Engagement Attachments of Confidential information

engagements

#1

According to this page it says you should not use file manager for sensitive files because they are uploaded to a publicly accessible CDN. However earlier in the docs it says that if you set hidden to true, you can use them only for attaching to engagements.

If I set hidden to true, does that put them somewhere other than the CDN so that I can attach sensitive information (like an invoice) to an engagement?

Thanks!

Carlos


#2

Hi @Carlos_Mostek,

Setting the hidden flag makes them inaccessible via public image links, but storing sensitive information may still violate our Privacy Policy (see below). I wouldn't expect that the hidden flag affects the requirements with respect to storing sensitive data:

https://legal.hubspot.com/privacy-policy


#3

I'm just concerned if anyone can access the information. The information in the invoices is all information that is already stored in hubspot such as company name, email address, and deal totals. All of that info is already in hubspot, so I hope it doesn't violate your privacy policy :). As long as hidden does not put it on a public CDN I'm guessing we are okay, I just wanted to confirm there isn't some other unauthenticated way to get at the data I'm uploading. This should be security through authentication, not obscurity.

Basically, they are sensitive from a public standpoint, but not from a internal company relationship standpoint. I just want to attach an invoice to an email.


#4

Hi @Carlos_Mostek,

I understand; thanks for the clarification! I just wanted to make sure to mention that since I wasn't sure exactly what info was in the invoices you mentioned. Files with the hidden flag set to true are only accessible by users logged into HubSpot, with a single exception: If a logged in user is viewing the image in-app, and then clicks the 'View' button, HubSpot will generate a public image URL with authentication details in the URL as query parameters, as well as an expires parameter.

This link is essentially a temporary public URL, and can be shared until it expires. This means that if a user were to generate this link and share it, anyone could view the file until the link expired. If that level of access is alright with you, then you should be all set to use hidden files.


#5

That sounds great, thanks!