We only access what we functionally need.
Your data is stored in the EU (Frankfurt), encrypted at rest and in transit, isolated from every other customer.
Our approach
QuoteXelerator identifies which deal to attach line items to, reads owners for recipe assignment, and reads or writes line items. That is the complete extent of our HubSpot access. Because our OAuth scope is limited to exactly that, we cannot access contacts, companies, emails, tickets, conversations, or any other HubSpot data. Your quote data is processed in real time and not retained beyond what compliance logging requires. The data we do hold is encrypted with per-portal derived keys and is never stored in plaintext.
Infrastructure
- EU-only serverless + managed DB
- AWS-based (eu-central-1, Frankfurt)
- SOC 2 Type 2 certified providers
- Region: Frankfurt
- TLS in transit
- AES-256 at rest
- Per-portal key derivation for selected fields
- Application data we control stored in EU (Frankfurt)
- Line items live in your HubSpot portal — HubSpot data flow, not specific to us
- Email delivery via Resend (EU servers in Ireland)
- No readable tokens stored
- No plaintext credentials
- Complete tenant isolation
Data flow
Your application data stays in the EU. A defined set of metadata transits providers outside the EU, each under EU Standard Contractual Clauses and documented in our DPA.
HubSpot permissions
During installation, we only request the permissions that are functionally required for the app to operate. Authentication is handled via OAuth 2.0 with the following minimum scopes. Expand any scope to see the exact fields we touch.
Data handling
Compliance
Subprocessors
We notify customers at least 30 days before adding a new subprocessor.
Interested in learning more?
Join the beta to stay informed on
product updates and the latest features.
Read the full Data Processing Agreement or the Technical and Organizational Measures (TOM). For further questions, reach out at legal@quotexelerator.com.