As a tool that automates workflow and data interactions for organizations and individuals, Zapier is incredibly useful. It takes many of the various websites we REALTORS® use and gets them to work and play together almost seamlessly. That sure beats cutting and pasting data from one site to another. However, is Zapier secure enough for us to use it in our businesses?

What is Zapier and How is it Useful in Real Estate?

If you already know, skip ahead to the next section where I’ll discuss security concerns and how to mitigate them.

Think of Zapier as your personal assistant. But, instead of going to get your dry cleaning or putting a keybox on your new listing, this PA moves data from one system to another and kicks off electronic tasks. Of course, you might already have a nice, expensive CRM (Customer Relationship Manager application) that does this work for you. But if you don’t have one of those, or if your CRM doesn’t work and play well with all of your online assets, Zapier might just be the tool for you.

Here are a few examples of things you might use Zapier to do for you:

You write a blog post then Zapier sees the blog post and …

  1. Emails the post to your database via MailChimp
  2. Posts links to your Facebook, Twitter, and LinkedIn pages
  3. And saves the title to a Google Spreadsheet so you can easily scan through your list of blog posts to make sure you don’t rewrite the same content.

A new Zillow cold lead appears in your Agent Hub then Zapier sees the contact and …

  1. Sends them an email and a text message from your real estate team
  2. Adds the cold lead’s info to a Google Spreadsheet since you don’t like to put cold leads in your CRM
  3. Sends a message about the cold lead to your team’s Slack channel so someone can follow up
  4. Enters a reminder in your calendar so you can make sure the lead has been contacted

So, you can see that basically what Zapier does is wait for something to happen (aka, a triggering event), and then it does something. Or several somethings. These “if this happens then do this” events are called zaps. Zapier’s zaps can be used to connect hundreds of websites including your REALTOR® website, Real Geeks, Lion Desk, Zillow, Slack, Gmail, Google Workspace, Outlook, Excel, Facebook, Twitter, LinkedIn, Zoom, Mailchimp, Calendly, and so forth and so on until you get tired of reading through the list.

How Secure is Zapier?

For the most part, Zapier is secure. However, there are a few holes in its security. The good news is that with a little work on your part, the security issues can be resolved or at least fairly well mitigated.

Minimal Security Credentials

Zapier allows a user to log in with just a username and password. While that’s better than not requiring anything at all, requiring the use of multi-factor authentication would be a great addition to Zapier’s security defenses.

How you can mitigate this problem: Turn on two-factor authentication. I know it’s a pain but it’s better than losing client data.

Weak Data Storage Keys

Zapier doesn’t require unique keys when accessing its data storage system. And users are allowed to select their own keys. So, in theory, you and I could both select the same key such as “ThomasonRealEstate.” Since data storage is global and not confined to a single user account, you and I (using the key ThomasnRealEstate) could access and/or overwrite each other’s data.

How you can mitigate this problem: Make sure your keys are long and complex, just like your passwords.

Not HIPAA Compliant

After working in IT in both the medical and law enforcement sectors, I know how important protecting personal information is. Zapier states that it is not HIPAA compliant. That doesn’t mean much in real estate, but it is a sign that their security system has limits.

How you can mitigate this problem: Do not send sensitive data through Zapier. You might have access to client social security numbers, bank account numbers, and other such data. Please don’t use Zapier to send that data through the Internet.

On the Brighter Side

Zapier is serious about security. OK, they’re not perfect and they’re not HIPAA compliant. But not that many people are HIPAA compliant and few if any are perfect. Zapier does use bank-level encryption, is SOC (Systems and Organizational Controls) compliant, and purges data requests after 7 days.

So, if you’re going to use an online automation tool, Zapier is a good choice. It’s the one I use for my real estate business.