Plain-English risk rating: 2 of 5
HubSpot's AI features (consolidated under the Breeze brand during 2024-2025, expanded substantially with the Spring Spotlight 2026 release) are embedded across its Marketing, Sales, Service, and CMS Hubs. HubSpot has invested heavily in privacy-positive defaults: subprocessor agreements explicitly prohibit AI providers from using customer data for model training, zero-data-retention enforced "wherever possible," US customer data stays in US infrastructure, and the Spring Spotlight 2026 release formalised an AI governance framework as a platform layer rather than a policy add-on. HubSpot holds SOC 2 Type II and ISO 27001 certifications and supports HIPAA via BAA on Enterprise tier.
The risk picture is comparable to Salesforce Einstein but at SMB-appropriate pricing and complexity. The Breeze documentation is unusually detailed about which AI service providers process which data (GPT-4-class models from OpenAI for language tasks, Stability AI for image generation, Anthropic Claude for some embedded features) and HubSpot publishes AI Model Cards explaining the provider stack.
Recommended for
- Sole proprietor: Free CRM tier with basic Breeze features is a legitimate starting point. Starter Hub plans at ~$20/month/seat include limited Breeze. Acceptable for small-scale marketing or sales work.
- Small team (2-10 people): Professional tier with Breeze AI included. The pricing model (per-hub-tier rather than per-AI-feature) avoids the upgrade-pressure pattern of competitors. As of 2026, Smart CRM & Data Enrichment (formerly "Breeze Intelligence") is included free with Core Seats at Starter+ tiers, which is a meaningful value addition.
- Regulated industry: Enterprise tier with BAA where applicable, appropriate data residency configuration, and disabled Breeze features for any PHI-touching workflows.
- The honest answer for most 1-10 employee businesses considering a CRM with AI: HubSpot with Breeze is the SMB-appropriate choice for enterprise-grade privacy posture without enterprise pricing or complexity. The free tier is a legitimate starting point. The Spring Spotlight 2026 governance features (audit cards, permission-aware agents, approval workflows) are useful for any team that needs to demonstrate AI governance.
Critical pre-deployment warning (Breeze Agents and HubSpot Credits)
Breeze Agents consume HubSpot Credits per action, with pricing varying by agent type and complexity. The four general-availability Core Agents (Customer Agent, Prospecting Agent, Data Agent, Content Agent) operate on established GPT-4.x architectures. The marketplace agents that migrated to GPT-5 architecture in January 2026 (Deal Loss Agent, Customer Health Agent, RFP Agent) are smarter at complex reasoning but less battle-tested than the Core Agents. For SMBs deploying Breeze Agents in production, the right starting posture is the Core Agents with established reliability profiles; expand to marketplace agents only after operational confidence.
For any team deploying Breeze Customer Agent in production: configure approval workflows so no AI-generated outreach goes to clients without human review, define escalation rules for sensitive topics (complaints, legal inquiries, account changes), and review the timestamped audit cards weekly during the pilot phase.
Data retention default
- Standard HubSpot retention applies to AI feature output
- LLM provider retention: zero-retention under HubSpot's contractual arrangements ("enforced wherever possible" per HubSpot AI Cloud Infrastructure FAQ)
- Breeze Copilot and Breeze Agents log activity for audit purposes (2026 audit card feature provides timestamped reviewable records)
- Permission-aware access: Breeze respects HubSpot user permissions — the agent only sees what the user could see
Training opt-out
NO TRAINING ON CUSTOMER DATA BY DEFAULT across plan tiers. HubSpot's subprocessor agreements prohibit AI service providers from using customer CRM, marketing, or service content for their model training. This is contractual and is enforced through HubSpot's vendor review process. Customers who want to opt out of AI processing entirely can disable AI service provider access through account settings, but this disables Breeze features rather than just opting out of training.
Zero Data Retention availability
- Default via zero-retention contracts with LLM providers (where supported by the provider; HubSpot uses the language "wherever possible" to reflect that some providers/endpoints do not support full ZDR)
- EU Data Residency available at qualifying tiers
Plan tiers and pricing (as of early 2026)
| Tier | Price (USD) | AI features | Suitable for |
|---|---|---|---|
| Free CRM | $0 | Basic Breeze features | Sole proprietors starting out |
| Starter | ~$20/seat/month | Standard Breeze + Smart CRM enrichment | Small teams getting organised |
| Professional | $450-800/month | Full Breeze incl. agents | Growing teams |
| Enterprise | $1,500-3,600/month | Full Breeze + admin controls | Larger orgs needing SSO, governance |
Note: HubSpot prices its hubs (Marketing, Sales, Service, CMS, Operations) separately, then bundles them into Suites at discount. The Professional and Enterprise pricing ranges above reflect Suite pricing variation. Breeze Agents additionally consume HubSpot Credits per action.
Jurisdiction
- Primary processor: HubSpot Inc., Cambridge, Massachusetts, USA
- Cloud infrastructure: AWS
- Third-party AI subprocessors: OpenAI (GPT-4-class language tasks), Stability AI (image generation), Anthropic (some embedded features) — all under no-training contractual terms
- Data residency: US customer data stays in US infrastructure; no cross-border processing introduced by AI features (per HubSpot AI Cloud Infrastructure FAQ)
- SOC 2 Type II, ISO 27001 certified; HIPAA (Enterprise with BAA), GDPR-compliant
- EU Data Residency available
Breach history (public incidents)
March-April 2024 — HubSpot account compromise campaign
In early 2024, HubSpot disclosed a targeted campaign affecting a small number of customer accounts via credential stuffing and OAuth token abuse. The incidents were not infrastructure breaches but rather customer-side credential exposures that attackers leveraged to access connected HubSpot accounts. HubSpot's response included forced password resets for affected accounts and improved monitoring.
Source: HubSpot Trust Center disclosure (March-April 2024)
No publicly-disclosed HubSpot Breeze AI-specific breach as of May 2026.
Category-level risk: Breeze Agents put HubSpot in the same agentic-AI category as Microsoft 365 Copilot (EchoLeak), Salesforce Agentforce (ForcedLeak), and Cursor (NomShub). The same indirect prompt injection class risk applies in principle. HubSpot's Spring Spotlight 2026 governance framework (audit cards, permission-aware access, approval workflows) is a meaningful mitigation pattern — not a guarantee against prompt injection but a structural improvement over agentic AI products without those controls. We are not aware of a publicly-disclosed HubSpot-specific EchoLeak-equivalent as of profile verification date.
What this means in plain English for SMB owners
Three honest takeaways:
- HubSpot with Breeze is the genuine SMB-appropriate enterprise-grade CRM-with-AI option. Strong privacy posture, no-training defaults, accessible pricing, free starter tier, transparent documentation of which AI providers process which data. For 1-10 employee businesses choosing a first CRM-with-AI, HubSpot is the path of least friction.
- The 2024 credential-stuffing incidents are a reminder that platform breach is not the only risk class. Multi-factor authentication on every HubSpot account is the baseline expectation; OAuth token review (which apps have access?) is a quarterly hygiene task.
- The Spring Spotlight 2026 governance features matter more than they sound. Audit cards (timestamped reviewable records of every AI action), permission-aware access (agents only see what the user could see), and approval workflows are the structural controls that distinguish defensible agentic AI deployment from theatre. For teams using Breeze Customer Agent for client-facing communication, these controls are not optional discipline — they are the actual safeguard against AI-mediated client-relationship damage.
Sources
- HubSpot security and privacy documentation (legal.hubspot.com/security, verified 2026-05-24)
- HubSpot Trust Center for current certifications and incident disclosures
- HubSpot AI Cloud Infrastructure FAQ (knowledge.hubspot.com, verified 2026-05-24)
- HubSpot Breeze AI product documentation
- HubSpot AI Model Cards (provider stack disclosure)
- HubSpot Privacy Policy (legal.hubspot.com/privacy-policy, April 2026 version)
- Vantage Point: How to Use Breeze and AI Agents in HubSpot 2026 Guide (May 2026)
- Syncbricks: HubSpot Breeze AI 2026 Complete Guide (April 2026)
- On the Fuze: HubSpot Breeze AI Agents 2026 Guide for SMBs (February 2026)
- Fast Slow Motion: HubSpot AI Governance Data Privacy & Transparency in 2026 (April 2026)
- Huble: HubSpot AI security FAQ for CTOs and CIOs
- MyAskAI: HubSpot Breeze AI Guide to Features Pricing Limitations (March 2026)
- Resolve247: What Is HubSpot Breeze Features & Honest Review (2026)
Related on AI Leakage
- Compare all 29 AI tools in the risk directory — see how HubSpot AI (Breeze) stacks up against the rest, tier by tier.
- Take the 5-minute “Am I Leaking?” check — a personalised view of your business’s AI exposure.
- Check a prompt before you paste it — our free Data-Safe Prompt Rewriter.
- Shadow AI vs AI leakage — why even approved tools like HubSpot AI (Breeze) can leak data.
- Get plain-English AI Leakage Alerts — we email you when an AI tool you use changes its data policy or has an incident.
- Get the free AI Acceptable Use Policy template — a plain-English policy with the tool-by-tool risk guide built in.