Help

Security at Zapier

Last updated:

Trusted by millions across the globe to securely sync data across a variety of web services and get work done.

Zapier has globally distributed SRE and security teams on-call 24/7. We constantly monitor security notifications around all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all of Zapier’s code and infrastructure is secure.

Key security offerings

  • Data Privacy
  • Account Security
  • External Audits and Pentests
  • Security Monitoring
  • Responsible Disclosure

Data Privacy

We take the security of your data seriously. Learn more about how Zapier protects your data.

Privacy at Zapier

For specific details on privacy at Zapier, refer to Zapier's Privacy Policy.

GDPR

Zapier has been fully GDPR compliant since May 25th, 2018. Learn how Zapier complies with GDPR.

CCPA

Zapier has been fully CCPA compliant since January 1st, 2020. Learn how Zapier complies with CCPA.

HIPAA

Zapier does not claim HIPAA compliance, and cannot advise on how Zapier usage may or may not comply with your unique requirements.

Reliability at Zapier

  • Hosting infrastructure: Hosted within the AWS Cloud, Zapier benefits from the comprehensive security controls in - place to secure our servers physically and virtually.
  • Status page: Zapier has processes in place to ensure you can always get a real-time update on the Status page.

SOC 2

We're committed to handling our user and partner data securely, so we're actively pursuing SOC 2 Type II certification in 2020. The SOC 2 (System and Organization Controls) Type II report is a globally-recognized security measure that rates a service provider's compliance with security, availability, and confidentiality best practices.


Account Security

Product and Data Safeguards

Customer Data

  • 256-bit AES Encryption
  • Strict access controls
  • All network communication secured with TLS 1.2
  • Shared Zaps are sanitized of all identifying or proprietary information before others are given access

Hosting

Hosted within the Amazon cloud, Zapier benefits from the comprehensive security controls in place to secure our servers physically and virtually (https://aws.amazon.com/security/)


External Audits and Pentests

Threat Detection and Management

  • Integration with AWS GuardDuty threat detection and monitoring service
  • Fleetwide audit logging

Audit & Logging

Zapier maintains a comprehensive log of all user and Zap activities. Zap activities are extensively logged internally for troubleshooting and support, and presented in summary in the Task History to inform users directly.


Security Monitoring

Quality Controls

  • Peer code reviews: every pull request is reviewed by peers, whether it’s a new feature or bug fix. Security reviews are performed as appropriate for the work.
  • Regular code audits for security.
  • Continuous Integration and Delivery: we use GitLab for our CI tooling. Every PR that is merged is automatically subjected to a pipeline of rigorous tests and analysis as appropriate for the code that is being merged.
  • Robust unit testing
  • Regular penetration testing

Responsible Disclosure

Zapier Bug Bounty

Zapier’s Security Exploit Bug Bounty Program acknowledges the work independent security researchers do by flagging vulnerabilities we might not be aware of with a discretionary reward system: there’s no maximum amount; Zapier looks at each vulnerability on a case by case basis.

Three key points to keep in mind as and when you find something to report:
- Let us know as soon as you can.
- Don’t test against our users’ private data.
- Give us the opportunity to work together and close the vulnerability prior to revealing the vulnerability to others.


Need More Help?

Contact Support

Tell us about your problem, and we’ll find you a solution or you can email support.
Get Help

Hire an Expert

We have a directory of professionals across the globe who are ready to help.
Find a Zapier Expert

Zapier Community

Connect with other Zapier users and industry professionals to get help crafting the perfect workflow.
Check out the community