Zapier Security and Permissions
How to keep TradeVulcan Zapier credentials scoped, rotated, and safe for production workspaces.
Use least privilege
Only grant scopes needed by the Zap. A reporting Zap that reads leads does not need contact write access.
Keep credentials private
Do not paste Client Secrets into documents, tickets, chat, recordings, or screenshots. Rotate credentials if they are exposed.
Review destination permissions
Zapier can only write where the connected destination account has access. Confirm spreadsheet, channel, board, CRM, and calendar permissions before launch.
Audit active Zaps
Review active Zaps whenever a team member leaves, an app owner changes, or a workflow starts sending unexpected records.