There's a new version of the HubSpot API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Handling privacy and legal compliance when working with the HubSpot platform

Tracking lawful basis of processing in HubSpot

Under GDPR, companies need a lawful reason to use and process contact data and must keep records of consent and evidence other lawful purposes of processing.

The contact property Legal basis for processing contact's data allows you to collect, track, and store lawful basis of processing via contract, legitimate interest, and/or consent for your HubSpot contacts.

When accessing contact data via the Contacts API, this property uses the name hs_legal_basis. Any contact that has that property set would be accessible through the API as with any other contact property, and the property can also be set or updated for contact records through the API.

However, the options for the property cannot be modified through the API using the Contact Properties API. The property options can only be updated from inside HubSpot, but it is possible to pull any custom options that may have been set for the property through the Contact Properties API. For this reason, it is recommended that your integration use the Contact Properties API to get the options for this property, since individual HubSpot accounts may not use the default settings.

For more details about this property and how it might be used in HubSpot, please see this knowledge base article:
https://knowledge.hubspot.com/articles/kcs_article/contacts/how-can-i-track-lawful-basis-of-processing-in-hubspot

Handling privacy compliant contact deletions

HubSpot users have the ability to permanently delete a contact record to comply with privacy laws. Please see the following help article for more details on this feature: https://knowledge.hubspot.com/articles/kcs_article/contacts/how-do-i-perform-a-gdpr-compliant-delete-in-hubspot

You can subscribe to the contact.privacyDeletion subscription type to receive webhook notifications when a user performs a privacy compliant contact deletion. Please see the webhooks overview for more details on webhooks, and more details on handling these notifications.