CRM Privacy Comparison: Who Owns Your Data?
Compare CRM data ownership and privacy across HubSpot, Salesforce, Attio, and DenchClaw. Find out who actually owns your contacts, deals, and pipeline data.
CRM Privacy Comparison: Who Owns Your Data?
Your CRM contains some of the most sensitive data your business has. Every contact, every conversation, every deal note, every relationship you've built over years — it all lives in that database. The question of who actually owns that data matters more than most people realize until it's too late.
When you sign up for a cloud CRM, you agree to a terms of service that determines what the vendor can do with your data. Most people don't read it. Here's what it actually says — across the major platforms — and what the alternative looks like.
What "Owning Your Data" Actually Means#
In contract law, data ownership in SaaS is murky. Most cloud CRM vendors are careful to say you retain rights to your data. But ownership is only one part of the picture. The more important questions:
- Where does the data live? Your server or theirs?
- Who can access it? Just you, or also the vendor's employees?
- Can they train AI models on it? Check the fine print.
- Can you export everything? Or does relational data get lost?
- What happens when you stop paying? Do they hold it hostage?
- What happens in a breach? Is your data part of the exposure?
Let's go platform by platform.
HubSpot#
What HubSpot's Terms Say#
HubSpot's Terms of Service state that customers retain ownership of their content and data. HubSpot claims a license to use your data to provide the service and to improve HubSpot's products and services.
That last clause — "improve products and services" — is the one that matters. HubSpot's privacy policy limits this primarily to aggregate, anonymized data for feature development. They do not claim the right to sell your individual contact records. The AI training question is addressed in their updated AI terms: HubSpot states they do not use customer data to train their public AI models unless you opt in.
In practice, HubSpot's data handling is responsible by enterprise SaaS standards. But the data still lives on their servers, processed by their infrastructure.
HubSpot Data Export#
HubSpot allows export of most data as CSV files. Contact exports, company exports, deal exports, activity logs — all exportable.
What you lose in export: the relational structure. A CSV of contacts doesn't tell you which contact is associated with which deal, which deal is associated with which company, and which email activity belongs to which contact. Reconstructing the full relational picture from HubSpot CSV exports is painful. HubSpot supports this via their API but not through the UI export.
HubSpot Breach History#
HubSpot experienced a significant data breach in March 2022. Over 30 companies' customer data was accessed by an attacker who compromised a HubSpot employee account. Customers in crypto and fintech had their contact data exposed. HubSpot notified affected customers, but the breach illustrates the structural risk of multi-tenant cloud CRM: one compromised employee account touches many customers' data.
HubSpot Data Score: 6/10 — Reasonable policies, responsible handling, but cloud-hosted with breach history.
Salesforce#
What Salesforce's Terms Say#
Salesforce's Master Subscription Agreement is clear: you own your data. Salesforce has no right to use your data except to provide the contracted services. They explicitly state they don't use customer data to train AI models without consent.
For Salesforce Einstein AI features specifically, models trained for your organization use your organization's data — it doesn't cross-train on other customers' data. Each Einstein model deployment is isolated.
This is one of Salesforce's genuine advantages over smaller cloud vendors: their enterprise-grade legal framework around data is battle-tested. Fortune 500 legal teams have reviewed these agreements.
Salesforce Data Export#
Salesforce provides data export via the Data Export Service — a scheduled weekly or monthly export of all your Salesforce data, including full relational structure. The export includes all objects, all fields, and the relationships between them.
In practice, Salesforce exports are XML-based and require technical handling. They're complete but not user-friendly. A non-technical admin will struggle to work with a Salesforce data export without help.
Salesforce Breach History#
Salesforce has not experienced a major breach of customer CRM data. There have been incidents involving misconfigured public sites (Community pages serving private data to unauthenticated users) and the MOVEit vulnerability in 2023 affected some Salesforce-adjacent services. But the core CRM data has a clean record.
Salesforce Data Score: 8/10 — Strong legal framework, isolated AI models, complete exports, good security record.
Attio#
What Attio's Terms Say#
Attio's privacy policy is modern and well-written. They're clear that you own your data, they don't sell it, and they use it only to provide the service. Their AI enrichment features use third-party data sources (like Clearbit) to add data to your records — data you'd otherwise need to source yourself.
The enrichment question raises an interesting privacy consideration: when Attio enriches a contact, it's sending that person's identifying information (name, company, email) to a third-party enrichment provider. You're consenting to this when you enable enrichment. Most users accept this tradeoff without thinking about it.
Attio Data Export#
Attio supports CSV export and API export. Like HubSpot, the CSV exports are flat — you lose the relational structure unless you use the API. Attio's API is well-documented and makes complete export feasible for technical users.
Attio Data Score: 7/10 — Responsible policies, but enrichment involves third-party data sharing.
Pipedrive#
Pipedrive is GDPR-compliant and SOC 2 certified. They're based in Estonia, which adds EU data protection requirements on top of standard SaaS terms. Their terms are clear: you own your data, they provide the service.
Pipedrive experienced a breach in 2022 where an unauthorized third party accessed some customer data through a compromised employee account. Similar structural risk to HubSpot's 2022 breach.
Pipedrive Data Score: 6.5/10 — Solid policies, European data protection advantage, breach history.
DenchClaw#
The Local-First Difference#
DenchClaw's privacy model is architecturally different from every cloud vendor: there is no vendor data storage to have a privacy policy about.
Your CRM data lives in DuckDB files on your filesystem. Those files are:
- Not transmitted to any server (except via explicit Dench Cloud sync, if you choose it)
- Not accessible to Dench employees (there's no server they'd access it on)
- Not subject to breach via a cloud vendor's infrastructure compromise
- Not subject to changes in vendor policy or terms of service
- Not at risk if the company goes bankrupt or pivots
The only data leaving your machine during DenchClaw use: LLM API calls (to Anthropic, OpenAI, or whatever model provider you configure). The content of those calls depends on what you're asking the AI to do — context about your CRM data is sent to the LLM when you use AI features. You can self-host models to eliminate even this.
The AI Training Question#
DenchClaw uses Anthropic's Claude API by default. Anthropic's API terms state they do not train models on API usage by default. You can opt into data sharing or configure DenchClaw to use a fully local model (like Ollama with Llama 3 or Mistral) if you want zero data egress.
Data Export and Migration#
DenchClaw's data is already yours — in standard DuckDB format that any DuckDB client can read. There's nothing to export because the data was never locked in. You can:
- Open
workspace.duckdbwith DuckDB CLI or any compatible tool - Query any data with standard SQL
- Copy the file freely
- Back it up with any backup system
- Migrate to a different tool by writing a SQL export
This is what real data portability looks like.
Comparing Privacy Side by Side#
| Platform | Data Location | AI Training | Export Quality | Breach Risk | Cost |
|---|---|---|---|---|---|
| HubSpot | HubSpot cloud | Opt-out | Partial (CSV) | Moderate | Paid |
| Salesforce | Salesforce cloud | Opt-in only | Complete (technical) | Low | Paid |
| Attio | Attio cloud | Not used | Partial (CSV/API) | Low | Paid |
| Pipedrive | Pipedrive cloud | Opt-out | Good | Moderate | Paid |
| DenchClaw | Your machine | Never (local data) | N/A (always yours) | None (no cloud) | Free |
GDPR, CCPA, and Compliance#
For businesses subject to GDPR (EU) or CCPA (California), the data processor relationship matters.
In cloud CRM: the vendor is a data processor. You're the controller. You need a Data Processing Agreement (DPA) with the vendor. You're responsible for their sub-processors (enrichment providers, AI providers, analytics tools). A breach at the vendor creates your compliance obligations.
In local-first CRM: the vendor isn't a data processor — they have no access to the data. You're both controller and processor. This simplifies compliance for most use cases but creates full responsibility for your own security practices.
The Real Risk You're Not Thinking About#
Beyond breaches and policies, there's a risk most CRM buyers ignore: vendor dependency.
If HubSpot raises prices by 40% next year, your options are: pay, or undertake a painful migration. If they discontinue a feature you rely on, you can't restore it. If they're acquired by a company with different privacy practices, your data goes with the deal.
With an open-source local-first CRM, none of this applies. You have the source code. You have the data. You can fork the project if the vendor disappears. You can contribute to it if the vendor's priorities diverge from yours.
This isn't a theoretical risk. Salesforce has sunset products. HubSpot has repriced features. Smaller CRM vendors have been acquired and shut down, taking customers' data with them.
Frequently Asked Questions#
Who legally owns my data in a cloud CRM?#
In most cloud CRM agreements, you retain ownership of your data. But "ownership" is less meaningful when the data lives on their servers. The more relevant questions are: can they access it, use it for AI training, and what happens if there's a breach?
Does HubSpot sell your data?#
HubSpot does not sell individual customer data to third parties. Their terms allow use of aggregated, anonymized data for product improvement. They explicitly state they do not use customer data to train public AI models.
Is Salesforce HIPAA compliant?#
Salesforce Health Cloud is HIPAA compliant with a Business Associate Agreement. Standard Salesforce CRM is not HIPAA compliant without the Healthcare-specific configuration. If you're handling Protected Health Information, this matters significantly.
What CRM has the best data privacy?#
For maximum data privacy, local-first CRM like DenchClaw is unmatched — your data never leaves your machine. Among cloud CRMs, Salesforce has the strongest legal framework and isolated AI training. HubSpot and Attio are responsible but not differentiated on privacy.
Can I migrate from a cloud CRM to DenchClaw?#
Yes. DenchClaw's browser agent can import from any cloud CRM you're already logged into. It navigates to your HubSpot or Salesforce export, downloads the data, maps fields to DenchClaw's schema, and loads it into DuckDB. API-based imports are also possible for users with API access.
Ready to try DenchClaw? Install in one command: npx denchclaw. Full setup guide →
