Loading
HelpAccount & BillingData privacy and management

Data Privacy & Security FAQs

Last updated:

Where does Zapier store data?

Zapier hosts data in AWS servers located in the United States, including customers’ personal data and the data that is processed on behalf of customers.

Why is data stored in my Zapier account for between 29 to 69 days?

This is due to Zapier’s data retention policy for your Zapier account:

  • On the first Monday of each month, Zapier deletes old Zap Content and Zap History from your Zapier account.
  • At that time, Zapier only retains Zap Content and Zap History from the current and previous month.

Before Zapier deletes your data on the first Monday of the month, Zapier retains up to 69 days of Zap Content and Zap History in your Zapier account. This includes:

  • Data from up to 7 days of the current month (depending on when Monday falls).
  • Data from the last month (up to 31 days).
  • Data from two months ago (up to 31 days).

After Zapier deletes your data on the first Monday of the month, Zapier retains at least 29 days of Zap Content and Zap History in your Zapier account. This includes:

  • Data from at least 1 day of the current month's data (depending on when Monday falls).
  • Data from the past month (at least 28 days).

Here is an example of how this process works:

  • On Sunday, March 3, your Zapier account contains data from January (two months ago), February (last month), and March (current month).
  • On Monday, March 4, Zapier deletes your old account data from January (two months ago) but continues storing data from February (last month) and March (current month).
Note

Customers on Company plans can set a custom data retention period of between 7 to 30 days for data held in their Zapier account.

Is there an option to have my data stored only within the EU?

Zapier does not support this option.

Can EU-based customers transfer EU personal data to Zapier?

The European Data Protection Board (EDPB) advises that you conduct an assessment of whether or not you can transfer EU personal data on the basis of the EU Standard Contractual Clauses (SCCs). In particular, Zapier recommends the following steps:

  1. Consider the technical and organizational security measures included in the updated DPA. Based on the type of data you process on Zapier, determine whether these are sufficient for your use.
  2. Review Zapier’s Data Processing Addendum (DPA), which includes the new supplemental clauses recommended by the EDPB and incorporates the new version of the SCCs approved by the European Commission.
  3. Conduct a risk assessment for the transfer of personal data to the US in your use of Zapier. Information on this page and the Security and Compliance at Zapier page may be helpful for your review.

Has Zapier ever had to disclose data to US authorities?

Zapier has not received any data access request from the US government under Section 702 of the Foreign Intelligence Surveillance Act or Executive Order 12333.

If such a request were received, Zapier will use reasonable efforts: (1) to have the governmental authority request such data directly from you; and (2) to notify you of the request promptly, unless prohibited under the applicable law of the requesting government authority or Zapier. If prohibited from notifying you, Zapier will use reasonable efforts to obtain the right to waive the prohibition to communicate as much information to you as possible.

Does Zapier sell or market the data to third parties in any way? Will you share my data without my consent?

No, Zapier does not sell or market your data to third parties.

Does Zapier have a Data Processing Officer (DPO) or an EU Representative?

Taylor Vinters is Zapier’s EU Representative. You may contact them as follows:

Taylor Vinters Europe Limited
Clifton House
Fitzwilliam Street Lower
Dublin, Dublin, D02 Xt91
Ireland
representative@taylorvinters.com

Does Zapier have a vetting process for its subprocessors?

Yes, all of Zapier’s subprocessors have undergone an internal legal and security review to assess how customer information is protected, from both privacy and security perspectives.

Will Zapier sign my company’s DPA?

Zapier can’t sign DPAs from other companies. However, Zapier’s DPA should be sufficient in any customer relationship with Zapier. Zapier’s DPA contains Standard Contractual Clauses (SCCs) for EU data and includes terms specific to how Zapier’s platform works.

Can I use Zapier with healthcare/medical data? And/or, will you sign my company’s BAA?

The use of regulated healthcare and medical data like HIPAA is not supported on Zapier. Zapier also can’t sign business associate agreements (BAAs) or equivalent agreements for handling protected health information (PHI) or other similar information.

What security certifications does Zapier have and/or where can I find more information about Zapier’s security practices?

Zapier has obtained independent third-party auditor certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3. Please review the Security and Compliance at Zapier page for more information about these certifications and Zapier’s security practices.


Need more help?

Contact Support

Tell us about your problem, and we’ll find you a solution or you can email support.
Get Help

Hire an Expert

We have a directory of professionals across the globe who are ready to help.
Find a Zapier Expert

Zapier Community

Connect with other Zapier users and industry professionals to get help crafting the perfect workflow.
Check out the community

Zapier University

Video courses designed to help you become a better Zapier user, whether you’re a beginner or more experienced.
View courses