Short answer
Yes, Make.com is safe for most business use cases. It's SOC 2 Type II and ISO 27001 certified, GDPR compliant, and uses encryption at rest and in transit. But "safe" depends on what you're automating and how you configure it.
Security certifications
Make.com holds the certifications that matter for B2B SaaS:
- SOC 2 Type II — independently audited security controls
- ISO 27001 — international information security standard
- GDPR compliant — for EU data protection
- HIPAA available — for healthcare data on Enterprise plans
What Make actually stores
This is the part most people miss. Make stores three categories of data:
- Connection credentials — OAuth tokens or API keys for the apps you connect (encrypted)
- Scenario blueprints — the structure of your automations
- Execution logs — input/output data of every module run, kept for 30-90 days
That last category is where the real risk sits. If your scenario processes credit card numbers, those numbers may appear in execution logs by default.
How to harden your Make.com setup
Use Data Stores with caution
Data Stores are great for caching, but they're not encrypted at the field level. Don't store secrets there.
Disable execution data retention for sensitive scenarios
In scenario settings, you can disable storing execution data. This costs you debugging visibility but eliminates the log-retention risk.
Rotate connection credentials regularly
Make stores OAuth tokens. If your Make account is compromised, every connected app is at risk. Rotate tokens quarterly.
Bottom line
For 95% of B2B automation use cases, Make.com is more secure than the alternatives most teams would build themselves. The platform itself is solid; the risks come from how individual scenarios handle data.