A business funding company — merchant cash advances, lines of credit, SBA loans — with a lead database that spans fresh inbound applications, aged lists sitting dormant for 12 months, funded clients eligible for renewal, and everything in between. One pipeline. Six distinct contact stages. A custom Salesforce CRM as the system of record. And a HubSpot Marketing Hub that needed to read all of it, automate on all of it, and never — under any circumstance — send a message to a contact that Salesforce had flagged as suppressed, DNC, or litigator-listed.
The client operates in one of the highest-litigation marketing environments in the United States. Merchant cash advance and business lending sit directly in the crosshairs of TCPA class action attorneys. A single SMS to a contact without verified express written consent is a $1,500 exposure. Do that at scale and you are not running a marketing programme — you are funding a lawsuit. The compliance architecture was not a nice-to-have. It was the first thing built and the last thing audited before anything sent.
The brief was to build the full HubSpot Marketing layer on top of their custom Salesforce CRM — 16 active list segments, 12 automated workflows spanning the entire funding lifecycle, a complete TCPA and CAN-SPAM compliance architecture, email deliverability infrastructure, landing pages, dashboards, and the full HubSpot side of the Salesforce sync. The company is anonymised here. The architecture is not.
In business lending, the marketing stack is not just a revenue system. It is a legal exposure surface. Build the compliance architecture first. Build the suppression sync first. Then build the automations on top of a foundation you would be comfortable showing to a plaintiff's attorney. Arsalan Faysal — Revenue Systems Architect
The Architecture Decision: Two Systems, One Truth
Before a single workflow was designed, the foundational architecture question had to be answered: which system owns what?
Get this wrong and you end up with two systems that both think they are in charge of different things. Consent written to HubSpot but not Salesforce. Suppression flags that live in Salesforce but take 24 hours to reach HubSpot. A contact marked DNC in the CRM who receives a nurture email because the sync was delayed. In business lending, that delay is a legal event.
The answer was unambiguous. Salesforce owns everything that matters legally and commercially. HubSpot reads it, automates on it, and writes back only what it uniquely produces.
| Data domain | System of record | Direction | Notes |
|---|---|---|---|
| Contact identity, name, phone, address | Salesforce | SF → HubSpot | HubSpot reads only. Never authors these fields. |
| Funding pipeline and deal stage | Salesforce | SF → HubSpot | Drives every marketing trigger. HubSpot mirrors read-only. |
| Financials — amount funded, balance, % paid-down | Salesforce | SF → HubSpot | Calculated in Salesforce. Synced into HubSpot to trigger the renewal engine. |
| Consent — email opt-in, SMS opt-in, timestamp, source | Salesforce | SF → HubSpot | Authoritative legal record. Captured at form and CRM. HubSpot reads it, never overwrites it. |
| Suppression, DNC, litigator flags | Salesforce | SF → HubSpot (near-real-time) | Hard gate. HubSpot must never send to a contact suppressed here. Sync SLA is compliance-critical. |
| Email and SMS engagement — opens, clicks, sends | HubSpot | HubSpot → SF | Synced back so reps see full engagement history on the CRM record. |
| Marketing unsubscribes and hard bounces | HubSpot (capture) → Salesforce | HubSpot → SF (near-real-time) | An unsubscribe in HubSpot must immediately set suppression in Salesforce so reps cannot re-add the contact. |
| Lead score | HubSpot (computed) | HubSpot → SF | Computed in HubSpot, synced back so sales sees hot leads without logging into the marketing platform. |
The identity key across both systems is email address. One Salesforce record maps to exactly one HubSpot contact. No forking. No duplicate sync paths. Conflict resolution is simple: the system of record for that field wins, always.
This architecture sounds obvious. It is not how most dual-platform builds actually get configured — because it requires discipline at every point in the build to resist the temptation to author a field in the wrong system. One slip and you have a consent record that disagrees with itself across two databases. In a TCPA audit, that is the kind of inconsistency that costs money.
Phase 1: Compliance — Built Before the First Send
Nothing goes live until this layer is airtight. Every workflow, every send, every SMS path runs on top of this foundation. If the foundation is wrong, the sends are wrong — and in this space, wrong sends are not a deliverability problem. They are a legal problem.
Three legal frameworks govern different parts of the marketing stack.
Suppression — The Hard Gate
The suppression architecture is the single most important configuration in the build. One source of truth: Salesforce. Any contact carrying a suppression flag, DNC flag, litigator flag, or hard bounce in Salesforce is permanently excluded from all HubSpot sends. Not excluded by default. Not excluded unless manually overridden. Excluded as a hard condition on every single workflow and broadcast send.
The sync SLA for suppression is near-real-time. A contact flagged as DNC in Salesforce at 2pm cannot receive a HubSpot email at 2:05pm. The integration was tested with a dedicated test record — suppressed in Salesforce, confirmed excluded in HubSpot workflow membership — before a single production send went out.
The reverse path is equally critical. An unsubscribe captured in HubSpot writes back to Salesforce near-real-time. A hard bounce in HubSpot sets a suppression flag in Salesforce. A sales rep cannot manually re-add a contact that the marketing system has flagged — because the suppression lives in the system of record, not just in the marketing tool.
Purchased and Aged Data — Highest Risk Tier
The client's database included aged leads — contacts who had expressed interest anywhere from 14 days to 12 months prior. Some of that data was purchased. All of it required specific handling before it could be touched.
The rule: purchased and aged data is treated as email-only unless written TCPA consent for SMS is provable. Not assumed. Not inferred from a checkbox on a third-party form. Provable — with timestamp, IP, and the exact disclosure language the contact saw when they consented. Any aged contact past 90 days with unclear or expired consent was routed into the re-permission workflow before any outreach of any kind.
List validation ran on all imported aged data before activation. Email validation to remove bounces, syntax errors, and role addresses before they hit the sending infrastructure. Cleaning bad data before it enters the platform protects deliverability. Cleaning it before it enters the consent architecture protects the company.
Email Deliverability Infrastructure
Deliverability is built before the first send — not diagnosed after the first campaign lands in spam. The setup: SPF, DKIM, and DMARC authenticated on the sending domain. Dedicated sending subdomain separate from the root domain, so a deliverability incident does not take down transactional email. Warm-up schedule over two to four weeks, starting at low volume and ramping against a clean engaged segment. Google Postmaster Tools connected for domain reputation monitoring throughout the warm-up and beyond.
Mail-tester score of 9/10 or above and MXToolbox green across all checks were the acceptance criteria before any production sends were released.
Phase 2: The Data Layer — 16 Segments, Two Axes
Segmentation in a funding business runs on two axes simultaneously. Status — where the contact is in the funding lifecycle. And age — how long an unfunded lead has been in the database. Every automation in the build fires on a combination of these two axes.
The status axis mirrors the Salesforce deal pipeline: Live → Contacted → Application Started → Offer Sent → Funded → Renewal Eligible → Paid Off — plus Denied, Unqualified, and Cold. Salesforce owns these stages. HubSpot reads them.
The age axis applies only to unfunded leads and runs from 0–14 days through 12 months and beyond. Six age tiers. Each one gets its own nurture workflow with its own angle and cadence — because a 14-day aged lead who almost applied needs a completely different conversation than a 12-month aged lead who has been dormant for a year.
| # | Dataset (HubSpot Active List) | Filter logic | Automation(s) |
|---|---|---|---|
| 1 | Live Leads | lead_entered_date ≤ 14 days, not funded, lifecycle Lead/MQL | WF-1 Speed-to-Lead, WF-2 Welcome |
| 2 | 14-Day Aged | days_since_entry 14–30, not funded, no completed application | WF-5 Aged Nurture (Tier 1) |
| 3 | 30-Day Aged | days_since_entry 30–60, not funded | WF-5 Aged Nurture (Tier 2) |
| 4 | 60-Day Aged | days_since_entry 60–90, not funded | WF-5 Aged Nurture (Tier 3) |
| 5 | 90-Day Aged | days_since_entry 90–180, not funded | WF-5 Aged Nurture (Tier 4) |
| 6 | 6-Month Aged | days_since_entry 180–365, not funded | WF-5 (Tier 5) + WF-6 Re-permission |
| 7 | 12-Month+ Aged | days_since_entry > 365, not funded | WF-6 Reactivation / Re-permission |
| 8 | Application Started — Not Finished | Partial form submission AND no completed application on record | WF-3 Abandonment Recovery |
| 9 | Offer Sent — No Decision | synced deal stage = Offer Sent, no movement > 3 days | WF-4 Offer Follow-Up |
| 10 | Funded — Active | funded = yes, percent_paid_down < 50% | WF-7 Post-Funding Onboarding, WF-10 Review |
| 11 | Renewal Eligible | funded, percent_paid_down ≥ 50% (or ≥ 6 months), no active renewal deal | WF-8 Renewal Engine |
| 12 | Paid Off — No Renewal Yet | percent_paid_down ≥ 100%, funding count unchanged | WF-8 Win-Back |
| 13 | Denied / Declined | synced loss reason = denied | WF-9 Soft Landing |
| 14 | Unqualified | qualified = no | WF-9 Soft Landing |
| 15 | Re-permission Needed | aged > 90 days, consent unclear or expired | WF-6 Re-permission |
| 16 | Global Suppression | unsubscribed OR DNC OR hard-bounce OR litigator flag (synced from Salesforce) | Hard excluded from every workflow and every send. No exceptions. |
Every list is an Active List — it auto-populates and auto-exits based on live synced data. A contact who gets funded moves out of every aged list automatically. A contact who pays off 50% of their balance enters the Renewal Eligible list without anyone touching it. The segmentation is not a static import. It is a live reflection of the Salesforce data state at any given moment.
Phase 3: Twelve Workflows Across the Full Funding Lifecycle
Twelve automations. Each one maps to a specific dataset, a specific stage of the funding relationship, and a specific commercial objective. None of them overlap in contact eligibility. A contact cannot be in the 14-day nurture and the offer follow-up sequence simultaneously. The enrollment logic and suppression architecture prevent it.
The Live Lead Engine
WF-1: Speed-to-Lead and Hot Lead Alert. This is the highest-priority workflow in the build. A new lead arrives in Salesforce — synced to HubSpot in near-real-time — and within two minutes, the assigned sales specialist has received an SMS alert, a Slack notification, and a task. Within five minutes, the lead receives an email: their specialist is calling them now. If SMS consent is verified, they receive a text at the same moment.
The KPI for this workflow is first contact in under five minutes. In business funding, speed-to-lead is not a best practice. It is a competitive advantage. The lead who submitted three applications in the last hour is going to speak to whoever reaches them first.
WF-2: Welcome and Inquiry Nurture. Ten days. Five emails. Starts with a warm welcome and runs through social proof, differentiators, an application prompt, and a direct specialist introduction. Any reply or engagement signal pulls the contact out of the automated sequence and routes them to the sales team immediately. The automation serves the human conversation — it does not replace it.
The Recovery Workflows
WF-3: Application Abandonment Recovery. Triggered when a partial form submission is captured but no completed application exists. Five days. Deep-link back to the exact point they stopped. Objection handling. Urgency. Then a rep handoff. The partial-submission capture was a specific technical configuration — HubSpot form built to record progress on the application page, not just on completion. Without this, the abandonment trigger does not fire and the workflow cannot exist.
WF-4: Offer Sent — No Decision. Triggered when the Salesforce deal stage is Offer Sent and no acceptance has been recorded after 24 to 72 hours. Offer summary. Terms objection handling. A deadline — "this offer is valid until {date}." A rep task at the end. Then a final touch. This workflow runs entirely on synced deal stage data from Salesforce. HubSpot does not own the stage. It reads the stage and acts on the trigger.
The Aged Nurture System
WF-5: Tiered Aged Nurture. Six separate workflows. Not six email sequences inside one workflow — six distinct automations, each with its own angle, its own cadence, and its own contact eligibility. A contact graduates automatically from tier to tier as their days_since_entry increases. An engaged contact at any tier is pulled back to sales without completing the sequence.
| Tier | Dataset | Angle | What changes |
|---|---|---|---|
| 14-Day | #2 | Re-open. Low friction. | Recency is still on your side. Minimal pressure. Easy next step. |
| 30-Day | #3 | New reason to act. | Something has changed — a product update, a rate window, a market condition. Give them a reason that was not there before. |
| 60-Day | #4 | Education plus seasonal relevance. | Shift from selling to helping. Business education. Seasonal or industry angle. |
| 90-Day | #5 | Lower pressure with branching logic. | Engagement branch: opens route to nurture; non-openers route toward WF-11 sunset evaluation. |
| 6-Month | #6 | Monthly value plus quarterly offer. | Long-cycle relationship maintenance. Content-first. Offer surfaced once per quarter, not every email. |
| 12-Month+ | #7 | Quarterly win-back. | Routes directly to WF-6 re-permission before any email. Consent verification first. Outreach second. |
WF-6: Cold Reactivation and Re-permission. One question: are you still interested? Yes refreshes consent — writes the updated consent and timestamp back to Salesforce as the authoritative record — and routes the contact to sales. No response or explicit no triggers suppression. This workflow is the gate that aged data must pass through before being touched. It is also the workflow that makes CASL compliance possible at the 12-month tier, where implied consent has expired.
The Funded Client Lifecycle
WF-7: Post-Funding Onboarding and Check-In. Day zero is a congratulations with clear expectations. Day three is a satisfaction check — and the response to that check feeds into WF-10. Day 14 and day 30 are relationship check-ins. This workflow sets up every downstream revenue conversation: renewal, review, referral. Get the post-funding experience wrong and none of those work.
WF-8: The Renewal Engine. This is the highest revenue workflow in the build. The trigger is a single synced field: percent_paid_down crossing 50% in Salesforce. When that threshold is hit, HubSpot enrolls the contact in the renewal cadence and simultaneously creates a renewal opportunity and a rep task in Salesforce — either directly via the native connector or via a Salesforce flow triggered by a flag, depending on whether the custom object model requires middleware.
The renewal message at 50% paid-down is not a sales pitch. It is a pre-qualification notification: you have earned more capital. The message gets stronger at 65–75%. At payoff it becomes urgency: do not go a day without working capital. For contacts who have paid off without renewing, the win-back sequence fires. Every step has an SMS variant if consent is verified.
Renewal rate and time-to-renew are the primary KPIs for this workflow. In merchant cash advance, a funded client who renews is worth multiples of a new acquisition. This is the workflow that protects that revenue.
The Supporting Workflows
WF-9: Denied and Unqualified Soft Landing. A denied contact who gets a hard no with no follow-up is a missed long-cycle opportunity. The soft landing gives them a path: here is why you did not qualify, here is what changes that, here is when to re-apply. Cross-sell to eligible products where the qualification bar is different. Set a future re-evaluation date. The contact is not gone — they are on a longer timeline.
WF-10: Sentiment-Gated Review Collection. Timed for three to seven days after funds land, triggered by a positive signal from WF-7. Sentiment gate: a happy reaction routes to a public Google or Trustpilot review link. A neutral or unhappy reaction routes to a private feedback form and triggers a manager alert. No incentivised reviews. No routing unhappy clients to public platforms. The sentiment gate protects the public review profile while surfacing internal issues before they become public ones.
WF-11: Sunset — Non-Engagers. A contact who has not opened or clicked anything in 90 to 120 days gets one question: do you still want our emails? No response means suppress. This workflow is deliverability maintenance. Carrying non-engaged contacts on an active send list degrades domain reputation. The sunset workflow removes them cleanly and protects the deliverability of every other workflow in the stack.
WF-12: Referral Request. Triggered by a happy sentiment signal in WF-10. One ask: refer a business owner you know. Tied to the referral programme page. The referral workflow only fires after a verified positive experience — because a referral ask to a lukewarm client is worse than no ask at all.
Phase 4: The Salesforce Sync — Speed and Reliability
The sync is not a background detail. It is the infrastructure every automation depends on. If the sync is slow, WF-1 cannot fire within five minutes of lead creation. If the suppression sync is unreliable, a DNC contact receives an email. If the percent_paid_down sync runs daily instead of near-real-time, the renewal trigger fires a day late on a contact who was ready to be called yesterday.
Sync timing requirements were designed around the business consequences of failure — not around what was technically convenient.
| Data | Direction | Frequency / SLA | Why this timing |
|---|---|---|---|
| New lead creation | SF → HubSpot | Near-real-time | WF-1 speed-to-lead SLA is under five minutes. A sync delay kills that KPI. |
| Deal stage changes | SF → HubSpot | Near-real-time / few minutes | Offer Sent triggers WF-4. Funded triggers WF-7. Delays mean the wrong workflow fires at the wrong moment. |
| Consent and suppression changes | SF → HubSpot | Near-real-time | Compliance-critical. A suppression change that takes an hour to reach HubSpot is a legal exposure window. |
| Unsubscribes and hard bounces | HubSpot → SF | Near-real-time | A rep must not be able to re-add a contact who unsubscribed. The suppression has to land in Salesforce before the rep's next session. |
| % paid-down (renewal trigger) | SF → HubSpot | Daily | The renewal engine is not time-critical to the minute. Daily sync is sufficient and reduces connector load. |
| Engagement and lead score | HubSpot → SF | Periodic (hourly) | Rep visibility into engagement history. Hourly is sufficient for sales workflow purposes. |
The connector choice — native HubSpot–Salesforce integration versus middleware such as Workato or Tray.io — depended on one decision point: whether the renewal engine needed to create a renewal deal directly in Salesforce against a custom object. If the Salesforce data model uses a custom Funding Deal or Renewal object, the native connector typically cannot write to it. Middleware is required. That architectural decision had to be made and documented before the HubSpot build began — because it determines how the WF-8 write-back is configured.
Error handling was built into the sync specification: failed records surface in an error log rather than silently dropping. Retry logic for transient failures. A reconciliation check the client can run to confirm record counts match across both systems within tolerance. Zero unresolved sync errors at handoff was a hard acceptance criterion — not a target.
Phase 5: Reporting — Closed-Loop Back to Salesforce
Seven dashboards. Each one built around a decision, not a metric. The reporting layer closes the loop between the HubSpot engagement activity and the Salesforce revenue data — so the commercial question of whether the marketing automation is generating funded deals and renewals can be answered without exporting data from two systems and manually joining it in a spreadsheet.
| Dashboard | Primary decision it drives |
|---|---|
| Funnel by Dataset | Where in the lifecycle are contacts converting and where are they stalling? Split by age bucket and status to show the full funnel in one view. |
| Speed-to-Lead SLA | Is WF-1 firing within the five-minute KPI? What percentage of new leads are being contacted within SLA? Where are the delays? |
| Renewal Metrics | Renewal rate, renewal revenue, and time-to-renew. The commercial health of the funded client base at a glance. |
| Aged Lead Revival by Tier | Which aged tier is reactivating the highest percentage of contacts? Where is the nurture working and where is it not generating pipeline? |
| Deliverability | Domain reputation via Google Postmaster Tools. Bounce rate, complaint rate, and inbox placement. The warning system for deliverability problems before they become unrecoverable. |
| Review Velocity | How many reviews are being collected? What is the sentiment split? Are unhappy clients being caught before they reach public platforms? |
| Compliance Audit | Consent coverage across the database. Suppression list growth. DNC scrub history. The audit trail that matters if a TCPA question is ever raised. |
The compliance audit dashboard is not standard. Most HubSpot builds do not include one. In a business lending context, it is the most important dashboard in the stack — because the question of whether a suppressed contact was ever emailed needs to be answerable in under sixty seconds, not reconstructed from log files over three days.
Three Things This Build Makes Obvious
Every build like this surfaces the same hard truths. Worth stating plainly for any funding company, lending platform, or finance-adjacent business considering a similar project.
The suppression sync is not an IT concern. It is a legal concern. Most clients treat the suppression architecture as a technical detail to be sorted out during the integration phase. It is not. It is the first conversation, before any other configuration decision is made. Who owns the suppression record? How fast does a change in one system reach the other? What happens to an in-flight send if a suppression flag fires mid-delivery? These questions need answers before the first workflow is designed, not after the first campaign sends.
Aged data is an asset with a liability attached. A 12-month-old lead database is not worthless — it is a list of people who expressed interest in business funding at some point in the past year. Some of them still need capital right now. But touching that database without a verified consent and re-permission layer in place is how TCPA litigation starts. The re-permission workflow is not overhead. It is the mechanism that converts a legal liability into a marketable asset.
The renewal engine is the highest-ROI workflow in the stack. Not the speed-to-lead alert. Not the aged nurture. The renewal engine. A funded client who renews costs a fraction of what it costs to acquire a new client. The percent_paid_down trigger is the signal. Most businesses know this conceptually. Very few have an automated system that catches it, fires within 24 hours of the threshold being crossed, creates the deal in the CRM, and sends the rep a task — without a human having to check a report and make a call. That gap between knowing and building is where renewal revenue disappears.
If Your Funding Operation Looks Like This
A HubSpot account that was set up for generic B2B and never rebuilt for a lending motion. Aged leads sitting in a spreadsheet because nobody is confident touching them without a compliance layer in place. A Salesforce CRM that knows when a client hits 50% paid-down but cannot automatically do anything about it. Speed-to-lead measured in hours, not minutes. Renewal conversations that depend on a rep remembering to check a report.
This is not a software problem. HubSpot can do everything described in this build. Salesforce can power every trigger. The problem is that nobody has sat down and designed the architecture that connects them — defined the system of record boundaries, mapped the sync timing requirements, sequenced the compliance layer before the sends, and built the workflows around the actual funding lifecycle rather than a generic nurture template.
I build HubSpot marketing infrastructure for lending companies, funding platforms, and finance-adjacent businesses running complex multi-stage lead lifecycles on Salesforce. The engagement starts with a fixed-price architecture sprint: a complete written build specification, compliance framework, workflow map, sync design, and phased implementation roadmap before a single workflow is configured.
Book a Marketing Architecture Session
30 minutes. We map your current stack, your lead lifecycle, your compliance exposure, and your Salesforce integration state. You walk away with a plain-English assessment and a clear recommendation — whether or not you engage us to build it.