Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

I have a zap that passes information between two secure/compliant applications.  The data being passed may contain DOB, Drivers License, SSN.  It does not contain any healthcare data (PHI).  It is ok to use Zapier in this use case?   I saw the updated Terms of Use and immediately saw the following information.  I entered a support ticket in Zapier but the reply was not clear at all and refered to the EU GDPR.  I am in the U.S.  I thought i would post the question here.

 

(d) No Prohibited Sensitive Personal Data: In addition you may not access or use the Service to post, upload or transmit, or incorporate any data that is subject to heightened privacy and security requirements by law or regulations or applicable Third Party Services terms, including, without limitation, any financial or medical information of any nature, any sensitive personal information (e.g., government issued numbers, driver’s license numbers, birth dates, personal bank account numbers, passport or visa numbers, credit card numbers, passwords and security credentials), or any special categories of personal data under GDPR.

Personally, I wouldn’t, even if it were OK under the ToS. Not that Zapier isn’t secure, but things like SSNs can really open you up to liability. You might not fall under GDPR (though it does apply to EU citizens regardless of their current location), but strict control of anything that sensitive is always a best practice. Plus you have heightened controls of data for California citizens, with more states likely coming down the pike.

We had a similar case in Europe, you can create a trigger and just pass the data over a code module from API to API make sure you don't return or safe any data. In these cases take in mind this is no consultation and you act on your own risk. Feel free to chat with us how we did it :)

Terms & Conditions