Security and Compliance

Compliance at Zapier

We take compliance seriously and understand its significance to both our customers and partners. For this reason, Zapier has obtained independent third-party auditor certifications with the AICPA's SOC for Service Organizations, SOC 2 Type II and SOC 3.

You can request our SOC 2 Type II report through our Help & Support page and download our SOC 3 report here.


Security best practices at Zapier

We take pride in our information security program and are dedicated to its continual improvement.

User account security

Product access control

Only a subset of Zapier's personnel has access to Zapier's products and customer data through controlled interfaces. This limited access allows us to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.

Authentication resources

We offer two-factor authentication (2FA)

SAML integration with external identity providers.


Zapier uses 256-bit AES encryption at rest in addition to securing network communication with TLS 1.2 for encrypting data in transit.

User account security

Change management

Every pull request goes through a peer code review, whether it's a new feature or bug fix. Security reviews are performed as appropriate for the work.

We run regular code audits for security.

We use GitLab for our CI tooling for continuous integration and delivery. Every merged PR is automatically subjected to a pipeline of rigorous tests and analysis as appropriate for the code being merged.

We perform robust unit testing and regular penetration testing.

change management

Cloud security

Zapier utilizes Amazon Web Services (AWS) as its cloud service provider. We also leverage AWS's security and compliance controls for data center physical security and cloud infrastructure. More information about this service provider can be found on the AWS Security Cloud website.

cloud security

Monitoring & logging

Availability: We have globally-distributed SRE and Security teams on-call 24/7. To ensure users have real-time service availability updates, Zapier also maintains a Status page.

Logging: We keep a comprehensive log of all user and Zap activities. Zap activities are logged internally for troubleshooting and support only. Zapier users can also see a summary of their Zap activities in their Zap History.

Monitoring and logging

Vulnerability management

Threat detection

We have enabled threat detection software and enforce continual threat modeling exercises to identify and plan for any vulnerabilities in our environment.

External penetration testing

Zapier undergoes an external penetration test by an independent third party on an annual cadence, at minimum.

Security bug bounty program

Zapier's security exploit bug bounty program acknowledges and rewards the work independent security researchers do by flagging vulnerabilities Zapier might not be aware of. We look at each vulnerability on a case-by-case basis.

If you find something to report, please keep these three key points in mind:

  1. Please let us know about any vulnerabilities as soon as possible.
  2. Don't test against Zapier users' private data.
  3. We welcome the opportunity to work together and close the vulnerability before it's revealed to others.

As much (or as little) help as you want

Do it yourself

Whether you’re brand-new to automation or looking to grow your skills, we make DIY doable.

Hire an Expert

Choose a certified Zapier Expert to help you think through and create automated workflows.

A plan to fit your needs

Free forever

Just getting started? Explore basic Zapier features for free.

Try it free


Ready to level up? Unlock powerful features with a Professional plan.

Teams and Companies

Need to automate across your organization? Check out our enterprise plans.