// Trust & Security Report
IFTTT Inc.
IFTTT is a workflow automation platform that connects 1000+ apps and services to create customizable automations (Applets) without code. Includes integrations with AI services (Claude, ChatGPT, DeepSeek), smart home devices, productivity tools, social media, and business applications. Free and paid tiers available.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on ifttt.com“IFTTT states 'IFTTT will be the controller of your Personal Data processed in connection with the Service' and references GDPR definitions of 'Personal Data' and 'processing'. Company provides GDPR contact at IFTTT@gdpr-rep.com. Terms mention compliance with 'the EU General Data Protection Regulation' requirements.”
> Show 7 unconfirmed / not-held certifications
No explicit vendor-domain statement found. Third-party claims from Nudge Security and Aptible Trust Center title, but unverified and contradicted by workflowautomation.net review which states 'IFTTT lacks enterprise security certifications (SOC 2, ISO 27001)'.
source: ifttt.comNo vendor-domain evidence found. Unverified third-party claims exist.
source: ifttt.comNo vendor-domain evidence found. Unverified third-party claims from Nudge Security and Aptible Trust Center.
source: workflowautomation.netNo vendor-domain explicit statement. One review notes 'HIPAA is available (enterprise plans) if you contact their sales team' but no documented compliance framework visible. Nudge Security claims HIPAA compliance without vendor proof.
source: marketplace.fedramp.govNo vendor-domain evidence. Not found in FedRAMP Marketplace. Nudge Security claims FedRAMP compliance without evidence.
source: ifttt.comNo vendor-domain evidence found. Unverified third-party claim from Nudge Security.
source: ifttt.comNo vendor-domain evidence found. Nudge Security claims CSA STAR Level 1 without documented proof.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not explicitly disclosed; IFTTT uses industry-standard SSL encryption for data in transit
IFTTT integrates with AI services (Claude, ChatGPT, DeepSeek) but does not indicate training its own models on customer data. Data passed to third-party AI providers follows those vendors' terms. No evidence found of IFTTT training proprietary AI models on user automation data.
// Security controls
Encryption in transit
SSL/TLS encryption used for all data transmission between IFTTT and connected services
help.ifttt.comAuthentication mechanism
OAuth (Open Authorization) for third-party service connections; two-factor authentication available for account protection
help.ifttt.comData access control
Only employees who need personal information for specific job functions are granted access
ifttt.comData retention
Trigger checks, Applet runs, and errors logged for 7 days for system performance; activity feed retained for 30 days for troubleshooting
help.ifttt.com// Products & data scope
data: Limited to 2 Applets; OAuth connections to third-party services
Consumer-grade offering; basic automation capabilities
data: Up to 20 Applets; multi-action Applets; access to AI-powered services
$2.49/month; faster execution speeds
data: Unlimited Applets; advanced features; priority support
$8.49/month; includes AI service integrations
data: Custom automation solutions; dedicated support
Custom pricing; claims of HIPAA support if contacted (unverified); no public security documentation
// What to watch
- OVER-CLAIM RISK: Nudge Security claims IFTTT holds SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, and CSA STAR Level 1. However, no vendor-domain proof found on ifttt.com, and workflowautomation.net explicitly contradicts these claims, stating 'IFTTT lacks enterprise security certifications (SOC 2, ISO 27001)'. These claims are unverified and potentially misleading.
- MISSING TRUST CENTER: IFTTT does not maintain a public trust center or dedicated security/compliance documentation page. Certifications (if held) are not prominently advertised or documented on vendor domain.
- CONFLICTING INFORMATION: workflowautomation.net review explicitly states IFTTT does not hold SOC 2 or ISO 27001 certifications and describes 'consumer-grade' security posture. This directly contradicts third-party assessor claims.
- NOT IN FEDRAMP MARKETPLACE: Despite Nudge Security claiming FedRAMP compliance, IFTTT does not appear in the searchable FedRAMP Marketplace.
- ENTERPRISE COMPLIANCE UNCLEAR: Marketing mentions 'enterprise reliability' and custom enterprise plans, but no enterprise-grade security certifications publicly documented. HIPAA support mentioned as available 'if you contact sales' with no public framework.
// At a glance
Pricing model
Freemium SaaS: Free (2 Applets), Pro ($2.49/mo, 20 Applets), Pro+ ($8.49/mo, unlimited), Enterprise (custom)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on IFTTT Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
ifttt.com