Skip to content

Zapier AI Automation Platform:

Legal and Compliance Information

Date: April 23, 2026


Organizations using Zapier control what apps to connect, what actions to run, who can build, and how AI is used across workflows, agents, SDK, and MCP connections. Zapier provides the platform controls to enforce those decisions and handles customer data and platform security in support of them. This page covers the governance tools available to customers and how Zapier handles data, secures the platform, and meets regulatory requirements.

For concrete use cases, you can learn more about how our Legal team uses Zapier.

Zapier governance features that customers control

Because the ability to monitor activity is critical to governance, we enable our customers to:

âś… Audit logs and analytics dashboard

Monitor account activity and review usage across your organization.

âś… Asset History

Queryable audit trail of every Zap execution: every run, every app, every model call. Available in the UI and via API.

âś… Log Streaming

Stream execution data to external monitoring tools (Datadog, Splunk, etc.) so IT and security teams can observe Zapier activity from their existing stack.

âś… Canvas Auto-Documentation

Auto-generates and auto-updates documentation for each workflow, covering what it connects to, what it does, and who owns it.

âś… Agent activity tracking

Complete log of every agent run: status, apps used, timestamps, and step-by-step execution detail.

âś… Chatbot conversation history and analytics

Full transcripts of every chatbot conversation, searchable by keyword, exportable as JSON. Built-in analytics tab covers up to 90 days of usage data.

Zapier gives our customers control over their Zapier account, including what actions to run, who can build, and what they can access, across workflows, agents, SDK, and MCP connections. 


Action Restrictions

Action Restrictions give endpoint-level control over what teams can do inside an approved app. Administrators can permit specific operations instead of making all-or-nothing decisions about apps. For example, admins can allow reads from Hubspot while blocking creates and updates, or allow Slack messaging while blocking file uploads to external channels. Action Restrictions apply consistently across the Zap editor, Agents, SDK, and MCP connections.


Managed App Connections

Managed App Connections are company-owned app connections that IT controls. Instead of individual employees creating their own connections with personal credentials, IT provides a single managed connection that everyone uses. When an employee leaves, the connection stays intact, and automations keep running. This removes the risk of automations breaking when tied to personal accounts, and it ensures consistent governance across the organization.


Domain Restrictions

Domain Restrictions prevent personal accounts from authenticating to business apps on Zapier. If someone tries to connect a personal email account to a business app, Zapier blocks it before any data flows. This keeps customer and business data in accounts that the organization controls, audits, and can revoke.


App Access Controls

App Access Controls enable administrators on the Zapier account to set an allowlist or blocklist of apps per workspace. Controls are enforced across the Zap editor, Agents, SDK, and MCP. Apps not on the allowlist are blocked by default.


Guided Templates

Organizations can create pre-approved agents and automations and share them across workspaces. Teams build from approved patterns instead of starting from scratch.


Workspaces

Workspaces let organizations segment Zapier by team, each with its own controls, connections, and app access. For example, a sales team can access CRM tools without database access; a data team gets analytics without CRM write access. Workspace admins manage day-to-day operations while IT retains org-wide visibility and policy control.

Availability: Rolling out Q2 2026 (expected June/July). Not yet generally available.

AI Guardrails by Zapier adds inline AI safety, compliance, and detection capabilities directly to workflows on Zapier. You can screen AI-generated content before it is used in downstream steps, allowing you to catch potential issues in production, not after the fact:

  • Detect PII: Scans text for personally identifiable information such as names, addresses, SSNs, credit card numbers, and more. Supports English and Spanish.
  • Detect Prompt Injection: Identifies prompt injection and jailbreaking attempts designed to manipulate AI system behavior.
  • Detect Sentiment: Classifies text sentiment as positive, negative, neutral, or mixed with confidence scores.
  • Detect Toxicity: Flags hate speech, threats, insults, and other harmful content.


How AI Guardrails Handles Data

To detect and redact PII, AI Guardrails must first process the data. Like any Zapier workflow, data processed by AI Guardrails, including any PII, is temporarily stored in Zapier’s logs and in Zap runs, subject to Zapier’s data retention and deletion practices. Enterprise customers can reduce the Zap history retention period to as few as 7 days.


Shared Responsibility

AI Guardrails are designed to supplement (not replace) a customer’s existing security, privacy, and compliance measures. No AI-powered detection system is 100% accurate. You should expect some false negatives (missed detections) and some false positives (incorrect flags). Use AI Guardrails as one layer in a broader defense-in-depth strategy alongside human review, additional input validation, and your existing compliance policies.


Availability

AI Guardrails by Zapier can be used in Zaps (as an action step), in Agents (as a tool), and with MCP (as a tool on an MCP server). All Zapier accounts can use AI Guardrails. Currently, AI Guardrails are builder-opted: individual builders choose to add guardrail steps to their workflows.

Zapier's data handling and security measures

đź”’ Customer Content

Customer content is information customers upload to or process through Zapier, such as CRM records passed through a Zap, support tickets processed by an Agent, data stored in Tables, and responses collected through Forms.

No Model Training or Improvement on Enterprise Customer Content. Enterprise customers are automatically opted out of Zapier using their content for model training and improvement purposes. All other customers may opt out at any time.

Zapier subprocessors are prohibited from using customer content for their own model training. Before using any subprocessor, Zapier reviews each subprocessor’s data privacy and security practices before onboarding it. See our subprocessor list and sign up at the Trust Center for change notifications.

Zapier has implemented OpenAI’s Zero Day Retention (ZDR) feature. If a customer uses their own OpenAI key, the terms of the customer’s agreement with OpenAI will govern how OpenAI handles their data instead. See Bring Your Own Key (BYOK) and Bring Your Own Model (BYOM) below.

Zapier’s data retention policy governs how Zapier handles customer content.

Third Party Application’s Agreements

When a customer connects a third-party provider account to Zapier (such as through an integration, SDK, or MCP), two agreements apply: 

  1. The customer's agreement with Zapier governs how Zapier handles customer content, and 
  2. The customer's agreement with that provider governs how the provider handles customer content


đź“Š Usage Information

Usage Information is data about how Zapier products are configured and used, such as which apps and actions appear in a Zap, how steps are ordered in an Agent, which triggers are most commonly paired with which actions, and how often a particular automation pattern is used across the platform. Zapier uses usage information to operate, improve, and develop its products. For example, data about workflow step sequencing helps refine Zapier Copilot suggestions toward more practical and frequently adopted automation steps.


🔑 Bring Your Own Key (BYOK)

We offer bring your own key (BYOK) capability in Zapier Workflows and Chatbots:

Through our 600+ AI integrations, customers can connect their company’s AI app accounts (such as OpenAI/ChatGPT, Anthropic, Gemini, Perplexity, Granola, ElevenLabs, and Gamma) to their Zapier workflows. The AI by Zapier integration also supports connecting to a company’s AI app account with OpenAI, Anthropic, Google, Azure OpenAI, and Amazon Bedrock.

Customers can configure their Chatbots to use their OpenAI or Anthropic account by adding their own OpenAI authentication and connecting to additional available models.

In each case, the customer's separate AI account generates outputs under that provider's agreement, then sends them to Zapier.

For organizations that need to route AI processing through their own infrastructure, see Bring Your Own Model (BYOM) below.


🏛️ Bring Your Own Model (BYOM)

For organizations that require AI processing to run through their own infrastructure, Zapier offers Bring Your Own Model (BYOM) capability. With BYOM, customers can route Zapier’s AI features—including Agents and Knowledge by Zapier—through their existing AWS Bedrock account. The customer’s own encryption keys, access controls, and compliance certifications apply to all AI processing. For more information, see Use your own AI accounts in Zapier.

BYOM provides:

  • AI requests are routed to the customer’s own cloud infrastructure, using their keys and their compliance certifications.
  • No new subprocessors are introduced for AI processing—the customer’s existing, vetted infrastructure handles all model calls.
  • Administrators can configure fallback behavior: choose fail-closed (highest security) or allow Zapier-provided models as a fallback for continuity.
  • As models evolve, the customer’s governance framework stays intact. Upgrading models does not require re-evaluating vendors.

Security

Zapier maintains SOC 2 Type II certification. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). For full details on our security posture, infrastructure, and incident response practices, see our Security page and Trust Center.

Learn more about the enterprise-grade security of the Zapier AI automation platform on our Security page and in our Trust Center, which includes information about our SOC 2 Type II certification.


Identity and Access Control

We provide fine-grained identity access controls to enterprise customers to ensure that only authorized personnel can view or trigger automations:

âś… Single Sign-On (SSO) via SAML

Federated authentication through your identity provider.

âś… User provisioning via SCIM

Automated provisioning and de-provisioning through providers like Okta and Azure AD. When someone joins, they get the right access. When they leave, access is revoked immediately.

âś… Additional controls:

Compliance as a shared responsibility

Zapier complies with GDPR, UK GDPR, and CCPA. See our Data Privacy Overview for details.


EU AI Act

The EU AI Act regulates AI systems based on risk level. It establishes four categories: prohibited uses, high-risk systems, limited-risk systems, and minimal-risk systems. This approach aims to encourage innovation while requiring appropriate safeguards for high-risk applications. Under Zapier's terms, customers may not use the Zapier platform in ways that violate the EU AI Act.

Zapier has aligned its AI product development with the Act's core principles:

  • Risk-based approach: The Act classifies AI systems by risk level: prohibited, high-risk, limited-risk, and minimal-risk. Zapier provides AI Guardrails for PII detection, prompt injection detection, toxicity screening, and sentiment analysis so customers can screen AI outputs before they reach downstream systems.
  • Human-centric design: AI must support human autonomy and decision-making. Customers control when and how AI acts: Action Restrictions define what operations AI can perform, Agents can require human approval before executing actions, and AI Guardrails let customers screen AI outputs before they reach downstream systems.
  • Transparency: Users should know when they are interacting with AI, and AI decisions should be explainable. Zapier logs activity across the platform: Zap run history records every workflow execution, Asset History provides a queryable audit trail of every run, app, and model call, Agent activity tracking captures step-by-step detail including which models were called and what outputs were produced, and Log Streaming sends execution data to external monitoring tools like Datadog and Splunk.
  • Protection of fundamental rights: AI systems must not pose unacceptable risks, such as social scoring or manipulative techniques. Under Zapier's Acceptable Use Policy, customers may not use the platform for prohibited purposes, including those that violate the EU AI Act's restrictions.
  • Data governance: Data used by AI systems must be high-quality, secure, and well-governed. Enterprise customer content is not used for model training. Subprocessors are contractually restricted. See the Data Handling section.
  • Accountability: Developers, deployers, and operators must ensure their AI systems comply. Zapier operates under a shared responsibility model (see below) that defines obligations for Zapier, AI model providers, and customers.
  • Safety and security: AI systems must meet rigorous security standards. Zapier maintains SOC 2 Type II certification, encrypts data in transit and at rest, and reviews subprocessor security practices before onboarding. See the Security section.
  • Promotion of innovation: The EU AI Act aims to foster innovation through clear rules for responsible AI. Zapier supports this by providing governance tools that let organizations adopt AI with controls already in place, reducing the compliance burden on individual teams.

AI safety is a shared responsibility among Zapier, the AI foundation model providers we use (such as OpenAI, Anthropic, and Google), and our customers. Everyone plays a role.


Customer Responsibilities

Customers are responsible for using Zapier in compliance with their own policies, applicable laws, and the Zapier Acceptable Use Policy. Governance tools (Workspaces, Action Restrictions, AI Guardrails) enable customers to enforce their policies within the platform.


Zapier Responsibilities

Zapier develops, deploys, and operates AI products in compliance with applicable laws and Zapier's internal development and security policies. Zapier implements and maintains security and data governance measures for the processing of customer data, and updates these measures as requirements and the landscape evolve.


AI Model Provider Responsibilities

AI model providers used by Zapier (listed on our Subprocessors page) are responsible for complying with applicable laws and implementing measures to limit bias and harmful content. Zapier reviews each provider's legal and security practices before onboarding. Subprocessors are contractually prohibited from using customer data for model training.


Shared Responsibility Model for AI

This diagram provides a visual representation of our shared responsibility model:


Questions and Feedback


Zapier is committed to providing a secure, innovative, and customer-focused AI automation platform.

We welcome questions or feedback on the topics covered in this document or anything else: