Sessions between you and your portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
TLS is enabled by default on HubSpot-hosted websites. You can also select the versions of TLS that are available to your site’s visitors.
HubSpot monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the HubSpot platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.
From start-to-finish, the design and strategy team provide all of the guidance and expertise necessary to build a high-conversion website.
HubSpot products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.
HubSpot’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions. This is where open source solutions create vulnerabilities that HubSpot does not have.
HubSpot maintains its TRUSTe certification for Enterprise Privacy. Our infrastructure providers maintain ISO 27001, SOC2 Type II, and many other certifications (AWS) (GCP). As a publicly traded company, HubSpot’s key IT controls are audited on a recurring basis as part of its Sarbanes Oxley compliance; public information about HubSpot’s SOX compliance is available as part of our SEC filings.
HubSpot leverages 3rd party penetration testing firms several times a year to test the HubSpot products and product infrastructure. HubSpot tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
A sophisticated and best-practice system of data security is in place. Version backups of each web page are available from the page edit dialog to restore previous versions. To learn more visit the reliability page.