We’re sharing this summary to make it easier to understand what’s included in the updated Privacy Policy, Terms of Service, and Data Processing Addendum (DPA).

We’ve updated our legal terms to reflect product growth, global privacy laws, and stronger data protection commitments.

We’ve updated our:

• Privacy Policy

• Terms of Service

• Data Processing Addendum (DPA)

• Business Terms

TL;DR

We're committed to safeguarding your privacy and data. Here’s what this means for you:

• Fireflies does not use your meeting content or personal data to train AI models.

• Vendors are contractually prohibited from training AI models on your data.

• Meeting audio, video, transcripts, and summaries are not retained by third-party vendors after processing.

• We do not sell, share, or use Customer Personal Data for targeted advertising.

• For Business & Enterprise customers, Fireflies processes Customer Personal Data only according to customer instructions under the DPA.

• You can access, correct, or delete your data

Your Data & AI

• We collect account, meeting, and usage data to provide the Services.

• Meeting recordings and transcripts are processed only to deliver features you enable.

• We do NOT use your meeting content or personal data to train internal or external AI models.

• We contractually prohibit our vendors from training AI models on your data

Zero Data Retention for Meeting Content

Meeting audio, video, transcripts, and summaries:

• Are not retained by third-party vendors after processing

• Are not reused

• Are not used for AI model training

(Note: This applies specifically to meeting content.)

Voice & Biometric Information

Some service providers may temporarily process voice characteristics to distinguish speakers in transcripts.

• Not used for identification or authentication

• Not stored by Fireflies on our own servers

• Subject to strict deletion schedules

Stronger Data Processing Protections (DPA)

For Business & Enterprise customers:

• Fireflies acts as a Processor when handling Customer Personal Data.

• We process data only according to customer instructions.

• We do not sell, share, or use Customer Personal Data for targeted advertising.

• We do not combine customer data across clients.

• We implement appropriate technical and organizational Security Measures.

• We notify customers without undue delay of any Security Incident.

• Customers have audit rights (subject to reasonable limits).

• Customers may object to new Subprocessors.

👉Full DPA here

International Data Transfers

We support lawful global transfers through:

• EU-U.S. Data Privacy Framework (DPF)

• EU Standard Contractual Clauses (SCCs)

• UK International Data Transfer Addendum (UK IDTA)

If DPF certification is withdrawn, we notify customers and rely on SCCs.

Your Rights & Controls

You can:

• Access, correct, or delete your data

• Delete your account (data deleted within 30 days)

• Control meeting visibility and sharing

• Opt out of targeted advertising

• Opt out of arbitration (within 30 days)

For full details:

👉 Privacy Policy
👉 Terms of Service

Arbitration & Disputes

Most disputes are resolved via individual binding arbitration, not class actions.

You may opt out within 30 days of agreeing to the Terms.

Frequently Asked Questions (FAQ)

Privacy & AI

Q: What if I do not agree to the updated terms or the Privacy policy?

If you do not agree to the updated terms, you must delete your account. Your continuation of using Fireflies' services means you agree to the updated terms and services.

Q: Does Fireflies train AI models on my meeting data?

No. Fireflies does not use personal data or meeting content to train internal or external AI models. Vendors are contractually prohibited from doing so.

Q: What is “Customer Personal Data”?

For Business and Enterprise customers, this means personal data included in User Content that Fireflies processes on your behalf to provide the Services.

Q: Who controls Customer Personal Data?

• The Customer acts as the Controller.

• Fireflies acts as a Processor (or Subprocessor where applicable).

• Fireflies only processes data according to customer instructions.

Q: Does Fireflies sell or share customer data?

No. Under the DPA:

Under the DPA:

• Fireflies processes Customer Personal Data only according to customer instructions.

• Fireflies does not combine Customer Personal Data across customers.

• Fireflies does not process Customer Personal Data outside its direct business relationship with the customer.

Q: What is “Service Data”?

Service Data refers to operational data related to account management, billing, analytics, product improvement, and support.

This is separate from User Content and is processed by Fireflies as a Controller under the Privacy Policy.

Security & Incidents

Q: What happens if there is a security incident?

If Fireflies becomes aware of a Security Incident affecting Customer Personal Data:

• We notify the customer without undue delay.

• We provide relevant information.

• We take commercially reasonable mitigation steps.

• We assist with investigation as needed.

Notification does not imply fault or liability.

Q: What security measures are in place?

We implement appropriate technical and organizational safeguards aligned with Data Protection Laws.

Security details are available at:
https://fireflies.ai/security

Subprocessors

Q: Does Fireflies use Subprocessors?

Yes. We use vetted Subprocessors to deliver the Services.

• A list is available at:
  https://trust.fireflies.ai/subprocessors

• Customers are notified of changes.

• Customers may object within 30 days.

• Fireflies remains liable for Subprocessor compliance.

International Data Transfers

Q: How does Fireflies handle EU/UK/Swiss data transfers?

We rely on:

• The EU-U.S. Data Privacy Framework

• Standard Contractual Clauses (SCCs)

• UK IDTA (where applicable)

If DPF certification is withdrawn, we notify customers and rely on SCCs.

Data Retention & Deletion

Q: What happens to Customer Personal Data when the contract ends?

Upon termination:

• Fireflies will delete or return Customer Personal Data upon instruction.

• If retention is legally required, data will be isolated and protected.

Q: What is Deidentified Data?

Fireflies may create aggregated or deidentified data for product improvement.

• It cannot reasonably be linked to an individual.

• We do not attempt to re-identify it.

Data Subject Requests

Q: Who responds to GDPR/CCPA access or deletion requests?

The Customer (Controller) is responsible.

If a request is sent to Fireflies:

• We notify the Customer.

• We do not respond directly (except to redirect the requester).

• We assist the Customer if needed.

Audits & Compliance

Q: Can Business customers audit Fireflies?

Yes.

• Up to once per year.

• At Customer’s expense.

• Or we may provide summary audit reports where permitted.

• Subject to confidentiality protections.

AI Systems

Q: How does the DPA apply to AI systems?

If Customer Personal Data is processed by an AI system:

• Fireflies ensures security measures apply.

• Processing remains subject to customer instructions.

• No AI training on Customer Personal Data.

Liability

Q: Does the DPA change liability limits?

No. Liability under the DPA remains subject to the caps and exclusions in the Terms of Service.

Updates

Q: Can the DPA change?

Yes. We may update it periodically and provide notice.

Continued use of Services constitutes acceptance of the updated DPA.

Contact

For privacy or DPA-related questions:
support@fireflies.ai