// Trust & Security Report
Airtable
Cloud-based no-code database and workspace platform with AI-powered workflows, AI agents, and automations. Core product (Airtable Base/Workspace) with integrated AI features, automation engine, and extensible API.
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on airtable.com“Service Organization Controls audit (SOC 2 Type 2) completed. Airtable completes annual SOC 2 Type 2 audits.”
Verify on airtable.com“ISO/IEC 27001:2022 Information security management system certification. Airtable completes annual ISO 27001 audits.”
Verify on airtable.com“ISO/IEC 27701:2019 Privacy information management system framework certification. Airtable completes annual ISO 27701 audits.”
Verify on support.airtable.com“HIPAA compliance features are available for Enterprise Scale customers. Airtable has established HIPAA compliance requirements with Business Associate Agreement (BAA) support.”
Verify on support.airtable.com“Privacy and security have always been core to Airtable's approach. Airtable complies with Europe's General Data Protection Regulation (GDPR).”
Verify on airtable.com“TX-RAMP Level 2 certification for handling Texas state agency data. Ensures security program meets defined standards for state data.”
> Show 4 unconfirmed / not-held certifications
source: airtable.comNo public evidence of CSA STAR certification on Airtable's trust center or security pages.
source: airtable.comNo public evidence of ISO 42001 certification on Airtable's trust center or official security documentation.
source: airtable.comFedRAMP certification not mentioned on trust center. Community discussions indicate this certification has not been obtained.
source: airtable.comNo public evidence of PCI-DSS certification on Airtable's official security documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Default: US (US-East-1 AWS). Optional: EU (Frankfurt with Dublin backups) for Enterprise Scale customers. Australian residency claimed on homepage but no confirmed Australian region offered.
Airtable explicitly prohibits training AI models on customer data. Policy: 'Airtable will not use, or permit the Third-Party AI Providers or others to use, Input, Output, or any other Customer Data to train the generative artificial intelligence models used to provide Airtable AI.' Data retention: Enterprise Scale/Business plans retain no input/output; Free/Team/Pro/Plus plans may retain for up to 30 days for safety and compliance moderation.
// Security controls
Data Processing Addendum
Available with EU Standard Contractual Clauses (Module 2 and 3), UK SCCs, and Swiss data protection compliance
airtable.comEnterprise Key Management (EKM)
Customer-owned encryption keys for data at rest (Enterprise Scale feature)
airtable.comAccess Controls
Role-based access control (RBAC), admin roles, fine-grained permissions, IDP-synced groups, programmatic provisioning/de-provisioning
airtable.comBreach Notification
Commitment to notify customers of substantiated breaches within 72 hours
airtable.comVulnerability Management
Skilled security professionals specializing in Application Security and Infrastructure Security
airtable.com// Products & data scope
data: Customer data stored in Airtable bases; covered by all certifications
Core no-code database product available on all plans (Free through Enterprise Scale)
data: Input/output to AI models; not used for training; retention varies by plan tier
Integrates multiple LLM providers (OpenAI, Google, Anthropic, AWS, IBM, Meta). Data not trained on. 30-day retention on lower plans, no retention on Enterprise/Business.
data: AI agents orchestrate across customer data; same training and retention policies apply
Enterprise feature for production-grade AI automation across workflows
data: Automation logic and data flows; non-AI automation features
Traditional no-code automation engine
data: Curated external access to Airtable data
Allows customers to share read-only or collaborative views externally
// What to watch
- HIPAA is Enterprise Scale plan-specific feature, not a universal certification across all plans
- Data Processing Addendum language modifications restricted to Enterprise accounts
- AI data retention policy differs by plan tier: 30-day retention on Free/Team/Pro/Plus vs no retention on Enterprise/Business
- Homepage claims Australian data residency support but no Australian AWS region confirmed in technical documentation
- FedRAMP certification not obtained despite being standard for US government SaaS
- ISO 42001 (AI governance certification) not obtained despite heavy AI feature emphasis
- Third-party AI provider terms vary by provider (OpenAI, Anthropic, Google, AWS, IBM, Meta) - customers inherit those terms
// At a glance
Pricing model
Freemium with tiered plans: Free, Team, Pro, Plus, Business, Enterprise Scale. HIPAA and advanced compliance features require Enterprise Scale.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Airtable's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
airtable.com