Data privacy at Zapier

Zapier takes the protection of our customers’ information seriously and is committed to complying with applicable data privacy laws, including GDPR, UK GDPR, and CCPA, when providing services to our customers. Data privacy is a collaborative effort, and Zapier is also committed to ensuring that you can use Zapier services while complying with your obligations under applicable data privacy laws. This page is designed to help you with your data privacy obligations by providing information about Zapier’s data protection practices and the choices that you have regarding the data processed by Zapier when you use Zapier services.

Privacy Compliance at Zapier

Zapier has ongoing processes to protect your data and privacy rights:

Legal Review

Zapier collaborates with legal and other professional counsel to understand its role under both current and proposed data privacy laws and regulations such as GDPR, UK GDPR, and CCPA. Zapier regularly reviews and periodically updates its Privacy Policy, Data Processing Addendum, and Terms of Service with respect to compliance with such data privacy laws and regulations.

Internal Data Audits

Zapier periodically reviews the types of data that it collects, the reasons for collecting that data, and when Zapier personnel might need to access it.

Vendor Audits

Zapier audits its vendors, both at the time of onboarding and thereafter, to ensure that they adhere to data privacy laws/regulations and sign all relevant Data Processing Addendums.

Communications

Zapier documents pertinent changes in its privacy compliance practices. Customer and partner notification occurs via email, this webpage, and the updates blog. Zapier also maintains a Data Privacy & Security FAQ page that may be useful to review.

Ongoing Process Changes

Zapier continues to refine processes for how it performs customer support, builds services, and handles data. This includes internal documentation, training, and other processes.

Customer Content

For Customer Content (content transferred in and out of Zaps or other Zapier services), you, the customer, are considered the “data controller” of that data from a privacy perspective.

In turn, Zapier is the “data processor” responsible for safeguarding Customer Content as it flows through Zapier’s systems. Zapier’s security measures are described on Zapier’s Security and Compliance page.

As data controller, you are responsible for safeguarding Customer Content as you interact directly with services integrated with Zapier. You should configure your Zaps and integrations to not trigger or work with other users' data without proper consent.

Read more about your role and Zapier’s role in privacy compliance.

Data Processing Addendum

Because Zapier’s Terms of Service already incorporate Zapier’s Data Processing Addendum (“DPA”), you do not need to sign a separate copy. This DPA (and the accompanying Standard Contractual Clauses) contain legal terms that apply to personal information that may be contained in Customer Content. We’ve updated the DPA as of October 3, 2022, to add specific provisions regarding data transfers from the UK.

If you need a standalone copy of Zapier’s DPA for your records or other compliance purposes, you can:

  • Download a PDF copy of the DPA. Do not sign or return this copy to Zapier.
  • Generate an electronically signed copy of the DPA. You will receive two emails, both from HelloSign (noreply@mail.hellosign.com):
    • The first will be a request to sign with the subject: “Signature requested”.
    • Once you sign and agree to the DPA terms, you will receive a second email with the subject: “You just signed” that contains a fully signed PDF copy of the DPA.
    • If you have any trouble receiving these messages, check your spam folder, wait at least five minutes for each email to arrive, and ensure you clicked the final “Agree” button after signing in HelloSign.

Data Retention/Deletion

Below is information on Zapier’s data retention/deletion practices for Customer Content processed in Zapier services (last updated: October 3, 2022):

For Zap Content (content transferred in and out of Zaps):

  Retention period  
Zap Content (content transferred in and out of your Zaps)

- 7 days in logs.

- 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account.

- Up to 4 months in backup.

- Zap Content transferred when you test a Zap is stored until you delete the Zap. Once you have deleted the Zap, the Zap Content will then be subject to the other retention periods above.

 

Zap History (metadata about the Zap, like the name of the Zap, dates and times of the Zap run, and the Zap status)

- 7 days in logs.

- 29-69 days in your Zapier account. If you subscribe to the Company plan, you can set a shorter retention period in your Zapier account.

- Up to 4 months in backup.

- Zap History is stored in Zapier’s non-production database for internal Zapier product analytics purposes.

 

Deletion & Export Options

Deletion options
These options describe how to manually delete a Zap or Zap Content from your account. Otherwise, data is deleted from logs and backups based on the standard retention periods described above.

Export options
These options describe how to manually export a Zap or Zap Content from your account.

Subprocessors

Zapier engages with third-party subprocessors and Zapier affiliates to help us provide services to our customers. These subprocessors store Customer Content and assist Zapier with processing it (posted date: October 3, 2022, effective date: October 17, 2022):

Third-Party Subprocessors

Name Nature of Processing Location  
Amazon Web Services, Inc. (AWS) Third party hosting provider USA  
CloudAMQP Processing event-based workflows used by Zapier Services USA  
DataDog Application performance monitoring, infrastructure and network monitoring, and error capturing USA  
FullStory Analytics to improve Zapier Services USA  
Graylog Production logs for support services and log management USA  
Help Scout Customer service platform used for technical support ticket management USA  
Heroku Deployment and management of Zapier Services USA  
Looker Business intelligence software used to analyze Zapier Services usage USA  
Sentry Debugging and support tool used for error reporting USA  
Vitally Customer success health scoring, and user engagement/usage tool USA  
Zendesk Customer service platform used for technical support ticket management USA  

Affiliate Subprocessors

Name Service(s) Provided Location(s)
Zapier Australia Pty Ltd. Zapier Services and Support Australia, New Zealand
Zapier Automation Inc. Zapier Services and Support Canada
Zapier UK Ltd. Zapier Services and Support UK

Service-Specific Subprocessors

Zapier engages with Service-Specific Subprocessors to process Customer Content when customers use certain optional services. When customers request the relevant functionality, these subprocessors access their Customer Content. Their use is limited to the indicated services:

Name Nature of Processing (Supported Zapier Service(s)) Location  
Google Translate Language translations of customer queries (Translate by Zapier) USA  
Mailgun Email sending capabilities per customer queries (Email by Zapier) USA  
Twilio SMS sending capabilities per customer queries (SMS by Zapier) USA  

Updates to Subprocessors

As Zapier’s business continues to grow and evolve, these subprocessors may change. Sign up to receive email notifications about future updates to these lists.

Was this article helpful?
10 out of 11 found this helpful