Data privacy at Zapier

Last updated:

We take the security of your data seriously. You can read the nitty gritty details at our privacy policy.

  • Credentials that you use to connect your accounts to Zapier are protected with bank-level encryption.
  • The only action that Zapier takes on your accounts are those necessary to run the Zaps you create.
  • The raw requests Zapier makes to other services on your behalf are stored for 7 days for troubleshooting purposes, then purged on a rolling basis.
  • User-facing Task History is stored for longer periods of time (approximately 3 months, never longer than 4 months) so that you can monitor Zapier activity and replay failures.

Technical details

  • Zapier login credentials are one-way PBKDF2 hashes with a workload of about 100000 iterations and HMAC-SHA256 as the underlying pseudorandom function.
  • Account access credentials (like API keys for MailChimp, tokens for Salesforce, and passwords for developer apps like SAManage) held by Zapier are encrypted with AES and stored in a database. Of course, Zapier has the decryption keys on hand so we can use the credentials but they are stored and maintained separately.
  • All Zapier employees have access to raw HTTP logs as a part of daily support - we censor access tokens/secrets to the best of our ability. All debug logs censor account credentials (API keys, tokens, etc.) so they are not viewable in raw request logs.
  • Raw low-level request logs are stored for 7 days, Task History is stored rolling for the previous three months, and is stored for approximately 90 days in S3 as backups.
  • We use TLS 1.2 wherever possible (both via and external API services). You can find more details here.
  • We use KeyCzar (an open source library made and maintained by Google) with default settings. There is a black box with hotkeys that runs and houses our KeyCzar servers. We use standard IAM credentials to limit access to the cold stored keys in S3.

If you have any questions on how Zapier stores or handles your information, or if you would like a copy of Zapier Security Practices, please contact us.


HIPAA Compliance

Zapier can not claim HIPAA compliance.

Was this doc helpful?

Need More Help?

Zapier Support

Contact our world class support team and we’ll be happy to help you get up and running!
Contact Us

Hire an Expert

We have a directory of professionals across the globe who are ready to help.
Find a Zapier Expert