// Trust & Security Report

    IFTTT Inc. logo

    IFTTT Inc.

    IFTTT is a workflow automation platform that connects 1000+ apps and services to create customizable automations (Applets) without code. Includes integrations with AI services (Claude, ChatGPT, DeepSeek), smart home devices, productivity tools, social media, and business applications. Free and paid tiers available.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR
    HELD

    IFTTT states 'IFTTT will be the controller of your Personal Data processed in connection with the Service' and references GDPR definitions of 'Personal Data' and 'processing'. Company provides GDPR contact at IFTTT@gdpr-rep.com. Terms mention compliance with 'the EU General Data Protection Regulation' requirements.

    Verify on ifttt.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type 1
    NOT CONFIRMED

    No explicit vendor-domain statement found. Third-party claims from Nudge Security and Aptible Trust Center title, but unverified and contradicted by workflowautomation.net review which states 'IFTTT lacks enterprise security certifications (SOC 2, ISO 27001)'.

    SOC 2 Type 2
    NOT CONFIRMED

    No vendor-domain evidence found. Unverified third-party claims exist.

    source: ifttt.com
    ISO 27001
    NOT CONFIRMED

    No vendor-domain evidence found. Unverified third-party claims from Nudge Security and Aptible Trust Center.

    source: ifttt.com
    HIPAA
    NOT CONFIRMED

    No vendor-domain explicit statement. One review notes 'HIPAA is available (enterprise plans) if you contact their sales team' but no documented compliance framework visible. Nudge Security claims HIPAA compliance without vendor proof.

    source: workflowautomation.net
    FedRAMP
    NOT CONFIRMED

    No vendor-domain evidence. Not found in FedRAMP Marketplace. Nudge Security claims FedRAMP compliance without evidence.

    source: marketplace.fedramp.gov
    PCI DSS
    NOT CONFIRMED

    No vendor-domain evidence found. Unverified third-party claim from Nudge Security.

    source: ifttt.com
    CSA STAR
    NOT CONFIRMED

    No vendor-domain evidence found. Nudge Security claims CSA STAR Level 1 without documented proof.

    source: ifttt.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not explicitly disclosed; IFTTT uses industry-standard SSL encryption for data in transit

    IFTTT integrates with AI services (Claude, ChatGPT, DeepSeek) but does not indicate training its own models on customer data. Data passed to third-party AI providers follows those vendors' terms. No evidence found of IFTTT training proprietary AI models on user automation data.

    // Security controls

    Encryption in transit

    SSL/TLS encryption used for all data transmission between IFTTT and connected services

    help.ifttt.com

    Authentication mechanism

    OAuth (Open Authorization) for third-party service connections; two-factor authentication available for account protection

    help.ifttt.com

    Data access control

    Only employees who need personal information for specific job functions are granted access

    ifttt.com

    Data retention

    Trigger checks, Applet runs, and errors logged for 7 days for system performance; activity feed retained for 30 days for troubleshooting

    help.ifttt.com

    Data selling policy

    IFTTT does not sell personal user data to third parties

    ifttt.com

    // Products & data scope

    IFTTT FreeWorkflow Automation / SaaS

    data: Limited to 2 Applets; OAuth connections to third-party services

    Consumer-grade offering; basic automation capabilities

    IFTTT ProWorkflow Automation / SaaS

    data: Up to 20 Applets; multi-action Applets; access to AI-powered services

    $2.49/month; faster execution speeds

    IFTTT Pro+Workflow Automation / SaaS

    data: Unlimited Applets; advanced features; priority support

    $8.49/month; includes AI service integrations

    IFTTT EnterpriseWorkflow Automation / SaaS

    data: Custom automation solutions; dedicated support

    Custom pricing; claims of HIPAA support if contacted (unverified); no public security documentation

    // What to watch

    • OVER-CLAIM RISK: Nudge Security claims IFTTT holds SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, and CSA STAR Level 1. However, no vendor-domain proof found on ifttt.com, and workflowautomation.net explicitly contradicts these claims, stating 'IFTTT lacks enterprise security certifications (SOC 2, ISO 27001)'. These claims are unverified and potentially misleading.
    • MISSING TRUST CENTER: IFTTT does not maintain a public trust center or dedicated security/compliance documentation page. Certifications (if held) are not prominently advertised or documented on vendor domain.
    • CONFLICTING INFORMATION: workflowautomation.net review explicitly states IFTTT does not hold SOC 2 or ISO 27001 certifications and describes 'consumer-grade' security posture. This directly contradicts third-party assessor claims.
    • NOT IN FEDRAMP MARKETPLACE: Despite Nudge Security claiming FedRAMP compliance, IFTTT does not appear in the searchable FedRAMP Marketplace.
    • ENTERPRISE COMPLIANCE UNCLEAR: Marketing mentions 'enterprise reliability' and custom enterprise plans, but no enterprise-grade security certifications publicly documented. HIPAA support mentioned as available 'if you contact sales' with no public framework.

    // At a glance

    Pricing model

    Freemium SaaS: Free (2 Applets), Pro ($2.49/mo, 20 Applets), Pro+ ($8.49/mo, unlimited), Enterprise (custom)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on IFTTT Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    ifttt.com

    > Browse all vendor trust reports