HubSpot just learned an expensive lesson about trust. It took them four days.

On July 1, HubSpot quietly updated its terms of service. Buried in the fine print was a big change: data from your CRM could be pooled into a shared commercial dataset and used to enrich other customers' records. Business contact info. Company data. Email engagement signals like opens, clicks, and bounces. Even data you imported and cleaned yourself.

Here's the part that set people off. Everyone was opted in by default. If you didn't want your data feeding the pool, you had to find the setting and turn it off yourself.

The backlash was immediate. By July 5, HubSpot published a post titled "We Got This Wrong. And We Are Fixing It." They killed the terms change and promised that any future data sharing would be fully opt-in.

Credit where it's due. They owned the mistake publicly and reversed fast. That's more than most companies do.

But if you run a business, or you market for one, there are lessons here worth sitting with. Because this story is bigger than HubSpot.

What HubSpot Was Actually Trying to Do

The plan wasn't evil. It was strategic.

HubSpot was building a product called Contact Discovery, set to launch in August. The idea: let sales teams find and verify new contacts without leaving HubSpot. To power it, they needed a massive, constantly refreshed contact database.

And they were sitting on one. Hundreds of thousands of live CRMs, updated every day by real businesses doing real work. Your data entry. Your list cleaning. Your bounce handling. Pool all of that together and you have one of the freshest B2B datasets on earth.

The problem was never the product. It was the mechanism. Instead of asking customers to contribute, HubSpot changed the terms and flipped everyone's switch to ON.

That's not consent. That's a bet that you won't notice.

This Model Isn't New

Here's what most of the coverage missed. Plenty of companies already do this. They just do it out in the open.

ZoomInfo built its entire business on a contribute-to-access model. You get access to their database, and in exchange, their software reads contact data from your email. Apollo, Lusha, Seamless, and a dozen other tools run some version of crowdsourced contact data. It's the standard playbook in the sales data world.

The difference is that those are data companies. When you sign up for ZoomInfo, you know the deal. You're trading your data for theirs.

A CRM is different. A CRM is supposed to be a system of record that you own. You bought the software. You built the database. You paid your team to maintain it. When the vendor decides your database is now an input to a product they sell to everyone else, including your competitors, that's not a feature. That's a fundamental change to the relationship.

HubSpot tried to make that change with a terms update over a holiday week. Customers noticed. Good.

Why This Will Happen Again

Don't mistake this reversal for the end of the story. HubSpot said they still believe in a shared, continuously improving dataset. They're just going to relaunch it with clearer opt-in.

And the pressure that pushed them here isn't going away.

Contact data is getting cheap. Tools like Clay and Apollo are driving the price of raw B2B data toward zero. When the data itself is nearly free, the only lasting advantage is a dataset that gets better as more people use it. That's a network effect, and every software vendor with a large customer base is thinking about how to build one.

Which means every vendor with access to your data is looking at it and wondering what else it could be worth.

Your CRM. Your email platform. Your field service software. Your review management tool. All of them are sitting on customer data that you created. Expect more of them to ask for it. Some will ask nicely. Some will bury it in an update to the terms.

What This Means If You Run a Contracting Business

I work with home service contractors every day. HVAC, plumbing, electrical, roofing. And I'll tell you what I tell them.

Your customer list is one of the most valuable things your business owns. It took years to build. It's full of people who already trust you, already paid you, and will call you again if you stay in front of them. No lead vendor can sell you anything close to it.

Most contractors are not reading terms of service updates. They're running crews, quoting jobs, and answering phones. That's exactly why this matters. The businesses least equipped to catch a quiet policy change are often the ones with the most to lose from it.

So here's the practical advice:

Know where your customer data lives. Every tool that touches your customer list is a potential leak point. Make a list. It's shorter than you think.

Ask your vendors the direct question. Is my data used to enrich, train, or improve anything outside my account? A good vendor answers in one sentence. A bad one sends you to a policy page.

Watch for opt-out defaults. Any time a vendor makes data sharing the default and puts the off switch on you, that tells you something about how they see the relationship.

Work with partners who read the fine print for you. A good digital partner absorbs this risk. They watch the terms changes, they lock down the settings, and they flag the problems before you ever hear about them on the news. If your vendor hands that job back to you, that's a red flag.

The Bottom Line

HubSpot's reversal proves something encouraging. Customers still have power. Enough noise in four days killed a plan that took months to build.

But the direction of the industry is clear. Your data is the product now, and every vendor wants a piece of it. Opt-out is not consent. Defaults are not choices. And the businesses that protect their customer data today will be glad they did.

Real businesses are built on real relationships. Guard the list.


Sources and further reading: