Zapier Automation Platform: Legal and Compliance Information
Date: May 1, 2025
The Zapier automation platform enables businesses to automate their operations. Supporting nearly 8,000 apps and 300+ AI tools, and with AI orchestration capabilities integrated directly into automation workflows, customers can connect and integrate their systems in a single platform and build everything ranging from individual productivity automations to business-critical departmental systems. The platform contains built-in automation tools, databases, interfaces, chatbots, and more, allowing customers to automate in one place.
Zapier Automation Platform
Using Tables and Interfaces with Workflows, businesses can build complete solutions without constantly switching tools:
Automate end-to-end processes:
Connect everything from data storage to user interfaces to AI-driven decisions in one seamless system.
Create custom interfaces:
Build forms, dashboards, and apps that connect directly to a company’s AI workflows and adapt based on user interactions.
Store and manage data:
Zapier Tables provides the foundation for a company’s automated processes with AI fields that can analyze, classify, and enrich its information automatically.
Here are some examples of how we and our customers use Zapier to automate their important business processes:
Remote.com
Remote.com's Zapier-powered IT helpdesk automates 28% of ticket resolutions.
It collects employee requests in Slack, determines priority using ChatGPT, adds them to a Notion database and Zapier Table, uses Agents to review ticket history and their internal knowledge base for answers, and finally, generates a response back in Slack.
Okta
Okta’s SupportOps team significantly improved efficiency without adding complexity by centralizing their automation in Zapier.
Their Zapier-powered bot collects CSM case numbers in Slack, checks multiple Salesforce instances to find the corresponding case, verifies its escalation status, and if it hasn’t been escalated yet, escalates it in accordance with Okta policies, and finally provides an update in Slack on its status.
Zapier
The Zapier Legal team uses Zapier-powered automations to answer questions related to internal policies, customer contracts, vendor relations, and more.
Our bot collects employee questions in Slack, uses our curated knowledge sources (including webpages and an FAQ database in Zapier Tables) to find answers, follows up with the employee in the same Slack thread, and if the question can’t be answered, escalates the request to the appropriate Zapier Legal team member based on the type of question asked.
AI Automation:
The Zapier automation platform incorporates AI throughout the creation, refinement, and execution of automated workflows:
In Workflows, our AI-powered Copilot specializes in Zap creation and helps customers build Zaps from start to finish, including suggestions and explanations. In our Code by Zapier integration, customers can use natural language to generate code to further customize workflows for their business needs.
Interfaces turns Zapier workflows into tools people can use, such as custom dashboards, client portals, or forms. Interfaces can incorporate AI components like Chatbots, send information to AI-powered workflows, or both.
Using AI, Canvas takes a customer’s natural language ideas, offers suggestions on how to expand them further, and from its input, creates end-to-end automated systems that incorporate Zaps, Interfaces, Tables, and Chatbots.
Chatbots is an AI-first app that are able to make reference to a business’ knowledge base (from documents, websites, or Zapier Tables) to answer questions. Chatbots can also trigger workflows and share collected information with other apps.
Agents are AI teammates that can perform multi-step processes autonomously. A customer can describe what they want in natural language, and its Agent figures out how to do it. Agents can be triggered by automation workflows and send information back to them, allowing for increased creativity and complexity (e.g., searching the web for research and pulling information from knowledge bases) to be added to workflows.
Now that we’ve provided an overview of the Zapier automation platform, we’d like to share how we meet our customers’ legal, security, and compliance needs. Learn more about our enterprise-grade security, privacy by design, data governance, EU AI Act and other regulatory compliance, and shared responsibility model below.
Enterprise-Grade Security
Security:
Learn more about the enterprise-grade security of the Zapier automation platform on our Security page and in our Trust Center, which includes information about our SOC 2 Type II certification.
Identity and Access Control:
We provide fine-grained identity access controls to enterprise customers to ensure that only authorized personnel can view or trigger automations:
✅ User provisioning via SCIM, integrating with a customer’s corporate identity systems
✅ Domain capture to consolidate all users under a customer’s verified company domain
✅ IP allowlisting for consistency on where a customer’s Zapier traffic comes from
✅ Controlling apps or actions that a business’s teams can use
✅ Controlling Interfaces that a business’s teams (or the public) can access
Monitoring and Transparency:
Visibility is critical for compliance. We offer:
✅ Audit logs of activity and an analytics dashboard to monitor usage
Data Governance
🔒 Customer Data:
Zapier practices are dedicated to ensuring that customer data (the information, content, or materials a customer uploads to their Zapier account) remains safe on our platform.
1. Enterprise customers are automatically opted out of Zapier using their customer data for model training.
2. All other customers may opt out at any time.
3. Zapier subprocessors (where we’ve contracted with a vendor to help us provide services to our customers) are prohibited from using our customers’ data for their model training. Prior to using any subprocessor, we review its data privacy and security practices and ensure that the contract terms prohibit using Zapier customer data for their own purposes. Customers can review our subprocessor list and sign up at our Trust Center for email notifications of changes.
4. When a customer contracts with a third-party provider and connects its provider account to Zapier (such as through an integration), the customer’s agreement with that provider governs how the provider handles the customer’s data in the provider’s possession. For example, a customer may connect their ChatGPT account to Zapier through our ChatGPT integration:
- The customer’s agreement with Zapier governs how Zapier handles the customer’s data in Zapier’s possession.
- The customer’s agreement with OpenAI (which operates ChatGPT) governs how OpenAI handles the customer’s data in OpenAI’s possession.
5. This also applies when a customer connects its Zapier account with other providers, such as connecting its Zapier account to Claude with Zapier MCP:
- The customer’s agreement with Zapier governs how Zapier handles the customer’s data in Zapier’s possession.
- The customer’s agreement with Anthropic (which operates Claude) governs how Anthropic handles the customer’s data in Anthropic’s possession.
📊 Usage Information:
To make our products more useful and relevant for our customers, we further train general-purpose AI models with information on how Zapier products work and are used, such as how automation workflows are formatted and organized. For example, data about workflow step sequencing can help us refine Zapier Copilot suggestions toward more practical and frequently adopted automation steps.
🔑 Bring your Own Key (BYOK):
We offer bring your own key (BYOK) capability in Zapier Workflows and Chatbots:
Through our 300+ AI integrations, customers can connect their company’s AI app accounts (such as OpenAI/ChatGPT, Anthropic, Gemini) to their Zapier workflows.
The AI by Zapier integration also supports connecting to a company’s AI app account with OpenAI, Anthropic, Google, and Azure OpenAI.
Customers can configure their Chatbots to use their OpenAI account by adding their own OpenAI authentication and connecting to additional available models.
In each case, the customer’s separate AI account, under its agreement with that AI provider, will generate the outputs for the customer and send them to its Zapier workflow or chatbot as it instructs.
Compliance with EU AI Act and Other AI Regulations
We have a reliable track record of commitment to compliance with applicable regulations, including data privacy, and more recently, AI regulations. Read more about our compliance with GDPR, UK GDPR, and CCPA in our Data Privacy Overview.
EU AI Act:
The EU AI Act imposes new requirements on “AI systems” and establishes a framework that distinguishes different categories of AI systems based on their potential risk impact. This nuanced approach encourages innovation while ensuring appropriate safeguards are in place for high-risk applications and also establishing prohibited uses of AI. Under our terms, we prohibit uses of the Zapier automation platform for uses that do not comply with applicable law, including the EU AI Act.
Core Principles of the EU AI Act:
We have proactively aligned our approach to developing AI products with the EU AI Act’s core principles:
Human-centric: AI must serve people and society, supporting human autonomy and decision-making.
Risk-based approach: AI systems are regulated according to potential risk categories: prohibited, high risk, limited risk, and minimal risk.
Protection of fundamental rights: AI systems must not pose an unacceptable risk, such as those enabling social scoring, cognitive behavioral manipulation, and certain types of biometric surveillance.
Transparency: Users should be informed when they are interacting with AI, and decisions made by AI can be explained and understood.
Accountability: Developers, deployers, and operators of AI systems must ensure their systems comply with the EU AI Act.
Safety and security: AI systems must have rigorous safety and security standards, including those relating to risk management, data quality, and cybersecurity.
Data governance: Strong data governance is required to ensure the quality, integrity, and security of data used by AI systems. This is emphasized for high-risk AI, where poor data quality could lead to discriminatory or unsafe outcomes.
Promotion of innovation: Aims to foster innovation by providing clear rules and support for responsible AI development and deployment.
Zapier’s Responsible Development of AI:
As part of our build development principles, we focus on customer centrism, and our development of AI is no different. This includes deeply understanding our products and engaging with customers and their feedback to ensure solutions are built for them. AI examples include support for human approval steps in automated workflows, as well as documentation and resources about AI outputs. These include advice on not relying on AI-generated content without verification for critical matters, on how to create AI prompts that generate better outputs, and on better understanding what AI hallucinations are and how to reduce their likelihood.
Zapier as a Compliance Partner:
Our legal and compliance teams actively monitor and evaluate the EU AI Act and other new and updated laws and regulations to ensure that our products meet applicable regulatory requirements.
Shared Responsibility
At Zapier, we subscribe to an AI shared responsibility model. AI safety is a team effort among Zapier, the builder of the third-party AI general-purpose foundation model (such as OpenAI, Anthropic, and Gemini) that we use to power our AI products, and our customers as users of the technology. Everyone plays their part to keep things safe, secure, and responsible.
Customer’s Role as a User of Zapier AI Products:
The customer controls how it uses Zapier AI and is responsible for following its company’s policies, applicable laws, and the Zapier Acceptable Use Policy. We also encourage customers to educate themselves and their teams on AI best practices.
Zapier’s Role as the Builder of Zapier AI Products:
We’re responsible for developing, deploying, and operating our AI products in compliance with applicable laws and our own development and security policies and guidelines. We’re also responsible for deeply understanding industry best practices and our customers’ needs, and ensuring those policies and guidelines meet them. We’ve implemented appropriate security and data governance measures for the secure and safe processing of customers’ data within the Zapier automation platform, and we’ll continue evolving them as our customers' needs and the landscape change. Lastly, we’re responsible for providing a great product and experience, and therefore, we're continuously improving our AI products so they’re accurate and effective.
AI Foundation Model Providers:
We use AI foundation models to enable AI capabilities across the Zapier automation platform, which can be reviewed on our Subprocessors page. As these AI foundation models are the backbone of many AI tools across the web, their builders are responsible for complying with applicable laws, their own internal development policies and guidelines for model building, and for implementing measures to limit bias and harmful content. We carefully review the legal and security practices of each subprocessor before using them in our products, and Zapier subprocessors are prohibited from using our customers’ data for their model training.
Shared Responsibility Model for AI:
This diagram provides a visual representation of our shared responsibility model:
What's Next
We are committed to providing a secure, innovative, and customer-centric automation platform where our customers can use AI to grow their businesses, build better automated and AI-powered workflows, and make technology do more work for them. Please share any questions or feedback, whether on AI topics covered by this article or otherwise.