Data safety when using Zapier embedded in other apps

Zapier offers its Natural Language Actions (NLA) API to third-party/external developers, so that they can add the power of Zapier to their own apps. These developers are not affiiliated with Zapier, but are independent businesses offering their apps to Zapier customers.

When you use Zapier within another app, you are connecting your Zapier account and your data to that other app. Therefore, it’s important that you trust it. Because of the number of apps, customers, and use cases, this is ultimately a customer's responsibility. This guide explains Zapier’s verification process for apps credentials and, more importantly, what you can do to keep your data and business safe.

 

What is Natural Language Actions API?

Zapier's Natural Language Actions (NLA) API is a tool for developer that allows them to perform AI actions from within their own app, on behalf of their users. 

 

What Zapier does to keep you safe

Zapier requires developers to go through an OAuth verification process in order to use a customer's OAuth credentials with the API. This means that they must submit certain basic information as a helpful indication that they are operating in good faith. 

While Zapier’s verification process is a helpful start to your review of an app, we do not and cannot guarantee any NLA app’s suitability for a particular Zapier customer, or that a customer will have a positive end-user experience. Because these apps are owned/operated by third parties, evaluate them like you would for any other software that would access your data and be able to take action on your behalf.

 

What can you do to ensure apps are secure and trustworthy?

As a Zapier customer, you are responsible for determining that the app you're using is right for you and that you trust its developer. You know your business better than Zapier does, and, ultimately, it's your responsibility to evaluate any apps you may want to provide access to. Some customers may not be comfortable using any apps at all, and others may be comfortable using many of them. Zapier puts you in charge of this decision.

We encourage you to familiarize yourself with the developer and its app, as you will be trusting them with access to your Zapier account and to take action on your behalf. Here are some things you can do to help verify that:

  • Look for information about the developer and confirm they are who you expect them to be.
  • Read the developer’s terms of service and privacy policy linked on the authentication screen.  Pay particular attention to information about how they intend to use your data.
  • Ensure you’re comfortable providing that developer with the access stated on the authentication screen.
  • Analyze the use cases that the app supports and make sure they align with your requirements.

Screen Shot 2023-07-18 at 8.20.44 AM.png

 

Manage AI actions and app access

Zapier offers help guides that explain how you can review all AI actions that ran on your Zapier account, and how you can revoke access to apps. We suggest periodically reviewing AI actions to ensure that apps are working as you intend.

Was this article helpful?
2 out of 2 found this helpful