// Trust & Security Report
Make (part of Celonis, Inc.)
Visual AI automation platform with 3000+ pre-built app integrations, AI agents, MCP Server, and enterprise orchestration (Make Grid); supports drag-and-drop, code, or prompt-based automation.
Certifications held
4
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on make.com“We have completed SOC 2 Type II and SOC 3 audits. A public summary report [is] available.”
Verify on make.com“We operate under an information security program that is ISO 27001 certified.”
Verify on make.com“Along with GDPR adherence, we have completed SOC 2 Type II and SOC 3 audits.”
> Show 9 unconfirmed / not-held certifications
source: community.make.comNo public evidence of HIPAA compliance or BAA availability; community forum discussions confirm Make does not offer HIPAA compliance.
No public evidence found on vendor domain.
No public evidence found on vendor domain.
No public evidence found on vendor domain.
No public evidence found on vendor domain.
No public evidence found on vendor domain.
source: make.comMentioned in market research but no direct vendor-domain proof found on make.com security pages.
source: make.comMentioned in market research but no direct vendor-domain proof found on make.com security pages.
No public evidence found on vendor domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
AWS (US and EU options available for GDPR compliance)
Make explicitly does not train on customer data. Privacy notice states: 'Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.' Customer data used only for service delivery, aggregated/anonymized analytics, security, and compliance.
// Security controls
Encryption at rest
Full-disk encryption using AES-256 algorithm; AWS Key Management Service (KMS) for key management
make.comAccess Control
VPN-required hosting environment; no direct public internet access to infrastructure
make.comData Retention
Personal information retained only as long as necessary for stated purposes; customer deletion requests honored
make.com// Products & data scope
data: Customer automation data, integration configurations, execution logs
Core product; 3000+ pre-built app integrations; free plan available with no credit card required
data: Agent configurations, execution logs, orchestration data
AI-powered agents that orchestrate workflows across 3000+ apps; 400+ pre-built AI app integrations
data: Automation landscape metadata, visibility data
Visual orchestration and management of entire automation landscape
data: MCP protocol traffic, connected application data
Model Context Protocol server for AI integration; allows AI to connect to real business actions securely
data: Same as Platform but in isolated AWS environment
Separate managed AWS environment isolated from self-service cloud; includes SSO, audit logs, domain claim
// What to watch
- SOC 3 is not a standard certification; no official SOC 3 standard exists. Vendor claims 'SOC 3' but this may be marketing confusion or internal terminology. Standard is SOC 2 Type I or Type II. Recommend clarification with vendor.
- TISAX and CSA STAR mentioned in market research but not on vendor's official security pages - credibility unclear without direct vendor documentation.
- HIPAA not supported; community requests for BAA are common but not available. Vendor markets security-first but healthcare use cases require alternatives.
- No ISO 42001 (AI Governance) certification found despite vendor offering AI-native products (AI Agents, MCP Server). Industry trend toward AI governance standards not yet adopted.
// At a glance
Pricing model
Freemium: free plan available; paid tiers based on operations/integrations; Enterprise custom pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Make (part of Celonis, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
make.com