At IFTTT, we believe everything works better together, but some things might be better off separate (a hacker and your passwords, for example). Given the access IFTTT requires, you might ask: Is IFTTT safe?
In this article, we'll outline some of the ways we ensure your data and connected third-party accounts are safe on IFTTT.
What is IFTTT?
IFTTT is an automation platform with over 1000 apps and devices ready to use in your Applets.
You can set your heating to turn on 10 minutes before you get home from work, or set your smart lights to flash green when Elon Musk tweets about Dogecoin. You may not recognize all the words in that last sentence, but the important thing to remember is that IFTTT needs access to your devices/accounts in order to power these automations.
With great power comes great responsibility, and we don't take the trust our 30+ million users place in us lightly.
What are third-party services?
Services on IFTTT are applications, devices, and APIs that can be used in Applets and are usually controlled by a third-party. Some examples include Instagram, Phillips Hue, and Telegram.
How Does IFTTT connect to services?
Most services on IFTTT use OAuth, or Open Authorization, which means users can grant IFTTT restricted access to their third-party account without having to give IFTTT their password.
Rather, an access token is provided to IFTTT which grants specific permissions (like making a new post on X on a user's behalf) without giving IFTTT full control over the account.
How can I revoke access?
To revoke IFTTT’s access to a third-party service, head to ifttt.com/my_services, select a service, then click Remove.
Please note that some services like Facebook Pages and Google also provide their own method for removing third-party access directly through their platforms. Using either method will successfully remove the access token granted to IFTTT
Are logs kept at IFTTT?
Every trigger check, Applet run, and error is logged to a secure database. These logs are kept for 7 days to help monitor system performance, while activity feed information is stored for 30 days to assist with troubleshooting. When monitoring overall system health, we only use datasets that do not include personal information such as trigger details or action data. Activity feed data is separate and only accessed as part of a customer support interaction.
Does IFTTT sell user data?
IFTTT does not sell personal user data to third-parties.
How does IFTTT use customer data?
The limited personal information stored may be used to provide you with better suggested Applets and services that you may be interested. Occasionally, we may aggregate anonymous customer data to gain a better understanding of our user base.
How do I clear my data?
To clear all of your data from IFTTT’s servers, head to ifttt.com/settings and click Delete my account.
Also note that you can request an export of your data from the same page. This will be sent to you via email as a JSON file.
For a more in-depth breakdown of IFTTT's Data management and privacy measures, view the Privacy Policy Page.
How can I improve the security of my account?
To keep your account secure, we recommend the following steps:
- Enable two-step verification (2FA): Adding an extra layer of security is easy. Simply sign in to your account, go to Settings, then click Enable Two-Step Verification and follow the on-screen instructions.
- Avoid reusing passwords: Use a unique password for each account to reduce the risk of unauthorized access.
- Create a strong password: Choose a password that’s at least 8 characters long and includes a mix of upper and lower case letters, numbers, and special characters.