Zapier takes compliance seriously and understands its significance to both customers and partners. For this reason, Zapier has obtained independent third-party auditor certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3.

Here are the Security and Compliance that makes Zapier safe to use:

  1. Monitoring & Logging
  2. Vulnerability Management
  3. Change Management
  4. User Account Security
  5. Cloud Security

Is it Safe to Use Zapier

1. Monitoring & Logging

Zapier has globally distributed SRE and Security teams that are on-call 24/7 and maintains a Status page. Zapier activities are extensively logged internally for troubleshooting and support presented in summary in Zap History to inform users directly.

2. Vulnerability

Zapier has enabled threat detection software and enforces continual threat modeling exercises to identify and undergoes an external penetration test by an independent third party. Zapier’s Security Exploit Bug Bounty Program acknowledges independent security researchers’ work by flagging vulnerabilities.

3. Change Management

Peers and security review every pull request are performed as appropriate for the work. Zapier’s continuous integration and delivery are automatically merged with the pipeline, regular code audits for security, robust unit testing, and regular penetration testing.

4. User Account Security

Zapier uses Two-factor authentication (2FA) and Single Sign-On with SAML to secure user access to the platform. They also use 256-bit AES encryption at rest with TLS 1.2 to encrypt data in transit.

5. Cloud Security

Zapier utilizes Amazon Web Services (AWS) as its cloud service provider and leverages AWS’ security and compliance controls for data center physical security and cloud infrastructure. Further resources for this service provider can be found on the AWS Security Cloud website.