Zapier is committed to protecting your data and privacy rights. This page provides information about Zapier’s data privacy practices and the choices that you have regarding the data processed by Zapier when you use your Zapier account.
Data privacy at Zapier
Last updated:Privacy Compliance at Zapier
Zapier has ongoing processes to ensure the protection of your data and privacy rights:
Legal Review
Zapier works with legal and other professional counsel to understand its role under both current and proposed data privacy laws and regulations. Zapier regularly reviews and periodically updates its Privacy Policy, Data Processing Addendum, and Terms of Service to ensure ongoing compliance.
Internal Data Audits
Zapier periodically reviews the types of the data that it collects, the reasons for collecting that data, and when Zapier personnel might need to access it.
Vendor Audits
Zapier audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign all relevant Data Processing Addendums.
Communications
Zapier documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the updates blog. Zapier also maintains a Data Privacy & Security FAQ page that may be useful to review.
Ongoing Process Changes
Zapier continues to refine processes for how it performs customer support, builds products, and handles data, This includes internal documentation, training, and other processes.
Customer Data
For Zap Content (content transferred in and out of Zaps in your Zapier account), you, the customer, are considered the “data controller” of that data from a privacy perspective.
In turn, Zapier is the “data processor” responsible for safeguarding Zap Content as it flows through Zapier’s systems. Zapier’s security measures are described in Zapier’s Security and Compliance page.
As data controller, you are responsible for safeguarding Zap Content as you interact directly with services integrated with Zapier. You should configure your Zaps and integrations to not trigger or work with users' data without proper consent.
Read more about your role and Zapier’s role in privacy compliance.
Data Processing Addendum
Because Zapier’s Terms of Service incorporates a Data Processing Addendum (“DPA”), you do not need to sign a separate copy. This DPA (and the accompanying Standard Contractual Clauses) contain legal terms that apply to personal information that may be contained in customer data.
If you need a standalone copy of Zapier’s DPA for your records or other compliance purposes, you can:
- Download a PDF copy of the DPA. Do not sign or return this copy to Zapier.
- Generate an electronically signed copy of the DPA. You will receive two emails, both from HelloSign (noreply@mail.hellosign.com):
- The first will be a request to sign with the subject: “Signature requested”
- Once you sign and agree to the DPA terms, you will receive a second email with the subject: “You just signed” that contains a fully signed PDF copy of the DPA.
- If you have any trouble receiving these messages, check your spam folder, wait at least five minutes for each email to arrive, and ensure you clicked the final “Agree” button after signing in HelloSign.
Data Retention/Deletion
Below is information on Zapier’s data retention/deletion practices (last updated: September 30, 2021):
Storage location | Retention period | |
---|---|---|
Zap content (content transferred in and out of your Zaps) | USA | - 7 days in logs. - 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account. - Up to 4 months in backup. - Zap Content transferred when you test a Zap is stored until you delete the Zap. Once you have deleted the Zap, the Zap Content will then be subject to the other retention periods above. |
Zap history (metadata about the Zap, like the name of the Zap, dates and times of the Zap run, and the Zap status) | USA | - 7 days in logs. - 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account. - Up to 4 months in backup. - Zap History is stored in Zapier’s non-production database for internal Zapier product analytics purposes. |
Deletion & Export Options
Deletion options
These options describe how to manually delete data from your account. Otherwise, data is deleted from logs and backups based on the standard retention periods described above.
- Delete your account
- Delete data in your account
- Delete a specific Zap
- Delete specific Zap Content and Zap History
Export options
These options describe how to manually export data from your account.
Subprocessors
Zapier engages with subprocesses to provide services to customers. This includes both third-party companies and Zapier affiliates. These subprocessors may receive access to customer data and may assist Zapier with processing it (last updated: January 25, 2022):
Third-Party Subprocessors
Name | Nature of Processing | Security and Privacy Information | Location |
---|---|---|---|
Amazon Web Services, Inc. (AWS) | Third party hosting provider | https://aws.amazon.com/security/, https://aws.amazon.com/compliance/data-privacy-faq/?nc=sn&loc=4 | USA |
CloudAMQP | Processing event-based workflows used by Zapier Services | https://www.cloudamqp.com/legal/security_and_compliance.html, https://www.cloudamqp.com/legal/privacy_policy.html | USA |
DataDog | Application performance monitoring, infrastructure and network monitoring, and error capturing | https://www.datadoghq.com/security/ | USA |
FullStory | Analytics to improve Zapier Services | https://help.fullstory.com/hc/en-us/articles/360020624254-Security-Overview | USA |
Graylog | Production logs for support services and log management | https://www.graylog.org/privacy-policy | USA |
Help Scout | Customer service platform used for technical support ticket management | https://www.helpscout.com/company/legal/security/, https://www.helpscout.com/company/legal/gdpr/ | USA |
Heroku | Deployment and management of Zapier Services | https://www.salesforce.com/company/privacy/ | USA |
HubSpot | Marketing automation platform. Email delivery services for communications to Zapier users | https://www.hubspot.com/security | USA |
Iterable | Marketing automation platform. Email delivery services for communications to Zapier users | https://iterable.com/trust/iterable-security-compliance/ | USA |
Looker | Business intelligence software used to analyze Zapier Services usage | https://looker.com/product/security | USA |
Sentry | Debugging and support tool used for error reporting | https://sentry.io/security/, https://sentry.io/privacy/ | USA |
Vitally | Customer success health scoring, and user engagement/usage tool | https://www.vitally.io/privacy-policy | USA |
Zendesk | Customer service platform used for technical support ticket management | https://www.zendesk.com/product/zendesk-security/, https://www.zendesk.com/company/agreements-and-terms/privacy-policy/ | USA |
Affiliate Subprocessors
Name | Service(s) Provided | Location |
---|---|---|
Zapier Australia Pty Ltd. | Zapier Services and Support | Australia |
Zapier Automation Inc. | Zapier Services and Support | Canada |
Zapier UK Ltd. | Zapier Services and Support | UK |
Service-Specific Subprocessors
Zapier works with third parties (Service-Specific Subprocessors) to provide customer-requested functionality within its services. When customers request the relevant functionality, these subprocessors access their customer data. Their use is limited to the indicated services:
Name | Nature of Processing (Supported Zapier Service(s)) | Security and Privacy Information | Location |
---|---|---|---|
Bow Tie Bots LLC | Provider of customer-requested Expert services to Zapier customers. | https://connex.digital/privacy-policy/ | USA |
Connex Digital | Provider of customer-requested Expert services to Zapier customers. | https://connex.digital/privacy-policy/ | USA, Czech Republic |
GetUWired | Provider of customer-requested Expert services to Zapier customers. | https://www.getuwired.com/privacy-policy/ | USA |
Google Translate | Language translations of customer queries (Translate by Zapier) | https://policies.google.com/privacy | USA |
The Joinary | Provider of customer-requested Expert services to Zapier customers. | https://www.thejoinary.com/privacy-policy | Australia |
Mailgun | Email sending capabilities per customer queries (Email by Zapier) | https://www.mailgun.com/security-privacy/, https://www.mailgun.com/privacy-policy/ | USA |
Twilio | SMS sending capabilities per customer queries (SMS by Zapier) | https://www.twilio.com/security, https://www.twilio.com/legal/privacy | USA |
Updates to Subprocessors
As Zapier’s business continues to grow and evolve, these subprocessors may change. Sign up to receive email notifications about future updates to these lists.
Need more help?