HubHorizon is a CRM health analysis tool for HubSpot. It connects to your portal via OAuth, analyzes your properties, data quality, and process alignment, and gives you composite health scores, AI readiness assessments, and prioritized recommendations. Think of it as an independent audit of your HubSpot setup.

RevOps teams who want to measure and improve their CRM health. HubSpot partners who audit client portals. And anyone managing a HubSpot portal who wants to know what to fix first. It works on every HubSpot tier, from Free to Enterprise.

Is my HubSpot data safe?

Yes. We use OAuth 2.0 for authentication — we never see or store your HubSpot password. We read your property configurations for analysis. Write access is only used for optional property management features (like pushing templates), and every write operation is auditable with rollback support. You can revoke access anytime from your HubSpot settings.

What data do you access?

We access property definitions, object schemas, and metadata about your CRM structure. We do not access individual contact records, emails, or sensitive customer data. Our analysis focuses on your CRM configuration, not your customer information.

Are you GDPR compliant?

Yes. All data is hosted on Hetzner Cloud in Finland (EU). AI processing runs through Mistral AI in Paris, France. We have zero US subprocessors. We provide full data export and deletion capabilities, and a Data Processing Agreement (DPA) is available on request. You can delete your account and all associated data at any time.

What do I get for free?

You get a free preview of your health scores after connecting your portal. This shows you your overall health score and key metrics. To unlock the full analysis with detailed recommendations, export capabilities, and monthly refreshes, you upgrade to an annual plan starting at €199/year.

Is this a subscription?

Yes. Individual portal plans are billed annually (€199/year for Premium, €399/year for Pro) and include unlimited monthly refreshes. You can cancel anytime — your access continues until the end of your billing period. HubSpot Partners have annual subscription options for multiple portals.

We offer a free preview so you can evaluate the full analysis before purchasing. Because you can thoroughly assess the product before paying, we don't offer refunds after purchase. If you have concerns, contact us — we're committed to making HubHorizon valuable for your team.

Which HubSpot plans do you support?

HubHorizon works with all HubSpot plans — Free, Starter, Professional, and Enterprise. Some advanced scores (like methodology tracking) may show limited data on Free plans due to available features, but core health analysis works on any plan.

How long does the analysis take?

Initial analysis typically completes in 1-3 minutes, depending on the size of your portal. Larger portals with hundreds of custom properties may take slightly longer. You will see a progress indicator while we analyze.

Will this affect my HubSpot performance?

No. We use HubSpot's official APIs with rate limiting built in. Analysis uses read-only access and has no impact on your portal performance or your users' experience.

Can I disconnect HubHorizon?

Yes, anytime. Go to your HubSpot settings → Integrations → Connected Apps and revoke access. You can also delete your HubHorizon account entirely, which removes all stored data.

Data Processing Agreement (DPA) — HubHorizon

This Data Processing Agreement ("DPA") forms part of the Terms of Service between HubHorizon.io, a Finnish sole proprietorship ("Processor", "we", "us"), and the customer ("Controller", "you") who uses the HubHorizon service.

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person as defined in GDPR Article 4(1).
"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
"Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
"Data Subject" means the individual to whom Personal Data relates.
"Supervisory Authority" means an independent public authority responsible for monitoring GDPR application.

2. Roles and responsibilities

Controller: You (the customer) are the Controller of the Personal Data processed through HubHorizon. You determine the purposes and means of processing your HubSpot portal data.

Processor: HubHorizon acts as a Processor on your behalf, processing your data only according to your instructions and this DPA.

3. Scope of processing

3.1 Data categories

Account information: Email addresses, names, authentication data
HubSpot portal metadata: Property names, types, descriptions, usage statistics
Record sample data: During analysis, we transiently process a sample of property values (up to 1,000 records per object type — contacts, companies, deals, tickets) to compute fill rates, value distributions, and data quality scores. This data is processed in memory and not stored beyond the analysis session. Only aggregate statistics are retained.
Analysis data: Health scores, recommendations, action history (aggregate only)

3.2 Processing purposes

Provide the HubHorizon analysis service
Generate property health reports and data quality scores
Enable property creation, update, and deletion operations
Generate AI-powered property suggestions and descriptions
Maintain audit trails of write operations
Send service-related communications

3.3 Data minimization

Record samples are processed transiently in memory and discarded after analysis
Only aggregate statistics (fill rates, distributions, scores) are stored
AI processing sends only property metadata (names, descriptions, types), not individual record values
OAuth scopes are limited to the minimum necessary for service functionality

4. Sub-processors

4.1 Authorized sub-processors

Sub-processor	Purpose	Location	Data processed
Hetzner Online GmbH	Infrastructure hosting (self-hosted Supabase)	EU (Finland)	Account data, analysis data, audit logs
Mollie B.V.	Payment processing	EU (Netherlands, PCI DSS)	Payment details (not stored by us)
HubSpot, Inc.	API access to your portal	US (DPF certified)	Portal metadata, record samples via OAuth
Mistral AI	AI-powered suggestions, descriptions, embeddings	EU (Paris, France)	Property metadata — anonymized names/descriptions (not stored)

4.2 Sub-processor changes

We will notify you of any intended changes to sub-processors at least 30 days in advance. You may object in writing within 14 days. If we cannot accommodate your objection, you may terminate the service.

5. Security measures

5.1 Technical measures

Encryption in transit: All data transmitted via TLS 1.2+
Encryption at rest: Database encryption using AES-256
Access control: Role-based access, principle of least privilege
Authentication: Multi-factor authentication for admin access
API security: OAuth 2.0, token encryption, secure storage
Network security: Firewall protection, DDoS mitigation
Audit logging: Comprehensive logs of all write operations

5.2 Organizational measures

Regular security training for personnel
Access limited to authorized personnel only
Confidentiality agreements with all staff
Regular security assessments and penetration testing
Incident response procedures documented and tested

5.3 Data center security

Our primary infrastructure is hosted in EU data centers (Hetzner, Finland) with ISO 27001 certification, physical access controls, and 24/7 monitoring. AI processing is handled by Mistral AI (Paris, France) — no data leaves the EU for AI processing.

6. Data subject rights

We will assist you in responding to Data Subject requests for access, rectification, erasure, restriction, portability, and objection. We will respond to your assistance requests within 5 business days.

If a Data Subject contacts us directly, we will promptly redirect them to you unless legally required to respond directly.

7. Data breach notification

In the event of a Personal Data breach, we will notify you without undue delay and in any case within 72 hours of becoming aware. Our notification will include the nature of the breach, affected data categories, likely consequences, and remedial measures.

We will cooperate with you and any Supervisory Authority in investigating and remediating the breach. We maintain records of all breaches, including facts, effects, and remedial actions taken.

8. Audit rights

Upon reasonable request, we will provide information necessary to demonstrate compliance. You may conduct audits with 30 days' notice, during business hours, maximum once per 12-month period (unless a breach has occurred). Our infrastructure providers maintain ISO 27001 certification.

9. Data retention and deletion

Data type	Retention period
Account data	Duration of service + 30 days
Analysis data	12 months from last analysis
Record sample data	Not stored — processed transiently only
Audit logs	90 days
Payment records	7 years (tax law)

Upon termination, we delete all Personal Data within 30 days. Backup copies within 90 days. You can request a certificate of deletion. Self-service deletion is available via dashboard, portal disconnection, or email to privacy@hubhorizon.io.

10. International transfers

All core infrastructure and processing occurs within the EEA:

Application and database: Hetzner, Finland (EU)
AI processing: Mistral AI, Paris, France (EU)
Payments: Mollie B.V., Netherlands (EU)

The only international transfer outside the EEA is to HubSpot, Inc. (US) via their API, covered by the EU-US Data Privacy Framework. We conduct Transfer Impact Assessments and implement supplementary measures where necessary.

11. Confidentiality

All personnel with access to Personal Data are bound by confidentiality obligations. We will not disclose Personal Data except as instructed by you, to authorized sub-processors, or as required by law (with advance notice where permitted).

12. Termination

Upon termination of this DPA or the underlying service agreement, we will cease all processing and delete data per Section 9. Upon request within 30 days of termination, we will provide a copy of your data in JSON format.

13. Liability

Each party shall indemnify the other for damages arising from breach of this DPA, GDPR, or applicable data protection laws. Our total liability shall not exceed the amounts paid by you for the service in the 12 months preceding the claim.

14. Amendments

We may update this DPA to reflect changes in law or our practices. Material changes will be notified 30 days in advance. Continued use of the service after the effective date constitutes acceptance.

15. Governing law

This DPA is governed by the laws of Finland. Disputes shall be resolved in Finnish courts, without prejudice to Data Subject rights to bring claims in their jurisdiction of residence.

16. Contact

For questions about this DPA or data protection matters:
HubHorizon Data Protection
Email: privacy@hubhorizon.io

By using HubHorizon services, you acknowledge and agree to this Data Processing Agreement.

Controller (Customer): Accepted upon account creation and service use
Processor (HubHorizon): HubHorizon.io — Effective: February 9, 2026