Skip to content
HubSpot Developer Changelog

Public beta: Introducing new GDPR deletion endpoints for the CRM Contact Object API

Update: This post has been updated to more accurately reflect the current GDPR functionality as of September 2022. See our GDPR resources for integrations for full details.

Good news! We've enhanced the HubSpot platform to enable easier compliance with GDPR.

What’s happening?

The EU’s General Data Protection Regulation (GDPR) is a set of laws aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of organizations to deal with that data in transparent and secure ways. GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens.

Under the GDPR, contacts in your account have the right to request that you delete all of their personal data. HubSpot’s GDPR deletion feature will delete the contact record and any associations between the contact record and other CRM objects. You can find more details in the Non-contact associated data section of our GDPR resources for integrations.

We are introducing two brand new endpoints to the CRM Contact Object API that will enable developers to perform GDPR compliant contact record deletions. Both endpoints will be introduced in public beta. HubSpot users have had the ability to perform GDPR compliant deletions in the UI for a while now so it's great to deliver feature parity between Hubspot’s UI and public APIs. You can read more about HubSpot’s GDPR readiness and features here

Here's what's new: 

The new endpoints are as follows: 

DELETE /crm/v3/objects/gdpr/contacts/email/{email}

Enables developers to permanently delete a contact by email address and all association details to follow GDPR guidelines. If the contact isn't found, this action blacklists an email address from being used in the future.

DELETE /crm/v3/objects/gdpr/contacts/{contactId}

Developers can permanently delete a contact by id and all association details to follow GDPR guidelines.

What this means for developers:

Start testing out these new endpoints. Public beta is the perfect time to let us know what you think. We’ll be collecting and iterating quickly on your feedback, which could mean breaking changes. We don’t recommend using these endpoints in a production environment yet, but we’ll let you know through the developer changelog when the endpoints are ready to move out of public beta and into general availability.


When is this change happening?

The new public beta GDPR endpoints are available from today, August 27th, 2021.

Please let us know if you have any feedback or questions by joining the conversation in the community.