“Automate your work.”
Make is a visual no-code/low-code automation platform for integrations, workflows, and increasingly also agentic AI processes.
Companies can use it to connect data and actions across 3,000+ apps, automate API-based processes, and incorporate AI features such as AI Agents, AI Toolkit, AI Content Extractor, AI Web Search, and MCP servers into scenarios. The product addresses both simple app automations and more complex enterprise workflows with team, governance, and hybrid connectivity.
Make
Automate your work
Location: USA ⓘ Celonis, Inc., One World Trade Center, 87th Floor, New York, NY 10007, USA.
Pro Everything in Core plus Priority Scenario Execution, Custom Variables, and Full-Text Execution Log Search.
Teams Everything in Pro plus Teams, team roles, and sharing of scenario templates. Other Enterprise Custom Functions Support, Enterprise App Integrations, 24/7 Enterprise Support, Value Engineering, Overage Protection, and Advanced Security.
Credits / AI Agents Credit-based usage for scenarios and AI automation; scope of features varies by plan.
Target audience
Make is aimed at a broad spectrum: from individual users who want to build simple app automations via drag-and-drop to teams and large enterprises building cross-functional integration and AI landscapes. Officially, Make addresses areas including marketing, sales, operations, customer experience, finance, IT, HR, and workplace productivity. For enterprise users, Make additionally positions itself as a platform for scalable, secure, and governance-ready automation.
Outstanding features
Particularly noteworthy are the visual scenario modeling, the large app library, and the more recent integration of AI with traditional automation. Under “Make + AI,” Make lists several building blocks: AI Applications, MCP Server, AI Content Extractor, AI Web Search (beta), AI Agents, and AI Toolkit. The new AI Agents are created directly in the builder and, according to Make, offer traceable execution via a Reasoning Panel, which improves debugging and transparency compared to typical black-box agents.
Key application areas
The most important areas include app integrations, data and process synchronization, lead and CRM automation, email and marketing workflows, support triage, reporting, document extraction, and AI-supported decision logic. Make also cites specific agent examples such as support ticket triage, sales outreach, content marketing, market research, and candidate screening. This means the tool covers both classic BPA scenarios and newer agentic use cases.
Usage & notes
Operation is primarily handled via the visual Scenario Builder. For AI functions, one important point is that AI Agents are officially in Open Beta, and pricing may change. The billing model is based on credits; with AI functions, complexity increases because, in addition to operations, tokens, file sizes, pages, or runtimes may also be factored in. From a data protection perspective, particular attention should be paid to the selected hosting region, the enabled AI services, and the privacy policies of the connected third-party providers.
| Target audience | Assessment |
|---|---|
| Self-employed / Freelancers | Highly suitable – for recurring workflows, marketing, CRM, data synchronization, and AI automation. |
| SMEs | Highly suitable – visual automation across many apps, APIs, and data sources. |
| Agencies / Automation experts | Highly suitable – more complex scenarios, routers, filters, API workflows, and templates. |
| Enterprise teams | Suitable – Enterprise offers more security, support, integrations, and governance. |
| Non-technical beginners | Conditionally suitable – easier than code, but more complex than very simple Zapier workflows. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-prem / local hosting: indirect / not available
No on-premises, local, or self-hosted deployment of Make was found on the website.
Private Cloud / Data Center: Partially
The security page mentions a separately managed AWS environment for Enterprise, isolated from self-service cloud customers. This suggests a segregated environment, but does not clearly indicate a customer-owned, dedicated private cloud with full freedom of location and operation.
EU SaaS / Managed: Covered
The Help Center documentation on make.com lists a selectable data center region called “European Union (EU)” for organizations, where data is stored and processed. The list of subprocessors specifies AWS hosting in Ireland or Germany for European customers.
Hybrid: unclear
No clearly described hybrid operating model was found on the website in which part of the processing runs internally or on private infrastructure and another part runs as a managed service.
DPA: Covered
A DPA/AVV is published on the website as a PDF. It describes Make as a processor acting on behalf of the customer and stipulates that processing is subject to the customer’s documented instructions.
No Training: Partially
The Privacy Notice explicitly states only that Google Workspace APIs are not used to develop, improve, or train generalized AI/ML models. A general, product-wide commitment that prompts, uploads, or outputs from all AI features are never used for model training was not found on the website.
Open Source / Transparency Path: Indirect / Not Available
No clear information regarding open-source components, open models, or self-hostable core components was found on the website. A transparency pathway exists, if at all, only indirectly through contractual documents, Terms of Service (TOS), and data export/deletion policies, but not as an open-source or sovereignty model.
Data Processing
The website describes Make as a managed cloud service. According to the Help Center, organizations can select the data center region, including “European Union (EU),” with this region determining the storage and processing of the organization’s data. For Enterprise, Make specifies a separately managed AWS environment. The DPA, TOMs, and the list of subprocessors are published on the website. For international transfers, Make refers to DPF and SCCs. No information regarding on-premises or local hosting was found on the website.
Conclusion
For users in the EU/EEA, Make is best classified—according to its own website—as an EU SaaS offering with contractual and organizational safeguards, rather than as a fully independent on-premises solution. Positive aspects include the choice of an EU region, the DPA/AVV, TOMs, the list of subprocessors, and certifications. Limitations remain due to U.S. connections, international transfers, and the use of AI data for training, which is not clearly and generally excluded on the website. Overall, its use within the EU/EEA is conditionally GDPR-compliant, provided that the EU region is selected, the DPA is concluded, and the specific data flows are carefully reviewed.
Sources
- https://www.make.com/en/privacy-and-gdpr
- https://www.make.com/en/privacy-notice
- https://www.make.com/en/data-processing-agreement.pdf
- https://www.make.com/en/security
- https://help.make.com/organizations
- https://www.make.com/sub-processors.pdf
- https://www.make.com/technical-and-organizational-measures.pdf
- https://www.make.com/en/terms-and-conditions
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-prem / local hosting: indirect / not available
No on-premises, local, or self-hosted deployment of Make was found on the website.
Private Cloud / Data Center: Partially
The security page mentions a separately managed AWS environment for Enterprise, isolated from self-service cloud customers. This suggests a segregated environment, but does not clearly indicate a customer-owned, dedicated private cloud with full freedom of location and operation.
EU SaaS / Managed: Covered
The Help Center documentation on make.com lists a selectable data center region called “European Union (EU)” for organizations, where data is stored and processed. The list of subprocessors specifies AWS hosting in Ireland or Germany for European customers.
Hybrid: unclear
No clearly described hybrid operating model was found on the website in which part of the processing runs internally or on private infrastructure and another part runs as a managed service.
DPA: Covered
A DPA/AVV is published on the website as a PDF. It describes Make as a processor acting on behalf of the customer and stipulates that processing is subject to the customer’s documented instructions.
No Training: Partially
The Privacy Notice explicitly states only that Google Workspace APIs are not used to develop, improve, or train generalized AI/ML models. A general, product-wide commitment that prompts, uploads, or outputs from all AI features are never used for model training was not found on the website.
Open Source / Transparency Path: Indirect / Not Available
No clear information regarding open-source components, open models, or self-hostable core components was found on the website. A transparency pathway exists, if at all, only indirectly through contractual documents, Terms of Service (TOS), and data export/deletion policies, but not as an open-source or sovereignty model.
Data Processing
The website describes Make as a managed cloud service. According to the Help Center, organizations can select the data center region, including “European Union (EU),” with this region determining the storage and processing of the organization’s data. For Enterprise, Make specifies a separately managed AWS environment. The DPA, TOMs, and the list of subprocessors are published on the website. For international transfers, Make refers to DPF and SCCs. No information regarding on-premises or local hosting was found on the website.
Conclusion
For users in the EU/EEA, Make is best classified—according to its own website—as an EU SaaS offering with contractual and organizational safeguards, rather than as a fully independent on-premises solution. Positive aspects include the choice of an EU region, the DPA/AVV, TOMs, the list of subprocessors, and certifications. Limitations remain due to U.S. connections, international transfers, and the use of AI data for training, which is not clearly and generally excluded on the website. Overall, its use within the EU/EEA is conditionally GDPR-compliant, provided that the EU region is selected, the DPA is concluded, and the specific data flows are carefully reviewed.
Sources
- https://www.make.com/en/privacy-and-gdpr
- https://www.make.com/en/privacy-notice
- https://www.make.com/en/data-processing-agreement.pdf
- https://www.make.com/en/security
- https://help.make.com/organizations
- https://www.make.com/sub-processors.pdf
- https://www.make.com/technical-and-organizational-measures.pdf
- https://www.make.com/en/terms-and-conditions
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| – Very strong visual workflow modeling without the requirement for in-house backend development. | – The pricing model is credit-based; for AI and advanced features, consumption can fluctuate dynamically based on operations, tokens, pages, file size, or runtime, which makes cost estimation more difficult. |
| – 3,000+ standard apps and API access for broad integration coverage. | – The free tier is significantly limited for production use, including 1,000 credits/month, 2 active scenarios, and a 15-minute interval. |
| – AI features are not just add-ons, but can be integrated directly into scenarios. | – According to the Help Center, the On-Prem Agent is an Enterprise feature and currently supports only the HTTP Agent approach, i.e. not full self-hosting of the entire platform. |
| – Enterprise expansion with team roles, templates, enterprise apps, on-prem agent, and advanced security features. | – The new AI Agents are officially in Open Beta; functionality and pricing may change. |
| – Official privacy/compliance documentation is published comparatively extensively. | – According to the MSA, the customer remains responsible for third-party services and their data protection/terms of use. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
Make provides data protection documents relevant to the EU/EEA region on its own website, including privacy notices, a DPA/AVV, a list of subprocessors, and information on the GDPR and international transfers. In addition, its documentation specifies a selectable EU data center region for organizations. At the same time, the provider is U.S.-based, refers to the EU-U.S. Data Privacy Framework and SCCs for transfers, and the website does not specify a simple on-premises or self-hosting option. Thus, GDPR-compliant use in the EU/EEA appears to be possible in principle, but only under certain conditions, such as selecting the appropriate region, signing the DPA, and reviewing the specific data flows to subprocessors and AI functions.
Positive
The website includes a DPA/AVV, a data protection page on the GDPR, a Privacy Notice, technical and organizational measures, a list of subprocessors, and information on selecting EU data centers for organizations. In addition, Make cites ISO 27001 as well as SOC 2 Type II and SOC 3 for its infrastructure and security program, respectively.
Negative
The website does not clearly guarantee comprehensive EU/EEA-exclusive processing in all cases. The documentation refers to U.S. connections and international transfers via DPF or SCCs. An on-premises/self-hosting option is not specified on the website. No clear, general commitment to a blanket opt-out from AI training for all AI functions was found on the website; only a specific note regarding Google Workspace APIs is available.
Server Location
For organizations, the website lists a selectable data center region: “European Union (EU).” The list of subprocessors published on the website specifies hosting locations in Ireland (Dublin) or Germany (Frankfurt) for European customers using AWS. In addition, the Enterprise Security page mentions a separately managed AWS environment. The website does not fully clarify whether this applies unchanged to all current product areas and AI features.