HubSpot - Security FAQ

How do you connect to my HubSpot instance?

• Madison Logic authenticates with HubSpot using their recommended OAuth 2.0 service

What APIs do you use?

• To power Journey Acceleration & ABM Signals, ML uses the following APIs

  • Journey Acceleration

    • Contacts API

    • Contact Lists API

    • Companies API

    • Deals API

  • ABM Signals

    • Companies API

What data do you retrieve from HubSpot?

• We query the following objects from HubSpot:

  • Contacts

  • Companies

  • Contact Lists

  • Deals

• We ONLY retrieve the fields & values you select when configuring the HubSpot integration. From these entities, we save the following information:

  • Contacts 

    • Mapped Field’s Values (saved)

    • Domain from Contact Email (saved)

    • HubSpot Contact ID (saved)

  • Companies

    • Mapped Field’s Values (saved)

    • Domain (saved)

  • Contact Lists

    • Domain from Contact Email (saved)

  • Deals (to use deals, we sync with the companies object as well)

    • Mapped Field’s Values (saved)

    • Company ID (saved)

    • Domain Associated With Company ID(saved)

  • ABM Signals

    • HubSpot Company ID (saved)

    • Company Domain (saved)

Where do you physically store my data?

• Madison Logic stores your data in the United States, in the state of Virginia, within the Amazon Web Services region us-east-1.

How is my data secured in transit?

• When Madison Logic retrieves your data from HubSpot’s APIs, it is secured in transit by encryption using Transport Layer Security (TLS) version 1.2.

• When your data is transferred within Madison Logic systems, it is also secured in transit by encryption using TLS 1.2.

How is my data secured at rest?

• Your data is secured at rest by encrypting it using AWS Key Management Service APIs.

• AWS KMS uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys.

Is there a process in place for removing our content and data at the end of the use agreement?

• Yes. We can ensure that your content is securely removed from Madison Logic systems. Contact us for more information.

What type of compliance and controls are in place?

• Security and quality controls in Amazon Web Services have been validated and certified by the following compliance schemes:

  • AWS Service Organization Controls (SOC 1, SOC 2, and SOC 3) Reports. You can request a copy of these reports from AWS Compliance.

  • PCI DSS Level 1. For more details on PCI DSS compliant services in AWS, you can read the PCI DSS FAQs.

  • ISO 27017. For more details on ISO 27017 compliant services in AWS, you can read the ISO-27017 FAQs.

  • ISO 27018. For more details on ISO 27018 compliant services in AWS, you can read the ISO-27018 FAQs.

  • ISO 9001. For more details on ISO 9001 compliant services in AWS, you can read the ISO-9001 FAQs.

  • In evaluation for FIPS 140-2. For more details, you can view the FIPS 140-2 Implementation Under Test List. 

References

• HubSpot Developer Documentation

  • HubSpot API Overview

• Amazon Web Services Documentation

  • AWS Key Management Services

  • KMS - Cryptography Basics describes the cipher used: Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM. AWS KMS uses this algorithm with 256-bit secret keys.