Zapier takes compliance seriously and understands its significance to both customers and partners. For this reason, Zapier has obtained independent third-party auditor certifications with the AICPA’s SOC for Service Organizations, SOC 2 Type II and SOC 3.
Here are the Security and Compliance that makes Zapier safe to use:
- Monitoring & Logging
- Vulnerability Management
- Change Management
- User Account Security
- Cloud Security
1. Monitoring & Logging
Zapier has globally distributed SRE and Security teams that are on-call 24/7 and maintains a Status page. Zapier activities are extensively logged internally for troubleshooting and support presented in summary in Zap History to inform users directly.
Zapier has enabled threat detection software and enforces continual threat modeling exercises to identify and undergoes an external penetration test by an independent third party. Zapier’s Security Exploit Bug Bounty Program acknowledges independent security researchers’ work by flagging vulnerabilities.
3. Change Management
Peers and security review every pull request are performed as appropriate for the work. Zapier’s continuous integration and delivery are automatically merged with the pipeline, regular code audits for security, robust unit testing, and regular penetration testing.
4. User Account Security
5. Cloud Security
Zapier utilizes Amazon Web Services (AWS) as its cloud service provider and leverages AWS’ security and compliance controls for data center physical security and cloud infrastructure. Further resources for this service provider can be found on the AWS Security Cloud website.