“Where go-to-market teams go to grow”
HubSpot is an integrated customer platform with Smart CRM, Marketing Hub, Sales Hub, Service Hub, Content Hub, Data Hub, Commerce Hub, as well as Breeze as an embedded AI layer.
The platform combines customer, sales, marketing, service, and content processes in one system. AI features support, among other things, content creation, prospecting, data preparation, support automation, and analytics.
HubSpot
Where go-to-market teams go to grow
Location: USA ⓘ 25 First Street, 2nd Floor, Cambridge, MA 02141, USA l
Professional Hubs Advanced automation, reporting, campaign, sales, service, or content features by hub.
Enterprise Hubs Advanced scaling, governance, security, reporting, permissions, and enterprise features. Other HubSpot Hubs Marketing Hub, Sales Hub, Service Hub, Content Hub, Data Hub, Commerce Hub; scope of features varies by hub and tier.
Add-ons / Breeze AI Additional seats, limits, AI/Breeze features, integrations, and enterprise options depending on the contract.
Target audience
HubSpot is aimed at go-to-market teams: marketing, sales, customer service, revenue operations, content teams, as well as management. The Free and Starter offerings address solos, freelancers, startups, and small businesses; Professional and Enterprise target growing organizations and larger companies with more complex requirements for governance, reporting, attribution, support, and data management.
Outstanding features
What stands out in particular is the combination of Smart CRM as the data foundation and Breeze as the embedded AI layer. HubSpot combines operational tools for marketing, sales, service, content, data management, and commerce on one platform and complements them with AI assistants, agents, content features, prospecting, data analysis, and support automation. Newer differentiators include AEO (Beta) for visibility in AI answer engines, the MCP client for agentic connections to external systems, and the published AI Model Cards.
Main use cases
Typical use cases include lead generation, marketing automation, email marketing, sales pipeline management, quote and invoicing processes, customer service/ticketing, knowledge base and self-service, website and landing page creation, content production, data synchronization, data cleansing, as well as reporting. Thanks to its commerce and data functions, HubSpot now extends well beyond classic CRM and also covers quote-to-cash as well as RevOps/Data Ops scenarios.
Usage & notes
Operationally, HubSpot is relatively easy to get started with, but it quickly becomes more complex as the range of functions grows. Important practical points are the pricing logic with seats, contacts, credits, and onboarding fees, as well as the data protection configuration: anyone working in a GDPR-sensitive context should actively review EU data hosting, DPA/SCCs, subprocessor review, and the AI model training setting. HubSpot offers additional features for sensitive data, although restrictions apply depending on the tool.
| Target audience | Assessment |
|---|---|
| Self-employed / small businesses | Very suitable – for CRM, marketing, sales, email, landing pages, and simple automation. |
| SMEs | Very suitable – HubSpot is strong for marketing, sales, service, and content processes. |
| Large enterprises | Suitable to very suitable – Enterprise plans offer more governance, reporting, security, and scalability. |
| Marketing, sales, and service teams | Very suitable – Breeze AI supports content, customer communication, prospects, and knowledge work. |
| Developer teams | Conditionally suitable – APIs and integrations are available, but HubSpot is primarily a CRM/customer platform. However, it is suitable for web developers and workflow automations. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not specify any on-premises, local, or self-hosted deployment options. Instead, HubSpot describes hosted product infrastructure provided by third-party cloud infrastructure providers.
Private Cloud / Data Center: Partially
Regional hosting options are available, and data is hosted within the EU—specifically in Germany. However, the website does not specify a dedicated private cloud or single-tenant environment for customers; rather, it describes a multi-tenant infrastructure.
EU SaaS / Managed: Covered
The website describes HubSpot as a managed cloud service with regional data centers in the EU and the option to migrate paid accounts to a preferred region. Germany is listed as the location for EU hosting.
Hybrid: unclear
The website does not explicitly describe a hybrid operating model in which part of the service runs locally or in a private customer environment and another part runs as an external service.
AVV / DPA: Covered
A published Data Processing Agreement is available. It describes the processing of personal data, subprocessors, security measures, and international transfer mechanisms, including SCCs.
No training: partially
For third-party AI providers, the website states that they may only process customer data to provide the requested functionality and are not permitted to train their models with it. According to the website, there is an opt-out option for HubSpot’s own use of machine learning; when this setting is disabled, customer data is no longer used to train HubSpot’s own models. This provides a protection mechanism, but it is not enabled by default and does not apply without exception to everything.
Open-Source / Transparency Path: Partial
An open-source or self-hostable option is not specified on the website. However, there are certain transparency elements, such as documented subprocessors, model cards, and Trust Center documentation. Open models or openly documented open-source components are not listed on the website.
Data Processing
The website describes a SaaS model with regional hosting. HubSpot hosts the product infrastructure on AWS; for the EU, Germany is listed as the data center location. According to the hosting FAQ, customer data is processed and stored in the selected hosting region; at the same time, the documentation mentions limited instances of processing outside the hosting location as well as international data transfer mechanisms. The subprocessors page lists infrastructure, functional, and AI subprocessors with their respective processing locations for data hosted in the EU.
Conclusion
For an EU/EEA tool directory, HubSpot is solidly documented from a hosting and data protection perspective, but not entirely self-sufficient. Positive aspects include EU hosting, a DPA, subprocessor transparency, regional data residency, and the training opt-out. Limiting factors include its U.S. origin, documented international transfers, the use of external AI providers, and the lack of on-premises/self-hosting. Overall, its use in the EU/EEA should be classified as conditionally GDPR-compliant rather than unconditionally so.
Sources
- https://legal.hubspot.com/dpa
- https://www.hubspot.com/security-and-compliance
- https://legal.hubspot.com/sub-processors-page
- https://www.hubspot.com/products/artificial-intelligence/ai-trust
- https://knowledge.hubspot.com/account-management/hubspot-machine-learning-data
- https://knowledge.hubspot.com/account-security/hubspot-cloud-infrastructure-and-data-hosting-frequently-asked-questions?hsSkipCache=true
- https://legal.hubspot.com/privacy-policy?2nD3xQvTy6=WkXWZUeGwyhmEqX
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not specify any on-premises, local, or self-hosted deployment options. Instead, HubSpot describes hosted product infrastructure provided by third-party cloud infrastructure providers.
Private Cloud / Data Center: Partially
Regional hosting options are available, and data is hosted within the EU—specifically in Germany. However, the website does not specify a dedicated private cloud or single-tenant environment for customers; rather, it describes a multi-tenant infrastructure.
EU SaaS / Managed: Covered
The website describes HubSpot as a managed cloud service with regional data centers in the EU and the option to migrate paid accounts to a preferred region. Germany is listed as the location for EU hosting.
Hybrid: unclear
The website does not explicitly describe a hybrid operating model in which part of the service runs locally or in a private customer environment and another part runs as an external service.
AVV / DPA: Covered
A published Data Processing Agreement is available. It describes the processing of personal data, subprocessors, security measures, and international transfer mechanisms, including SCCs.
No training: partially
For third-party AI providers, the website states that they may only process customer data to provide the requested functionality and are not permitted to train their models with it. According to the website, there is an opt-out option for HubSpot’s own use of machine learning; when this setting is disabled, customer data is no longer used to train HubSpot’s own models. This provides a protection mechanism, but it is not enabled by default and does not apply without exception to everything.
Open-Source / Transparency Path: Partial
An open-source or self-hostable option is not specified on the website. However, there are certain transparency elements, such as documented subprocessors, model cards, and Trust Center documentation. Open models or openly documented open-source components are not listed on the website.
Data Processing
The website describes a SaaS model with regional hosting. HubSpot hosts the product infrastructure on AWS; for the EU, Germany is listed as the data center location. According to the hosting FAQ, customer data is processed and stored in the selected hosting region; at the same time, the documentation mentions limited instances of processing outside the hosting location as well as international data transfer mechanisms. The subprocessors page lists infrastructure, functional, and AI subprocessors with their respective processing locations for data hosted in the EU.
Conclusion
For an EU/EEA tool directory, HubSpot is solidly documented from a hosting and data protection perspective, but not entirely self-sufficient. Positive aspects include EU hosting, a DPA, subprocessor transparency, regional data residency, and the training opt-out. Limiting factors include its U.S. origin, documented international transfers, the use of external AI providers, and the lack of on-premises/self-hosting. Overall, its use in the EU/EEA should be classified as conditionally GDPR-compliant rather than unconditionally so.
Sources
- https://legal.hubspot.com/dpa
- https://www.hubspot.com/security-and-compliance
- https://legal.hubspot.com/sub-processors-page
- https://www.hubspot.com/products/artificial-intelligence/ai-trust
- https://knowledge.hubspot.com/account-management/hubspot-machine-learning-data
- https://knowledge.hubspot.com/account-security/hubspot-cloud-infrastructure-and-data-hosting-frequently-asked-questions?hsSkipCache=true
- https://legal.hubspot.com/privacy-policy?2nD3xQvTy6=WkXWZUeGwyhmEqX
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Very broad all-in-one platform instead of isolated individual tools | • Pricing model is complex: Hubs, seats, marketing contacts, onboarding, add-ons, and HubSpot Credits can significantly increase total costs |
| • Solid free entry point | • Many powerful features are only available in Professional/Enterprise |
| • Many native modules for CRM, marketing, sales, service, content, data, and commerce | • Free-only accounts are hosted in the US data center |
| • AI deeply integrated into workflows instead of just as a chat window | • AI model training for HubSpot's own models is enabled by default unless deactivated |
| • Public DPA/SCCs, subprocessor list, EU data center available | • No on-prem offering apparent |
| • Large integration ecosystem/marketplace |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
For users in the EU/EEA, GDPR-compliant use is generally documented, but not unconditionally. Positive aspects include a published Terms of Service/Data Protection Agreement (DPA) with GDPR provisions, EU hosting in Germany, regional data residency with the option to migrate for paid accounts, and documented subprocessors. At the same time, HubSpot remains a U.S. provider, and the website also describes international data transfers as well as specific AI and functional subprocessors that process data in the U.S. Consequently, from an EU/EEA perspective, compliance is more conditional than fully straightforward.
Positive
The website includes a GDPR-compliant Data Processing Agreement, information on regional data centers in the EU, a list of subprocessors, details on SCCs and the Data Privacy Framework, an opt-out option for HubSpot’s proprietary machine learning training, and security and compliance information—including SOC 2 documentation—in the Trust Center.
Negative
The website also mentions processing and subprocessors outside the EU or in connection with global transfers. For HubSpot AI, the subprocessors page lists, among others, AI service providers based in the U.S. Furthermore, the website does not specify any on-premises or self-hosting options. According to the hosting FAQ, HubSpot itself is not currently ISO 27001-certified; the certification of the infrastructure provider AWS is mentioned in this regard.
Server Location
According to the website, the product infrastructure is operated on AWS in the U.S., Canada, Australia, and the European Union; Germany is specified for the EU. HubSpot accounts are hosted in one of these regional data centers, and customer data is processed and stored there. According to the website, paid accounts can be migrated to a preferred region.