production systems should be hosted with reputable infrastructure and platform providers that maintain physical, network, and operational security controls. Replace this section with your actual hosting model and relevant provider details.
Access to production systems and sensitive data should be limited to authorized personnel with a business need. We recommend role-based access, least-privilege permissions, multi-factor authentication where available, and access reviews.
Customer data should be protected in transit using secure protocols and protected at rest where supported by the underlying systems. Sensitive data should be collected only when needed and retained only as long as appropriate.
Security should be considered throughout development and release workflows. Common practices include code review, dependency updates, input validation, secure configuration, environment separation, and testing before release.
Systems should maintain logs and monitoring to help identify availability issues, suspicious activity, and operational risks. Access to logs should be limited to authorized team members.
We recommend a documented process for identifying, prioritizing, and remediating vulnerabilities in applications, dependencies, and infrastructure. Security reports should be reviewed promptly and tracked through resolution.
A security incident response process should define how issues are assessed, escalated, contained, investigated, communicated, and remediated. Customer notification should follow contractual and legal obligations.
Teams should maintain reasonable backup, recovery, and continuity practices based on customer needs and service criticality. Replace this section with your recovery objectives and operational commitments if applicable.
Customers also play an important role in security. Recommended practices include using strong passwords, enabling multi-factor authentication, limiting user access, reviewing integrations, and promptly removing access for users who no longer need it.
To report a security concern, contact [security@example.com]. Please include enough detail to help us understand and reproduce the issue, and avoid accessing or sharing data that does not belong to you.
Security questions?
Use this section to route procurement, legal, and security-review questions to the right team or trust contact.
No pressure. See how the system fits your next campaign.