Zapier

Free Tier Ratings

Last Reviewed: 2026-03-23

SOC 2 on all plans. Two-step Zaps limit complexity but sufficient for basic internal automations. MCP now included for AI integrations.

Excellent for connecting marketing tools. 8,000+ app integrations. Tables and Forms now included at no cost.

Limited tasks (100/mo). Data training on by default — opt-out form submission required. Two-step Zap limit restricts workflow complexity.

Good integrations with nonprofit CRMs. Opt-out of data training recommended before automating donor workflows.

No HIPAA compliance. No BAA available. Cannot process PHI or sensitive client data under any plan.

AI by Zapier includes GPT-4o mini and Gemini 2.0 Flash. Bring-your-own API key supported. MCP enables AI assistants to act across 8,000+ apps.

On by default

Zapier may use de-identified derived data from customer content for model training. Must submit opt-out form manually. Each user must opt out separately. Enterprise/Company plans auto-opted out.

Manual form

Submit opt-out form (linked from zapier.com/security-compliance) to disable data training. Each individual user must submit separately — no account-level opt-out on Free plan.

Possible

Zap execution history visible in run history dashboard. Zapier support staff may access data to assist with support tickets. Agents activity visible in dashboard.

29–69 days

Zap run history retained 29–69 days, deleted on the first Monday of the month. Chatbot conversations retained 60 days. Agent/Table/Canvas data retained until deleted by user, then purged from backups within 4 months.

SOC 2 Type II

SOC 2 Type II and SOC 3 on all plans. AES-256 encryption at rest, TLS 1.2+ in transit (TLS hardened November 2025). GDPR and CCPA compliant. EU-US Data Privacy Framework certified.

8,000+ app integrations with MCP

Unmatched ecosystem connecting virtually any business tool. 30,000+ actions accessible. MCP (Model Context Protocol) now lets AI assistants like Claude and ChatGPT take actions across all connected apps. Included on all plans.

SOC 2 on all plans

Unusual in industry — SOC 2 Type II and SOC 3 available even on free tier. Zapier Agents achieved full SOC 2 readiness in December 2025.

No HIPAA compliance at any tier

Explicitly unsupported at all tiers. Zapier will not sign BAAs. Terms of Service prohibit transmitting PHI. Do not use for healthcare data or client case management involving sensitive health information.

AI Guardrails for PII detection

New (February 2026): Built-in app detects 30+ types of PII (SSNs, credit cards, emails, addresses), can automatically block or redact sensitive data before it passes downstream. Also detects prompt injection and jailbreak attempts.

15% nonprofit discount (direct only)

Modest compared to competitors offering 50%+. Applies to one plan only. Not available on TechSoup or Goodstack — must apply directly at zapier.com/non-profits with proof of nonprofit status.

Data training opt-out: manual vs. automatic

Free, Professional, and Team plan users must submit an individual opt-out form — no account-level control. Enterprise/Company plans are automatically opted out for all users. This is a meaningful governance gap for teams.

2026-02-01

AI Guardrails by Zapier launched: built-in app detects 30+ types of PII, blocks/redacts sensitive data, detects prompt injection and jailbreak attempts, screens for toxicity. Available on all plans.

2025-12-01

SOC 2 readiness completed for Zapier Agents. Data export aligned with Zapier-wide pathway; data deletion systems improved. Admin Center redesigned for all multi-user plans.

2025-11-01

Zapier Terms of Service updated (effective Nov 1, 2025). TLS security hardening: deprecated outdated TLS encryption across all plans.

2025-09-18

Tables, Forms/Interfaces, and Zapier MCP now included in all plans (Free, Professional, Team) at no extra cost. Previously required separate add-ons or subscriptions. MCP tool calls use 2 tasks each.

For organizations with 5+ staff

Team plan ($69/mo annual, 15% nonprofit discount available) provides SAML SSO, shared connections, and up to 25 users — ideal for most nonprofits. Note: each team member must individually opt out of data training (no account-level toggle). Upgrade to Enterprise only if you need automatic data training opt-out, custom retention, or more than 25 users.

For organizations with fewer than 5 staff

Free tier (100 tasks/mo, two-step Zaps, Tables/Forms/MCP included) is a strong starting point. Professional ($19.99/mo annual, or ~$17/mo with 15% nonprofit discount) unlocks multi-step Zaps and AI fields. Submit the data training opt-out form before processing any sensitive organizational data.

For health data or vulnerable populations

NOT RECOMMENDED for healthcare data or client case management involving PHI. Zapier explicitly prohibits transmitting Sensitive Personal Data in its Terms of Service and will not sign BAAs at any tier. Use only for non-PHI workflows. The new AI Guardrails feature (Feb 2026) can help detect PII accidentally included in automations, but does not make Zapier HIPAA-compliant.