// Trust & Security Report

    Clearbit Inc. (HubSpot subsidiary) logo

    Clearbit Inc. (HubSpot subsidiary)

    B2B data enrichment and intent intelligence platform with APIs for real-time firmographic/technographic data, IP-to-company mapping, and lead scoring. Main products: Clearbit Enrichment API (100+ data attributes on 50M+ companies), Clearbit Reveal API (IP intelligence), and integration suite.

    Certifications held

    2

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Clearbit is SOC 2 Type 2 Compliant

    Verify on clearbit.com
    GDPR
    HELD

    The Clearbit Data Processing Agreement ('DPA') is hereby incorporated by reference into these Terms.

    Verify on clearbit.com
    > Show 7 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    The AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own ISO 27001 certification; no vendor-specific ISO 27001 evidence found)

    source: clearbit.com
    CCPA
    NOT CONFIRMED

    The AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own CCPA compliance; no vendor-specific CCPA evidence found)

    source: clearbit.com
    PCI DSS Level 1
    NOT CONFIRMED

    The AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1 (this sentence describes cloud provider AWS/GCP compliance, not Clearbit's own PCI DSS certification; no vendor-specific PCI DSS evidence found)

    source: clearbit.com
    HIPAA
    NOT CONFIRMED

    no public evidence; HIPAA not mentioned in trust center, privacy policy, or security documentation

    source: clearbit.com
    FedRAMP
    NOT CONFIRMED

    AWS and GCP cloud infrastructure...in compliance with...FedRAMP (refers to cloud provider compliance, not Clearbit's own authorization)

    source: clearbit.com
    CSA STAR
    NOT CONFIRMED

    no public evidence on vendor domain

    source: clearbit.com
    ISO/IEC 42001 (AI Management)
    NOT CONFIRMED

    no public evidence

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    US-based, with potential transfer to any country where Clearbit has facilities or engages service providers (AWS, GCP regions). Compliant with EU, UK, and Swiss data protection frameworks via DPA with SCCs and UK addendum.

    Not explicitly stated. Privacy policy does not clarify whether customer data is used to train AI models. Clearbit markets itself as 'AI-native B2B data provider' rebuilt with AI and LLMs, but customer data usage for training is not addressed in public documentation.

    // Security controls

    Encryption at rest

    AES-256 bit encryption

    clearbit.com

    Encryption in transit

    TLS v1.2 and v1.3

    clearbit.com

    Penetration testing

    Annual third-party penetration tests

    clearbit.com

    Vulnerability scanning

    Regular vulnerability scanning and peer code review before production

    clearbit.com

    Access controls

    Limited to personnel with job-related necessity; rule of least privilege

    clearbit.com

    Infrastructure redundancy

    N+1 architecture with automatic failover, distributed across AWS and GCP

    clearbit.com

    Incident response

    Documented procedures and dedicated security team

    clearbit.com

    Monitoring

    Application health alerts for early incident detection

    clearbit.com

    // Products & data scope

    Clearbit Enrichment APIData Enrichment

    data: B2B company and contact data (100+ firmographic and technographic attributes across 50M+ companies)

    Real-time enrichment with 250+ data sources; automatic record refresh on changes; includes role/seniority standardization, industry categorization (NAICS, GICS, SIC), and hierarchical company mapping

    Clearbit Reveal APIIP Intelligence

    data: IP address to company mapping with intent signals

    De-anonymizes website traffic to reveal buying intent; includes technographic and firmographic details; used for visitor targeting and account-based marketing

    Powered by Clearbit ProgramPlatform Integration

    data: Embedded enrichment via API partnerships

    Flexible API provisioning and pricing for integration partners; deprecated classic free endpoints (2024-2025)

    // What to watch

    • HOST-VS-VENDOR CONFLATION: The trust center lists ISO 27001, FedRAMP, CCPA, and PCI DSS Level 1 in a single sentence about 'AWS and GCP cloud infrastructure' compliance. These are cloud-provider (AWS/GCP) certifications, NOT Clearbit's own. Only SOC 2 Type 2 is stated as Clearbit's own certification ('Clearbit is SOC 2 Type 2 Compliant'). Do not list ISO 27001, FedRAMP, CCPA, or PCI DSS as Clearbit certifications. Risk of over-claim in marketing.
    • AI training policy not explicitly stated. Despite marketing 'rebuilt with AI' and use of LLMs, the privacy policy and trust center do not clarify whether customer data is used for model training or improvement. Requires direct vendor contact for clarity.
    • No HIPAA certification found. Not offered as a product tier.
    • CSA STAR and ISO 42001 (AI governance) certifications mentioned in early search results but not verified on vendor domain.
    • Clearbit free tier and classic endpoints discontinued 2024-2025; customers migrated to HubSpot Breeze Intelligence. Verify current pricing and feature parity.

    // At a glance

    Pricing model

    API-based subscription; free tiers discontinued in 2024-2025; now offered as HubSpot Breeze Intelligence

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Clearbit Inc. (HubSpot subsidiary)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    clearbit.com

    > Browse all vendor trust reports