// Trust & Security Report
Clearbit Inc. (HubSpot subsidiary)
B2B data enrichment and intent intelligence platform with APIs for real-time firmographic/technographic data, IP-to-company mapping, and lead scoring. Main products: Clearbit Enrichment API (100+ data attributes on 50M+ companies), Clearbit Reveal API (IP intelligence), and integration suite.
Certifications held
2
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on clearbit.com“The Clearbit Data Processing Agreement ('DPA') is hereby incorporated by reference into these Terms.”
> Show 7 unconfirmed / not-held certifications
source: clearbit.comThe AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own ISO 27001 certification; no vendor-specific ISO 27001 evidence found)
source: clearbit.comThe AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own CCPA compliance; no vendor-specific CCPA evidence found)
source: clearbit.comThe AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own PCI DSS certification; no vendor-specific PCI DSS evidence found)
source: clearbit.comno public evidence; HIPAA not mentioned in trust center, privacy policy, or security documentation
source: clearbit.comAWS and GCP cloud infrastructure...in compliance with...FedRAMP (refers to cloud provider compliance, not Clearbit's own authorization)
no public evidence
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
US-based, with potential transfer to any country where Clearbit has facilities or engages service providers (AWS, GCP regions). Compliant with EU, UK, and Swiss data protection frameworks via DPA with SCCs and UK addendum.
Not explicitly stated. Privacy policy does not clarify whether customer data is used to train AI models. Clearbit markets itself as 'AI-native B2B data provider' rebuilt with AI and LLMs, but customer data usage for training is not addressed in public documentation.
// Security controls
Vulnerability scanning
Regular vulnerability scanning and peer code review before production
clearbit.comAccess controls
Limited to personnel with job-related necessity; rule of least privilege
clearbit.comInfrastructure redundancy
N+1 architecture with automatic failover, distributed across AWS and GCP
clearbit.com// Products & data scope
data: B2B company and contact data (100+ firmographic and technographic attributes across 50M+ companies)
Real-time enrichment with 250+ data sources; automatic record refresh on changes; includes role/seniority standardization, industry categorization (NAICS, GICS, SIC), and hierarchical company mapping
data: IP address to company mapping with intent signals
De-anonymizes website traffic to reveal buying intent; includes technographic and firmographic details; used for visitor targeting and account-based marketing
data: Embedded enrichment via API partnerships
Flexible API provisioning and pricing for integration partners; deprecated classic free endpoints (2024-2025)
// What to watch
- HOST-VS-VENDOR CONFLATION: The trust center lists ISO 27001, FedRAMP, CCPA, and PCI DSS Level 1 in a single sentence about 'AWS and GCP cloud infrastructure' compliance. These are cloud-provider (AWS/GCP) certifications, NOT Clearbit's own. Only SOC 2 Type 2 is stated as Clearbit's own certification ('Clearbit is SOC 2 Type 2 Compliant'). Do not list ISO 27001, FedRAMP, CCPA, or PCI DSS as Clearbit certifications. Risk of over-claim in marketing.
- AI training policy not explicitly stated. Despite marketing 'rebuilt with AI' and use of LLMs, the privacy policy and trust center do not clarify whether customer data is used for model training or improvement. Requires direct vendor contact for clarity.
- No HIPAA certification found. Not offered as a product tier.
- CSA STAR and ISO 42001 (AI governance) certifications mentioned in early search results but not verified on vendor domain.
- Clearbit free tier and classic endpoints discontinued 2024-2025; customers migrated to HubSpot Breeze Intelligence. Verify current pricing and feature parity.
// At a glance
Pricing model
API-based subscription; free tiers discontinued in 2024-2025; now offered as HubSpot Breeze Intelligence
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Clearbit Inc. (HubSpot subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
clearbit.com