Day 46 —Marketing System Cleanup

Today I bit off a big chunk of our remaining data risk: removing personal information from systems that shouldn’t be storing sensitive data.

Specifically from our main marketing platforms:

  • Hubspot
  • Typeform
  • Mailchimp

The theme of this week continues to be a lot of tedious, rote work — but I’m grateful to be cleaning up things now versus letting them pile up.


Removed contacts, companies, notes, and pipelines.


  • Hubspot is not HIPAA Compliant (i.e., they won’t sign a BAA).
  • It’s also really expensive — I pay $50 now and the price goes up to $250 as of March

For now, I transferred everything to a spreadsheet — eventually I’ll look at Salesforce but frankly I just can’t afford it and it has fairly limited value at this point.


I was really surprised to find out Typeform doesn’t have SOC2 compliance, especially after ALSO learning they had a data breach a couple years ago. While I really enjoy the tool, I simply do not want to take the risk with user’s data. So I decided to remove all surveys that reference PII. I’ll continue using it on a limited basis, but only for prototypes that don’t collect any identifiable information from people.

For example, here’s one of the early content prototypes I tested:

A Choose Your Own Adventure Training


Similar to Hubspot, Mailchimp does not have an option to sign a BAA and therefore is not HIPAA Compliant. I spent some time removing all references to PHI that I had been managing as tags and switched form collection fields from my website to be more generic.

Removing references to PHI in our data collection.

Now What?

I’m going to wait a few weeks to fully delete Hubspot to make sure I have everything I need.

Almost there!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store