This guide covers the essential aspects of data storage and transfer at Fireflies, including storage locations, compliance, and security practices.

Data storage

1. Storage locations

• Public cloud: By default, your data is stored and processed in Fireflies' secure cloud infrastructure in the United States (AWS and GCP).

• Private storage:

• Fireflies offers private storage for organizations dealing with sensitive data or stringent compliance needs. (Available in the Enterprise plan).

• With Private storage, you can store your meeting data in a dedicated and isolated storage. Bring Your Own Storage (BYOS) on AWS S3 or Google Cloud Storage.

Note:

• Your data will be stored in the EU, but processed in the US.

Related: Fireflies Private Storage

2. Data encryption

• All user data, including transcripts, recordings, calendar events, emails, and settings, is encrypted end-to-end using 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.

3. Data ownership

• You have complete ownership of all your data, as stated in the Fireflies Terms of Service.

• Fireflies acts as the custodian of your data but does not share or use it for AI training purposes.

4. Data type collected

We collect and store user content and user metadata.

• User content: Transcription, Summaries, Audio and video recordings, AskFred chats, Soundbites, and any derivatives of such.

• User metadata: Calendar metadata, meeting participants' emails and names, usage logs, and user settings/configuration.

Data transfer

Data backups and disaster recovery

All user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, is encrypted using industry-standard 256-bit AES encryption both at rest and in transit.

Related: Learn about how we encrypt your data

Data privacy and compliance

1. Compliance

• Fireflies is SOC 2 Type 2, GDPR (for EU data protection), and HIPAA (for safeguarding health information in the US) compliant.

• Fireflies also supports FERPA requirements for safeguarding student education records at educational institutions.

• Fireflies is listed in the EU-US Data Privacy Framework, ensuring adherence to data protection requirements for EU residents.

2. Data privacy

• Fireflies has signed Business Associate Agreements (BAA) with vendors like OpenAI and ASR providers, ensuring no data is stored or used for training purposes on their systems, thereby maintaining data privacy and security.

• For educational institutions, Fireflies also offers a Data Sharing Agreement (DSA) to support FERPA compliance when handling student education records.

• We follow the principle of least privilege, strictly granting access to sensitive data on a need-to-know basis, with monitoring and auditing.

• If greater access is needed, for example, during a support request, you must first grant your permission.

Related: Policy on keeping information safe.

Security practices

• Fireflies regularly scans for vulnerabilities and has an ongoing bug bounty program to detect and address security issues.

• In case of a security breach, Fireflies will investigate, notify affected individuals, and take appropriate steps as per applicable laws and regulations.

Related: Fireflies Security FAQs