HubSpot data privacy settings help your business comply with regulations like GDPR and other data protection laws. This guide shows you how to configure privacy settings in HubSpot to protect customer data and avoid compliance issues.
Proper HubSpot privacy compliance isn't optional—data privacy violations can result in significant fines and legal complications for your business.
What Are HubSpot Data Privacy Settings?
Data privacy settings in HubSpot are centralized controls that automatically enable features designed to support compliance with regulations like GDPR, CCPA, and other data protection laws.
Why privacy settings matter:
- Legal protection from data privacy violations
- Customer trust through transparent data handling
- Automated compliance features across your account
- Reduced risk of regulatory fines
❗ Important: While HubSpot provides privacy tools, your legal team should advise on specific compliance requirements for your situation.
Who Can Configure Privacy Settings
Only users with specific permissions can turn on data privacy settings:
✅ Super Admins have full access
✅ Users with "Edit account defaults" permissions can configure settings
❌ Standard users cannot modify privacy settings
❗ Important: Privacy settings affect your entire account, so coordinate with your team before making changes.
Step 1: Access Privacy & Consent Settings
Navigate to HubSpot privacy settings:
- In your account, click the settings icon ⚙️ in top navigation
- In the left sidebar, select Privacy & Consent
- Locate the Turn on data privacy settings toggle
You'll see an overview of features that will be enabled when you turn on privacy settings.
Step 2: Enable Data Privacy Settings
Activate privacy compliance features:
- Click to toggle Turn on data privacy settings switch ON
- In the dialog box, click Yes, turn on data privacy settings
- Confirm your choice to enable all privacy features
What happens immediately:
- Cookie consent banner activates by default
- New forms include legal basis and consent fields
- Email tracking requires legal basis
- Contact deletion options include permanent delete
Step 3: Configure Email Marketing Legal Basis
For GDPR compliance (recommended for European contacts):
- Toggle Send emails to contacts with legal basis switch ON
- In the dialog box, click Confirm
- This ensures you only email contacts with proper consent
For survey emails:
- In the Define a legal basis to send surveys section
- Click Choose a legal basis
- Select the appropriate legal basis for survey communications
❗ Important: Legal basis is email address-specific. Contacts must consent for each email address where they want to receive communications.
Step 4: Understand Default Privacy Changes
When HubSpot data privacy settings are enabled...
Email subscriptions:
- All subscription types are unchecked by default on contact email subscription pages
- Contacts must actively opt-in to receive emails
Forms and scheduling:
- New forms automatically include legal basis notices and consent checkboxes
- Existing forms require manual addition of privacy fields
- Scheduling pages include consent messaging by default
Sales tools:
- Sales extension shows banners for contacts without legal basis
- Unsubscribe links are enabled by default for sales emails and sequences
- Email tracking only works for contacts with legal basis
Step 5: Manage Contact Legal Basis
Add legal basis for existing contacts:
You can establish legal basis through:
- List imports with legal basis fields
- Bulk contact editing to add consent information
- Manual contact creation with privacy fields completed
- Form submissions that include consent checkboxes
💡 Best practice: Audit existing contacts and establish proper legal basis before sending marketing emails under new privacy settings.
Step 6: Handle Contact Deletion Requests
GDPR-compliant contact deletion:
When deleting contacts, you have two options:
Restorable delete:
- Keeps contacts recoverable for 90 days
- Use for internal cleanup or accidental deletions
Permanent delete:
- Completely removes contact data
- Required for GDPR "right to be forgotten" requests
- Cannot be undone
Note: Permanent delete functionality is available even with privacy settings turned off.
Common Privacy Settings Questions
Frequently asked privacy compliance questions...
❓ Do privacy settings affect existing contacts?
✅ Answer: Email subscription defaults change, but existing legal basis remains unless updated
❓ Can I turn privacy settings off after enabling?
✅ Answer: Yes, but consult legal counsel before disabling compliance features
❓ What about contacts outside Europe?
✅ Answer: Privacy laws vary by region—apply settings based on your customer locations
❓ How do I update existing forms?
✅ Answer: Manually add legal basis notices and consent checkboxes to existing forms
Best Practices for HubSpot Privacy Compliance
Before enabling:
- Audit existing data to understand your contact legal basis
- Review forms and landing pages that need privacy field updates
- Train your team on new consent requirements
After enabling:
- Update existing forms with consent checkboxes
- Clean contact lists to remove those without legal basis
- Monitor compliance through regular data audits
- Document consent sources for legal protection
Ongoing maintenance:
- Regular legal reviews of privacy practices
- Contact list hygiene to maintain compliance
- Team training updates as regulations evolve
Industry-Specific Privacy Considerations
Additional compliance to consider...
- Healthcare/Coaching: HIPAA compliance features may be needed
- Financial Services: Additional data encryption requirements
- E-commerce: Consider customer location for applicable laws
- B2B Software: International data transfer protocols
Why Privacy Settings Matter for Your Business
HubSpot privacy compliance protects your business in multiple ways:
- Legal protection from regulatory fines and lawsuits
- Customer trust through transparent data practices
- Professional credibility in privacy-conscious markets
- Competitive advantage over non-compliant competitors
Next steps: After enabling privacy settings, audit your existing forms, landing pages, and email campaigns to ensure full compliance. Consider consulting with legal counsel about your specific privacy obligations.