Zapier takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR, UK GDPR, and CCPA, when providing services to our customers. Data privacy is a collaborative effort, and Zapier is also committed to ensuring that you can use Zapier services while complying with your obligations under applicable data privacy laws. This page is designed to help you with your data privacy obligations by providing information about Zapier’s data protection practices and the choices that you have regarding the data processed by Zapier when you use Zapier services.
Privacy Compliance at Zapier
Zapier has ongoing processes to protect your data and privacy rights:
Legal Review
Zapier collaborates with legal and other professional counsel to understand its role under both current and proposed data privacy laws and regulations such as GDPR, UK GDPR, and CCPA. Zapier regularly reviews and periodically updates its Privacy Policy, Data Processing Addendum, and Terms of Service with respect to compliance with such data privacy laws and regulations.
Internal Data Audits
Zapier periodically reviews the types of data that it collects, the reasons for collecting that data, and when Zapier personnel might need to access it.
Vendor Audits
Zapier audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign all relevant Data Processing Addendums.
Communications
Zapier documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the updates blog. Zapier also maintains a Data Privacy & Security FAQ page that may be useful to review.
Ongoing Process Changes
Zapier continues to refine processes for how it performs customer support, builds services, and handles data. This includes internal documentation, training, and other processes.
Customer Content
For Customer Content (content transferred in and out of Zaps or other Zapier services), you, the customer, are considered the “data controller” of that data from a privacy perspective.
In turn, Zapier is the “data processor” responsible for safeguarding Customer Content as it flows through Zapier’s systems. Zapier’s security measures are described on Zapier’s Security and Compliance page.
As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with Zapier. You should configure your Zaps and integrations to not trigger or work with other users' data without proper consent.
Read more about your role and Zapier’s role in privacy compliance.
Data Processing Addendum
Because Zapier’s Terms of Service already incorporate Zapier’s Data Processing Addendum (“DPA”), you do not need to sign a separate copy. This DPA (and the accompanying Standard Contractual Clauses) contain legal terms that apply to personal information that may be contained in Customer Content. We’ve updated the DPA as of October 3, 2022, to add specific provisions regarding data transfers from the UK.
If you need a standalone copy of Zapier’s DPA for your records or other compliance purposes, you can:
- Download a PDF copy of the DPA. Do not sign or return this copy to Zapier.
- Generate an electronically signed copy of the DPA. You will receive two emails, both from HelloSign (noreply@mail.hellosign.com):
- The first will be a request to sign with the subject: “Signature requested”.
- Once you sign and agree to the DPA terms, you will receive a second email with the subject: “You just signed” that contains a fully signed PDF copy of the DPA.
- If you have any trouble receiving these messages, check your spam folder, wait at least five minutes for each email to arrive, and ensure you clicked the final “Agree” button after signing in HelloSign.
Data Retention/Deletion
Below is information on Zapier’s data retention/deletion practices for Customer Content processed in Zapier services (last updated: October 3, 2022):
For Zap Content (content transferred in and out of Zaps):
| Retention period | ||
|---|---|---|
| Zap Content (content transferred in and out of your Zaps) |
- 7 days in logs. - 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account. - Up to 4 months in backup. - Zap Content transferred when you test a Zap is stored until you delete the Zap. Once you have deleted the Zap, the Zap Content will then be subject to the other retention periods above. |
|
| Zap History (metadata about the Zap, like the name of the Zap, dates and times of the Zap run, and the Zap status) |
- 7 days in logs. - 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account. - Up to 4 months in backup. - Zap History is stored in Zapier’s non-production database for internal Zapier product analytics purposes. |
|
Deletion & Export Options
Deletion options
These options describe how to manually delete a Zap or Zap Content from your account. Otherwise, data is deleted from logs and backups based on the standard retention periods described above.
- Delete your account
- Delete data in your account
- Delete a specific Zap
- Delete specific Zap Content and Zap History
Export options
These options describe how to manually export a Zap or Zap Content from your account.
Subprocessors
Zapier engages with third-party subprocessors and Zapier affiliates to help us provide services to our customers. These subprocessors store Customer Content and assist Zapier with processing it (posted date: October 3, 2022, effective date: October 17, 2022):
Third-Party Subprocessors
| Name | Nature of Processing | Location | |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | Third party hosting provider | USA | |
| CloudAMQP | Processing event-based workflows used by Zapier Services | USA | |
| DataDog | Application performance monitoring, infrastructure and network monitoring, and error capturing | USA | |
| FullStory | Analytics to improve Zapier Services | USA | |
| Graylog | Production logs for support services and log management | USA | |
| Help Scout | Customer service platform used for technical support ticket management | USA | |
| Heroku | Deployment and management of Zapier Services | USA | |
| Looker | Business intelligence software used to analyze Zapier Services usage | USA | |
| Sentry | Debugging and support tool used for error reporting | USA | |
| Vitally | Customer success health scoring, and user engagement/usage tool | USA | |
| Zendesk | Customer service platform used for technical support ticket management | USA |
Affiliate Subprocessors
| Name | Service(s) Provided | Location(s) |
|---|---|---|
| Zapier Australia Pty Ltd. | Zapier Services and Support | Australia, New Zealand |
| Zapier Automation Inc. | Zapier Services and Support | Canada |
| Zapier UK Ltd. | Zapier Services and Support | UK |
Service-Specific Subprocessors
Zapier engages with Service-Specific Subprocessors to process Customer Content when customers use certain optional services. When customers request the relevant functionality, these subprocessors access their Customer Content. Their use is limited to the indicated services:
| Name | Nature of Processing (Supported Zapier Service(s)) | Location | |
|---|---|---|---|
| Google Translate | Language translations of customer queries (Translate by Zapier) | USA | |
| Mailgun | Email sending capabilities per customer queries (Email by Zapier) | USA | |
| Twilio | SMS sending capabilities per customer queries (SMS by Zapier) | USA |
Updates to Subprocessors
As Zapier’s business continues to grow and evolve, these subprocessors may change. Sign up to receive email notifications about future updates to these lists.
