Skip to content

HubSpot Integrations: Can You Link a Private Server to the HubSpot CRM?

HubSpot may be an all-in-one CRM database and CMS platform, but no solution is ever truly one-size-fits-all. HubSpot’s custom objects feature has made it possible to create data systems within the CRM platform that suit almost any purpose, but there are more factors to consider besides feasibility, not the least of which being privacy laws. Is HubSpot HIPAA compliant? Can HubSpot store sensitive customer information?

Companies that have a need to store personal identifiable information (PII) such as medical records or social security numbers won’t be able to use HubSpot as their exclusive database. HubSpot’s terms of service prohibits users to store “sensitive information” in their CRM. Their definition of sensitive information cites several categories of PII, including:

  • Credit or debit card numbers
  • Financial account numbers
  • Government issued identification numbers such as Social Security numbers
  • Personal health information
  • “Personal information of children protected under any child data protection laws”

All this begs the question: If your organization is privy to sensitive information from your customers, can you use HubSpot? Yes, but the platform will need to be used alongside a separate data system or database. 

Why can't I store PII in HubSpot?

Though HubSpot is a secure platform, its CRM system is not made to comply with certain data privacy laws that dictate how some types of PII, such as personal health information or Social Security numbers, should be handled and stored. In most cases, simply storing highly sensitive data in a protected platform doesn’t fulfill data privacy standards.

A good example of a relevant data privacy law is the Health Insurance Portability and Accountability Act (HIPAA), which specifies how personal health information can be collected, stored, and shared. HubSpot isn’t HIPAA compliant for two main reasons:

User access control and multi-tenancy

A SaaS platform can either be single tenant or multi tenant, and this term is defined by how users of the platform access it. With single tenant solutions, each user has their own distinct software instance that isn’t shared with other users. Multi-tenant solutions, on the other hand, use shared infrastructure among all the users on a single account.

HubSpot is a multi-tenancy solution. Multi-tenancy doesn’t necessarily preclude a software from being HIPAA compliant, but in cases of multi-tenancy, user access to data needs to be heavily controlled by role. For example, a receptionist shouldn’t have access to the same amount of patient health information as a doctor or nurse.

HubSpot does provide some admin control over which users can see what data, but the settings don’t offer the level of granularity required for HIPAA compliance.

BAA agreements

Any organization that handles, uses, distributes, or accesses protected health information (PHI) for a healthcare provider is normally considered a Business Associate (BA) of said healthcare provider under HIPAA. Any BA storing PHI is required to sign a Business Associate Agreement (BAA), which is a contract between a healthcare provider and the BA that legally binds both parties to HIPAA regulations and defines liability for each party.

As HubSpot specifically prohibits storing PHI in their system, they won’t sign a BAA and therefore won’t be HIPAA compliant.

HubSpot is made to store only information that is required to target and market to your ideal audience, like emails and phone numbers.

Use cases for a HubSpot + server integration

Due to the nature of how HubSpot works, providers and organizations in certain industries will face additional challenges when it comes to collecting and storing customer data. These industries include:

  • Healthcare 
  • Financial services
  • Insurance providers
  • Legal services

Take financial services for example. Let’s say an accounting firm that provides financial advisory, tax filing, and investment services needs a platform that can store all their customer data and send marketing and transactional communications via email. They keep all their customer data, from email addresses to Social Security numbers, stored in an SQL database. They also use an external online scheduling service to book appointments with their clients.

Storing all data about customer interactions with their company and its representatives in one centralized location would be beneficial to both their clients and their employees. However, they need to ensure that sensitive information remains in their private server.

In this case, an SQL integration with the HubSpot CRM would be an effective approach. An SQL + HubSpot integration can be accomplished in multiple ways depending on the context and the state of the database’s data architecture.

Steps to integrating SQL database with HubSpot CRM

While there are some free or paid pre-built apps you can use to integrate your database with HubSpot, in many cases an integration app will need to be custom-built.

Take the previous example of an integration for an accounting firm. To connect the firm’s online appointment booking software and SQL database to HubSpot, the integration would need to interface with multiple HubSpot APIs. 

The following is a general overview of the steps involved in connecting an accounting firm’s database and appointment booking software to HubSpot:

1. Build webhooks to integrate calendar service into HubSpot Timeline events

To keep track of meetings with clients in HubSpot, a tax office would want to see their scheduled meetings in the timelines of each contact and company record, and in the deal records associated with those contacts and companies.

Webhooks are callback functions that automatically send data between databases or software, at the time the data becomes available. They allow autonomous communication between platforms, so data is seamlessly shared without the need for a manual transfer.

Webhooks can be used to transfer information about customer behavior from external databases into contact record timelines in HubSpot. This way, you can track how your customers are interacting with your business via appointments booked, deals made, and more. Webhooks communicate with the HubSpot CRM via the HubSpot Webhooks API.

Connecting to any HubSpot API, including the Webhooks API, involves creating a HubSpot developer account and setting up an integration application

2. Sync selective customer data with the Properties API

If a business wants to utilize some personal customer data for marketing communications, but needs to keep some PII locked up in an encrypted database, the most effective solution is to connect the database to the CRM via the HubSpot Properties API.

A HubSpot integration application that fulfills this purpose needs to designate property type, such as a string or a number, as well as the property field type, which is how it appears in HubSpot - such as dropdown or plain text.

An accounting firm that wanted to query select information from their database could use the Properties API to send customer data over to HubSpot, while keeping highly sensitive information separate.

3. Integrate HubSpot portal with the Pipelines API to track paid services

One crucial aspect of effective customer relationship management is knowing what services a customer has utilized and when. There’s nothing more frustrating for a customer than when they reach out for assistance after paying for a product or service, and the person helping them appears to know nothing about them or their situation, and they have to explain their entire history with the company. Even worse, when they have to reach out multiple times, and each time the rep they speak to has no record of their previous interactions, meaning they have to explain everything all over again.

If a company has a record of their appointments and services stored outside of HubSpot, it’s vital that that information is continuously sent to the CRM. This can be accomplished through the Pipelines API.

Any time a payment is processed, ideally a webhook or API call would send the data - such as purchase amount and service type - to HubSpot and integrate it with the deals pipeline.

Does any of this sound familiar to you?

If your business needs to store highly sensitive information, and currently uses or wants to use HubSpot’s suite of marketing features, an integration is likely the best solution; it preserves data privacy while allowing your go-to-market teams to access enough information about your customer to provide a personalized experience.

If you’re in need of an integration between your databases but are unsure where to start, reach out to us for a free consultation.

For more information about our integration services, check out our Mind & Metrics Services page.