HubSpot has scrapped a plan to use its customers' data for a new AI feature just four days after announcing it. The CRM firm changed its terms on July 1 to pool customer data, including contact and employer details, for a tool that finds sales leads, as reported by The Information.
It opted users in by default. The backlash came at once. The objection was less about AI than about consent. Customers argued that the data they had built up in HubSpot belonged to them, not to the company to share around. HubSpot set the default to opt-out. It enrolled everyone unless they hunted down a toggle. That turned a product tweak into a trust problem.
A four-day retreat
The revolt played out mostly on LinkedIn, where sales leaders and RevOps teams piled in. Some said they would switch providers. Within days HubSpot folded. Chief product and technology officer Duncan Lennox apologized and called the change ''a mistake.'' He said HubSpot would not implement the new terms, and that any future use of customer data would be opt-in. The plan, in short, is dead.
The bigger nerve it hit
The speed of the climbdown says as much as the policy. Software firms are racing to bolt AI onto their products, and customer data is the obvious fuel. HubSpot is not the first to get burned. Slack drew fire in 2024, and Zoom in 2023, over terms that let them train AI on customer data. What stung this time is that CRM data is a company's competitive asset, not just its files.
It also shows where power sits. In an era when a business can rebuild a workflow with cheap AI tools, big software vendors have less room to dictate terms. Annoy the customer base and it has more exits than it used to.
Why it matters
The episode is small, but it is a marker. Every SaaS company is weighing how to feed its AI without spooking the people who pay for it. HubSpot just ran the experiment in public, and learned that ''opt-out'' is now a fighting word.
To fully understand the implications, we need to examine the broader context of AI data usage in enterprise software. HubSpot, a leading provider of customer relationship management tools, has long been a trusted repository for sales data, marketing interactions, and customer histories. The proposed change struck at the heart of that trust. By assuming consent rather than requesting it, HubSpot effectively told its users that their proprietary data—built over years of effort—could be leveraged for other customers' benefit under the guise of AI-driven lead generation.
The backlash was swift and loud. On LinkedIn, sales professionals and revenue operations teams aired grievances, shared screenshots of the new terms, and warned peers about the hidden toggle. Many highlighted that finding the opt-out option required navigating multiple layers of settings, a practice decried as dark pattern design. This sentiment was particularly strong among small and medium businesses that rely on HubSpot as a central source of truth for their sales processes. For them, the data wasn't just numbers; it was the lifeblood of their competitive advantage.
The speed of the reversal—four days—is remarkable by any standard. Typically, corporate policy changes undergo months of internal review. That HubSpot could pivot so quickly suggests that the internal data had likely already triggered alarms. Perhaps executives saw an exodus of early adopters or a surge in support tickets. Whatever the trigger, the message was clear: customers will not tolerate silent data grabs, even for promising AI applications.
This incident echoes similar controversies at other tech giants. In 2023, Zoom revised its terms of service after users realized that the company could use call recordings to train AI models. The backlash forced Zoom to clarify that it would not use audio or video content without consent. In 2024, Slack faced scrutiny when it announced that public channels and uploaded files could be used for training its machine learning tools. Both companies ultimately backed down or clarified policies, but the pattern is telling: customers are increasingly privacy-conscious and unwilling to accept vague language that permits broad data usage.
What makes HubSpot's case unique is the nature of CRM data. Unlike general productivity files or communication logs, CRM data often contains explicit sales strategies, customer personas, and deal rationale. Handing that over to an AI tool that might serve a competitor in the same platform introduces a real risk of data leakage, even if anonymized. The business value of such data is immense, and customers have every right to control it.
The episode also highlights a generational shift in power dynamics between software vendors and their users. In the past, switching costs were high—migrating a CRM meant exporting millions of records, retraining staff, and reintegrating tools. But with the rise of competitive platforms offering similar features and simpler migration tools, customers have more leverage. They now demand respect for their data boundaries as a condition of loyalty. HubSpot's climbdown is a testament to this newfound bargaining power.
Moving forward, the debate around AI and customer data is far from settled. Regulators in Europe and increasingly in the US are drafting laws that require explicit opt-in consent for data processing in AI training. The Federal Trade Commission has signaled its intention to clamp down on deceptive data practices. HubSpot's misstep may come under scrutiny, but the company's quick reversal might mitigate regulatory risk. Still, the message to the industry is unmistakable: AI strategies must be built on trust, not extraction.
As more SaaS companies integrate AI features, they will need to adopt transparent defaults, clear communication, and real opt-in processes. The HubSpot case serves as a case study in how not to roll out such capabilities. The lesson is simple: when given the choice between a seamless product and respecting user autonomy, the latter must win. Otherwise, the revolt will come faster than the AI can learn.