⚠ Draft — pending engineering and legal review. This page describes what the Power BI Connector for HubSpot stores, where, how it’s protected, and which third-party services participate. The structure mirrors our Salesforce and SAP equivalents, but the HubSpot-specific architecture (hosting region, OAuth grant storage, secrets encryption) needs confirmation from engineering before publication. [REVIEW: every section flagged TBD below needs eng input before this page can ship.]
The high-level data flow #
- A HubSpot user opens the connector from inside their HubSpot portal. HubSpot terminates TLS, authenticates the session against the HubSpot user’s existing identity, and serves the embedded connector UI.
- The user builds a data source, picking HubSpot objects and properties. The connector stores this configuration (the data source definition — not the data itself) in [TBD: hosting region / database tier].
- The user mints a personal access token in the connector and configures Power BI Desktop with the OData URL plus the token.
- Power BI sends a request to the OData URL. The connector validates the token, then calls the HubSpot API on the user’s behalf using the OAuth grant created at install time. HubSpot returns the data; the connector reshapes it into OData and returns it to Power BI.
What the connector stores #
- Data source definitions — the user-friendly name, selected objects and properties, filter expressions, and sharing list. No HubSpot data values are stored at rest.
- Personal access tokens — SHA-256 hashed at creation; the plaintext is shown to the user once and never persisted. [REVIEW: confirm hash + salt approach with eng.]
- OAuth refresh token — received from HubSpot at install. Encrypted at rest in [TBD: which key management service]. [REVIEW: confirm.]
- Audit history — data source changes, token lifecycle events, and export request metadata. Retained for [TBD: retention period].
The connector does not cache HubSpot data values. Every Power BI refresh queries HubSpot live.
Where data is hosted #
The connector application is hosted in [TBD: cloud provider + region]. Data in transit is protected with TLS 1.2 or higher. Data at rest in the connector’s database is encrypted with [TBD: encryption approach]. [REVIEW: confirm hosting facts with eng.]
HubSpot scopes the connector requests #
At install, the connector requests OAuth scopes for read-only access to the HubSpot objects you choose to expose. Specific scopes:
- [TBD: list of OAuth scope strings the connector requests.]
Who can see what #
- You — you see every data source you own and every data source someone has shared with you.
- Other users in your HubSpot portal — they see only what you explicitly share with them (individual users or HubSpot teams).
- Metrica Software staff — can access audit history (data source change log) for diagnostic and support purposes. Cannot view HubSpot data values (the connector doesn’t store them). Cannot view plaintext access tokens (hashed). [REVIEW: confirm staff access model.]
Compliance #
[TBD: SOC 2 / GDPR / HIPAA statements as applicable. Confirm with legal what compliance certifications apply.]Incident response #
If you suspect a security issue affecting your data, contact us immediately via the Contact Support page or email security@metricasoftware.com directly. [REVIEW: confirm security@ inbox is active.]
