SaaSDossier

No. 002 · Licensed Edition

HubSpot — Security Evidence Dossier

Question
What security evidence does HubSpot publish?
Answer
HubSpot publishes a public Trust Center covering its security program: SOC 2 Type II and ISO 27001 documentation, GDPR and data-processing terms, encryption in transit and at rest, single sign-on and granular permissions, a subprocessor list, and incident-response commitments. Of 55 fields, 49 are Documented and 6 are Questions surfaced for buyer follow-up.
49 Documented6 Questions surfacedof 55
Cover of the HubSpot Security Evidence Dossier — Licensed Edition, Dossier No. 002
Edition
Licensed Edition
Reference
Dossier No. 002
Framework
55 fields · 10 domains
Documented
49 of 55
Questions surfaced
6
Evidence date
22 June 2026
Vendor pages reviewed
11
Price
US$1,500 — Licensed Edition
Reviewer
A. Vale · SD-R01

10 domains reviewed

  • Identity & legal entity
  • Standards & attestations
  • Privacy & compliance
  • Encryption & key management
  • Infrastructure & hosting
  • Access control
  • Vulnerability & incident response
  • Subprocessors & supply chain
  • AI governance
  • Secure development & organization

What's inside

Evidence ledger

All 55 fields across 10 domains, each recorded in one of two states, with the vendor's own words quoted and cited where Documented.

Source register

Every vendor-published page reviewed, listed with its URL, so each line traces back to where it was found.

Integrity record

A SHA-256 record so the released document can be confirmed unchanged.

Vendor question pack

The Questions surfaced, gathered as ready-to-send follow-ups for your procurement or security conversation.

Question surfaced means: Not identified in the vendor-published sources reviewed. This does not establish absence of the control.