HubSpot Agent Permission Checklist
Use this checklist before a HubSpot MCP integration, AI assistant, or custom CRM agent reads customer data or writes to records. It is built for implementation reviews, client handoffs, and internal launch approvals.
Review rule
Do not grant broad CRM access because an agent demo works once. Approve the minimum object, property, and action set for one workflow, then expand after audit logs prove the agent behaves predictably.
1. Integration identity
- Owner and business sponsor are named.
- Integration type is marked as private, single-customer, or commercial multi-customer.
- Connected agent surface is named: Claude, ChatGPT, Gemini, Copilot, custom MCP client, or internal worker.
- Fallback owner is named for failed syncs, bad writes, or customer questions.
2. Data access
- Every readable object is listed: contacts, companies, deals, tickets, conversations, activities, or custom objects.
- Sensitive properties are excluded unless required for the workflow.
- Customer data ownership is documented in the integration notes.
- Raw CRM data is not copied into long-lived model logs.
3. Agent actions
- Every write action is listed separately from every read action.
- Deletes, merges, deal-stage changes, workflow enrollments, and outbound emails require approval.
- The agent can explain why it proposes each write before execution.
- Rollback steps are documented for the top three failure modes.
4. AI and terms review
- Agentic and MCP-based access is reviewed under HubSpot Developer Terms.
- HubSpot API data is not used to train, fine-tune, or improve AI models unless a permitted exception applies.
- Retention period is defined for prompts, responses, logs, and exported records.
- The customer can disconnect access without losing their HubSpot data.
Risk table
| Risk | Bad pattern | Safer pattern |
|---|---|---|
| Overbroad scopes | Agent gets full CRM access for a narrow task. | Grant only required objects and properties. |
| Silent writes | Agent changes deals or sends emails without a review step. | Queue proposed writes and require approval for high-risk actions. |
| Training leakage | CRM data is retained to improve a shared AI model. | Separate single-customer processing from model improvement. |
| No rollback | Bad updates require manual database archaeology. | Log record IDs, property changes, actor, timestamp, and rollback owner. |
Copy block
HubSpot Agent Permission Review Integration owner: Business sponsor: Agent surface: Integration type: Readable objects: Writable properties: Write actions: Actions requiring human approval: Audit log destination: Rollback owner: Data retention period: AI/model training use: Developer terms reviewer: Launch decision: Approved / Blocked / Needs changes