Trust at Airtable
Protecting customer data is core to Airtable. We take privacy and security into consideration in all aspects of the platform and supporting infrastructure. Earning and keeping the trust of our users is our top priority, and we continually look for ways to expand and improve the security of Airtable as the product innovates.
Security Program
At Airtable, we strive to create a secure environment that builds trust with our customers through the following guiding principles.
Continuous advancement of our security technologies and practices to get ahead of emerging threats.
Across the organization through regular security training which covers topics such as data privacy, information security, and password security.
Stay updated on industry regulations, standards, and best practices, enabling alignment with data protection and privacy requirements, reducing legal and reputational risks for the company.
Skilled security professionals who belong to one of four security teams:
Application Security
Governance, Risk, Compliance & Privacy (GRCP)
Infrastructure Security
Security Features in Airtable
Customizable collaborator permissions in your workspace where you can control who you share a workspace with and whether they can modify content.
Access restriction to Airtable views through password-protected share links or email domain.
Record-level revision history that shows a visual activity feed of the changes made to each record.
Two-factor authentication (2FA) for your account if you’re using password-based authentication.
SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan.
Compliance and Certifications at Airtable
SOC 2 Type 2
Airtable has undergone a Service Organization Controls audit (SOC 2 Type 2). Please contact your account manager or sales@airtable.com to request Airtable's most recent report.
ISO/IEC 27001
ISO/IEC 27001:2022 is a specification for an information security management system (ISMS), which is a framework for an organisation's information risk management processes. View certificate.
ISO/IEC 27701
ISO/IEC 27701:2019 is a specification for a privacy information management system (PIMS), which is a framework for an organization's privacy management processes. View certificate.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) are national standards to protect sensitive patient health information from disclosure. For more information, please see here.
TX-RAMP Level 2
Texas Risk and Authorization Management Program (TX-RAMP) is a certification program used by Texas agencies that ensures a service has developed a security program to meet the defined security and compliance standards to handle state data. View certificate.
Privacy at Airtable
Airtable is committed to adhering to privacy laws, regulations, and best practices.
GDPR
Airtable’s privacy program is designed for compliance with global privacy laws and regulations, including Europe’s General Data Protection Regulation (GDPR) and the United Kingdom GDPR. You can learn more about Airtable’s commitment to compliance with GDPR here.
CCPA/CPRA
Airtable’s privacy program is designed for compliance with global privacy laws and regulations, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). You can learn more about Airtable’s commitment to compliance with CCPA here.
Privacy Policy
Airtable takes privacy obligations and the protection of your information seriously, and Airtable complies with all applicable privacy laws and regulations. You can learn more about Airtable’s privacy practices in our Privacy Policy.
Data Processing Addendum
You can sign our Data Processing Addendum (DPA) by entering your information at this link. You will be able to download and review the DPA before signing it.
Cookie Compliance
Airtable places a strong emphasis on cookie compliance. Read more about how cookies are used, what types of cookies are employed, and how cookie preferences can be managed in Airtable’s Cookie Policy.
European Union Data Residency
Airtable offers our customers the option to have their data stored in the European Union. Read more about some of the common Frequently Asked Questions here.
Enterprise Key Management
Airtable provides our Enterprise customers the ability to store data at rest with customer-owned keys. You can learn more about this offering here.
Data Subprocessors
Airtable maintains a current list of Airtable’s data subprocessors for transparency found at this link.
Additional Information
At Airtable, we put our customers and their security needs first. We are continuously seeking advancement of our security technologies and practices and use world class solutions to get ahead of emerging threats.
Consensus Answer Initiative Questionnaire (CAIQ)
Airtable has completed the CAIQ. This is an industry-standard questionnaire that is developed and maintained by the Cloud Security Alliance. This can be shared under NDA, please reach out to your sales representative for more information.
Standardized Information Gathering (SIG)
Airtable has completed the SIG Lite. This is an industry-standard questionnaire that is maintained by the Shared Assessments Organization. This can be shared under NDA, please reach out to your sales representative for more information.
Higher Education Vendor Assessment Toolkit (HECVAT)
Airtable has completed the HECVAT. This is an industry-standard questionnaire that is developed by the Higher Education Information Security Council. This can be shared under NDA, please reach out to your sales representative for more information.
Report an issue
If you believe you’ve discovered a security-related issue, please report the issue on our HackerOne bug bounty program or contact us at security@airtable.com.