Data Privacy Overview
Zapier takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR, UK GDPR, and CCPA, when providing services to our customers. Data privacy is a collaborative effort, and Zapier is also committed to ensuring that you can use Zapier services while complying with your obligations under applicable data privacy laws. This page is designed to help you with your data privacy obligations by providing information about Zapier’s data protection practices and the choices that you have regarding the data processed by Zapier when you use Zapier services.
Privacy Compliance at Zapier
Zapier has ongoing processes to protect your data and privacy rights:
EU-US Data Privacy Framework (DPF) Program
Zapier has self-certified our compliance with the EU-US Data Privacy Framework (DPF), the UK Extension, and the Swiss-US DPF as set forth by the US Department of Commerce. You can confirm Zapier's self-certification and participation via our Participant Detail page on the Data Privacy Framework Program website.
Zapier collaborates with legal and other professional counsel to understand its role under both current and proposed data privacy laws and regulations such as GDPR, UK GDPR, and CCPA.
Internal Data Audits
Zapier periodically reviews the types of data that it collects, the reasons for collecting that data, and when Zapier personnel might need to access it.
Zapier audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign all relevant Data Processing Addendums.
Zapier documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the updates blog. Zapier also maintains an FAQ below that may be useful to review.
Ongoing Process Changes
Zapier continues to refine processes for how it performs customer support, builds services, and handles data. This includes internal documentation, training, and other processes.
For Customer Content (content transferred in and out of Zaps or other Zapier services), you, the customer, are considered the “data controller” of that data from a privacy perspective.
In turn, Zapier is the “data processor” responsible for safeguarding Customer Content as it flows through Zapier’s systems. Zapier’s security measures are described on Zapier’s Security and Compliance page.
As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with Zapier. You should configure your Zaps and integrations to not trigger or work with other users' data without proper consent.
Read more about your role and Zapier’s role in privacy compliance.