Overview
HubSpot's Customer Agent can intelligently access and update CRM data during customer conversations.
This guide shows you how to configure these capabilities securely and effectively, based on official HubSpot guidance.
Key Concepts
Property-Level Control
Customer Agent can be configured to access specific CRM properties with granular permissions.
Each property (like phone numbers, company names, or ticket status) can be individually set with view and/or edit permissions.
Two Security Levels
- Match Email
- Agent asks for the visitor's email address
- Confirms it matches the Contact record before proceeding
- Suitable for lower-risk data viewing
- Verify Email
- Agent sends a verification link to the contact's email
- Customer must click the link to verify identity
- Required for sensitive data or any data updates
Configuration Strategy: The Two-List Approach
HubSpot recommends organizing your CRM properties into two lists:
List 1: View-Only Properties (Context List)
These properties help the Agent personalise conversations but cannot be modified.
Examples:
- Subscription level/tier
- Last purchase date
- Company name
- Account status
- Ticket history
Purpose: Enables responses like "I see you're on our Premium plan" or "I notice you contacted us last week about billing"
List 2: Editable Properties (With Verification)
These properties can be viewed AND updated by the Agent, but only after email verification.
Examples:
- Phone number
- Shipping address
- Communication preferences
- Contact name
Purpose: Allows customers to self-serve updates while maintaining security
How It Works in Practice
Viewing Data (Read-Only)
Customer: "What's the status of my support ticket?"
Agent: "Hi Martin, I can see your last ticket is Open - P1. Would you like me to escalate?"
Updating Data (Requires Verification)
Customer: "I need to update my phone number"
Agent: "I can update your phone number. I'll just verify your email first." [sends verification link]
Customer: [clicks verification link]
Agent: "Thank you for verifying. What's your new phone number?"
Customer: "It's 555-0123"
Agent: "I've updated your phone number to 555-0123."
Sensitive Data (High Security)
Customer: "Can you tell me my billing address?"
Agent: "To share your billing address, I've sent a verification link to your email."
The Auditable Flow
When a customer requests a data update:
- Agent identifies the request - Recognizes which property needs updating
- System triggers verification - Automatically sends verification email
- Customer verifies identity - Clicks the verification link
- Agent updates the property - Makes the requested change
- System logs everything - Creates audit trail: who, when, what, how verified
Identity and Association
How Customer Identity Works
The Agent only accesses CRM data after identifying the visitor through:
- Email capture in the chat
- Tracked marketing/sales email clicks
- Existing browser cookies
Automatic Record Keeping
- All chat conversations are automatically associated with the Contact record
- Every property access and modification is logged
- Creates a complete audit trail for compliance and quality monitoring
Benefits of This Approach
Data Protection
- Sensitive data requires identity verification
- Can't modify data without proving identity
- Different security levels for different data types
Data Quality
- Customers can self-serve routine updates
- Reduces manual data entry errors
- Keeps CRM data current and accurate
Reporting and Insights
- Track which properties are accessed most
- Monitor verification success/failure rates
- Identify common update requests
- Measure self-service effectiveness
Step-by-Step Configuration
1. Access Settings
Service > Customer Agent > Manage > Knowledge > CRM data
2. Add Properties
- Click "Add CRM data"
- Select a CRM property
- Toggle "View property" for read access
- Toggle "Edit property" for update capability
- Choose verification level (Match or Verify email)
3. Add Instructions
For each property, add clear instructions telling the Agent:
- When to use this property
- How to handle customer requests
- Any restrictions or special considerations
Example instruction: "Only share billing address after verifying email; if the customer requests a change, update it and confirm back"
4. Save and Publish
Save your configuration and publish the Customer Agent to activate changes
Best Practices
Start Small
- Begin with 3-5 view-only properties
- Test thoroughly
- Gradually add more properties
- Only enable editing after mastering view-only
Property Selection
- Always View-Only: Payment details, internal scores, sensitive notes
- View with Match Email: Names, basic account info, non-sensitive history
- Edit with Verify Email: Contact details, addresses, preferences
- Never Include: Passwords, credit cards, SSNs, internal classifications
Clear Instructions
Write instructions that are:
- Specific about when to use the property
- Clear about verification requirements
- Explicit about what NOT to do
- Focused on customer experience
Regular Reviews
- Weekly: Check access logs and verification rates
- Monthly: Review which properties need adjustment
- Quarterly: Reassess the full configuration
Compliance Considerations
This configuration approach supports compliance with:
- ISO 42001 - AI management system requirements
- GDPR - Data protection and access controls
- SOC 2 - Security and availability principles
- Industry regulations - Appropriate data handling
The built-in audit trail provides evidence of:
- Who accessed what data
- When access occurred
- How identity was verified
- What changes were made
- Complete conversation context
Troubleshooting
Common Issues
Verification emails not arriving
- Check customer's spam folder
- Verify email address is correct
- Test with a different email domain
Agent sharing data without verification
- Review property configuration
- Check instruction clarity
- Ensure verification level is set correctly
High verification failure rate
- Consider lowering verification requirements for less sensitive data
- Improve Agent's email capture prompts
- Review if Match Email would suffice instead of Verify Email
Summary
HubSpot's CRM data feature for Customer Agent enables:
- Personalised service through controlled data access
- Secure self-service updates with verification
- Complete audit trails for compliance
- Improved data quality through customer validation
By following the two-list approach (view-only for context, editable with verification), you create a system that's both helpful to customers and secure for your business.
Based on official HubSpot Customer Agent documentation and support guidance. For the latest features and updates, consult HubSpot's official documentation.
Overview
HubSpot's Customer Agent can intelligently access and update CRM data during customer conversations.
This guide shows you how to configure these capabilities securely and effectively, based on official HubSpot guidance.
Key Concepts
Property-Level Control
Customer Agent can be configured to access specific CRM properties with granular permissions.
Each property (like phone numbers, company names, or ticket status) can be individually set with view and/or edit permissions.
Two Security Levels
- Match Email
- Agent asks for the visitor's email address
- Confirms it matches the Contact record before proceeding
- Suitable for lower-risk data viewing
- Verify Email
- Agent sends a verification link to the contact's email
- Customer must click the link to verify identity
- Required for sensitive data or any data updates
Configuration Strategy: The Two-List Approach
HubSpot recommends organizing your CRM properties into two lists:
List 1: View-Only Properties (Context List)
These properties help the Agent personalise conversations but cannot be modified.
Examples:
- Subscription level/tier
- Last purchase date
- Company name
- Account status
- Ticket history
Purpose: Enables responses like "I see you're on our Premium plan" or "I notice you contacted us last week about billing"
List 2: Editable Properties (With Verification)
These properties can be viewed AND updated by the Agent, but only after email verification.
Examples:
- Phone number
- Shipping address
- Communication preferences
- Contact name
Purpose: Allows customers to self-serve updates while maintaining security
How It Works in Practice
Viewing Data (Read-Only)
Customer: "What's the status of my support ticket?"
Agent: "Hi Martin, I can see your last ticket is Open - P1. Would you like me to escalate?"
Updating Data (Requires Verification)
Customer: "I need to update my phone number"
Agent: "I can update your phone number. I'll just verify your email first." [sends verification link]
Customer: [clicks verification link]
Agent: "Thank you for verifying. What's your new phone number?"
Customer: "It's 555-0123"
Agent: "I've updated your phone number to 555-0123."
Sensitive Data (High Security)
Customer: "Can you tell me my billing address?"
Agent: "To share your billing address, I've sent a verification link to your email."
The Auditable Flow
When a customer requests a data update:
- Agent identifies the request - Recognizes which property needs updating
- System triggers verification - Automatically sends verification email
- Customer verifies identity - Clicks the verification link
- Agent updates the property - Makes the requested change
- System logs everything - Creates audit trail: who, when, what, how verified
Identity and Association
How Customer Identity Works
The Agent only accesses CRM data after identifying the visitor through:
- Email capture in the chat
- Tracked marketing/sales email clicks
- Existing browser cookies
Automatic Record Keeping
- All chat conversations are automatically associated with the Contact record
- Every property access and modification is logged
- Creates a complete audit trail for compliance and quality monitoring
Benefits of This Approach
Data Protection
- Sensitive data requires identity verification
- Can't modify data without proving identity
- Different security levels for different data types
Data Quality
- Customers can self-serve routine updates
- Reduces manual data entry errors
- Keeps CRM data current and accurate
Reporting and Insights
- Track which properties are accessed most
- Monitor verification success/failure rates
- Identify common update requests
- Measure self-service effectiveness
Step-by-Step Configuration
1. Access Settings
Service > Customer Agent > Manage > Knowledge > CRM data
2. Add Properties
- Click "Add CRM data"
- Select a CRM property
- Toggle "View property" for read access
- Toggle "Edit property" for update capability
- Choose verification level (Match or Verify email)
3. Add Instructions
For each property, add clear instructions telling the Agent:
- When to use this property
- How to handle customer requests
- Any restrictions or special considerations
Example instruction: "Only share billing address after verifying email; if the customer requests a change, update it and confirm back"
4. Save and Publish
Save your configuration and publish the Customer Agent to activate changes
Best Practices
Start Small
- Begin with 3-5 view-only properties
- Test thoroughly
- Gradually add more properties
- Only enable editing after mastering view-only
Property Selection
- Always View-Only: Payment details, internal scores, sensitive notes
- View with Match Email: Names, basic account info, non-sensitive history
- Edit with Verify Email: Contact details, addresses, preferences
- Never Include: Passwords, credit cards, SSNs, internal classifications
Clear Instructions
Write instructions that are:
- Specific about when to use the property
- Clear about verification requirements
- Explicit about what NOT to do
- Focused on customer experience
Regular Reviews
- Weekly: Check access logs and verification rates
- Monthly: Review which properties need adjustment
- Quarterly: Reassess the full configuration
Compliance Considerations
This configuration approach supports compliance with:
- ISO 42001 - AI management system requirements
- GDPR - Data protection and access controls
- SOC 2 - Security and availability principles
- Industry regulations - Appropriate data handling
The built-in audit trail provides evidence of:
- Who accessed what data
- When access occurred
- How identity was verified
- What changes were made
- Complete conversation context
Troubleshooting
Common Issues
Verification emails not arriving
- Check customer's spam folder
- Verify email address is correct
- Test with a different email domain
Agent sharing data without verification
- Review property configuration
- Check instruction clarity
- Ensure verification level is set correctly
High verification failure rate
- Consider lowering verification requirements for less sensitive data
- Improve Agent's email capture prompts
- Review if Match Email would suffice instead of Verify Email
Summary
HubSpot's CRM data feature for Customer Agent enables:
- Personalised service through controlled data access
- Secure self-service updates with verification
- Complete audit trails for compliance
- Improved data quality through customer validation
By following the two-list approach (view-only for context, editable with verification), you create a system that's both helpful to customers and secure for your business.
Based on official HubSpot Customer Agent documentation and support guidance. For the latest features and updates, consult HubSpot's official documentation.
