Data Privacy Overview

Zapier takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR, UK GDPR, and CCPA, when providing services to our customers. Data privacy is a collaborative effort, and Zapier is also committed to ensuring that you can use Zapier services while complying with your obligations under applicable data privacy laws. This page is designed to help you with your data privacy obligations by providing information about Zapier’s data protection practices and the choices that you have regarding the data processed by Zapier when you use Zapier services.

Privacy Compliance at Zapier

Zapier has ongoing processes to protect your data and privacy rights:

EU-US Data Privacy Framework (DPF) Program

Zapier has certified our compliance with the EU-US Data Privacy Framework (DPF), the UK Extension, and the Swiss-US DPF as set forth by the US Department of Commerce. You can confirm Zapier's certification and participation via the participant list page (search for "Zapier") on the Data Privacy Framework Program website.

Legal Review

Zapier collaborates with legal and other professional counsel to understand its role under both current and proposed data privacy laws and regulations such as GDPR, UK GDPR, and CCPA.

Zapier regularly reviews and periodically updates its Privacy Policy, Data Processing Addendum, and Terms of Service with respect to compliance with such data privacy laws and regulations.

Internal Data Audits

Zapier periodically reviews the types of data that it collects, the reasons for collecting that data, and when Zapier personnel might need to access it.

Vendor Audits

Zapier audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign all relevant Data Processing Addendums.

Communications

Zapier documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the updates blog. Zapier also maintains an FAQ below that may be useful to review.

Ongoing Process Changes

Zapier continues to refine processes for how it performs customer support, builds services, and handles data. This includes internal documentation, training, and other processes.

Customer Content

For Customer Content (content transferred in and out of Zaps or other Zapier services), you, the customer, are considered the “data controller” of that data from a privacy perspective.

In turn, Zapier is the “data processor” responsible for safeguarding Customer Content as it flows through Zapier’s systems. Zapier’s security measures are described on Zapier’s Security and Compliance page.

As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with Zapier. You should configure your Zaps and integrations to not trigger or work with other users' data without proper consent.

Data Privacy FAQ

Where does Zapier store data?

How long is data stored in my Zapier account for?

Why is data stored in my Zapier account for between between 29 to 69 days?

Is there an option to have my data stored only within the EU?

Can EU-based customers transfer EU personal data to Zapier?

Does Zapier have a Data Transfer Impact Assessment that I can review?

Does Zapier sell or market my data to third parties in any way?

Where can I find Zapier's DPA? And, will Zapier sign my company’s DPA?

Does Zapier use subprocessors?

Does Zapier have a vetting process for its subprocessors?

Does Zapier have EU and UK Representatives?

Can I use Zapier with healthcare/medical data? And/or, will you sign my company’s BAA?

What security certifications does Zapier have and/or where can I find more information about Zapier’s security practices?

Zapier Automation Platform

PRODUCTS

CAPABILITIES

By use case

By app

By team

By company size

How Zapier Zaps

How Zapier Uses AI

By team

Learn more

Get help

Zapier quick-start guide

Developer resources