Skip to main content

Hi everyone! 

I have a security concern about data exfiltration through unauthorized recipient domains and app connections, since a user who creates a zap can, for example, sent an e-mail to anywhere with sensitive data or connect to unkown Google Drive account and upload it there.
There’s a way to restrict the recipient domain to a list of authorized domains, allowing only authorized users to achieve it?
In the same way i’d like to know if we can allow only authorized users (like the team leaders) to create app connections, and then, share to his team.

Thanks! 

Hi @chlima88 

Info about data privacy and security for Zapier: https://help.zapier.com/hc/en-us/sections/14037178066317-Data-privacy-security

Higher level Zapier plans have more feature controls for apps and permissions: https://zapier.com/pricing


Thanks for your reply Troy, but I couldn't find a thread that answered my question.

I've read about app restriction to allow/disallow some apps and domain insights that can help us with account management. Both of these threads partially solve the problem, but with app restriction we only have control over which apps the user can use, not how they use them.

As per the original post, I would like to allow apps to connect to, for example, Google Services only with corporate accounts and also allow them to send emails only to known domains or restrict some domains.


@chlima88 

I’m not aware of that level of control for apps.

You can try opening a ticket with Zapier Support for more guidance: https://zapier.com/app/get-help


Reply