Fireflies.ai cares deeply about the security of your information and uses commercially reasonable physical, technical, and organizational measures designed to preserve the integrity and security of all information we collect and that we share with our service providers.
Data security and storage
1. What type of encryption is used to secure your data?
- At Fireflies, your data (including audio, transcripts, and related artifacts) is end-to-end encrypted at rest and in transit in AWS S3.
- Encryption at rest is encryption that is used to help protect data that is stored on a disk (including solid-state drives) or backup media.
- We use 256-bit AES encryption in storage and 256-bit SSL/TLS encryption in transit.
2. What type of data gets encrypted in Fireflies?
- Metadata, such as calendar events, emails, and user settings, are also end-to-end encrypted in rest and transit, with the same data security standards.
- We only take snapshots of your metadata every four hours and never of your transcript and audio data.
- The metadata may exist in snapshot/backup for a maximum of one year. This is in compliance with our data availability service level agreements, which we do for all customers.
1. Where is your data stored and how safe is it?
- Our servers are hosted in Google Cloud, and our database is hosted in a Virtual Private Cloud with AWS
- AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001, which means that your data is safe and the facilities that its kept in are monitored 24/7
2. Can the recordings and transcripts be stored in our own private storage bucket?
- We understand that your voice data is mission-critical and some conversations can be highly confidential. We've designed our infrastructure such that your data can be stored in the storage bucket of your choice, either managed by Fireflies in your preferred location, or via your own provided storage bucket in AWS or GCP.
- By signing up for our Private Storage offering, your data is stored on servers that you control.
- This is currently only available to enterprise customers. To request access to Private Storage, fill out this form and/or reach out to firstname.lastname@example.org
3. Can the Fireflies internal team access your data?
- Fireflies employees do not have access to production customer data by default.
- If greater access is needed, for example during a support request, permission must be granted by the user and employees must provide documentation for why they are requesting access.
- Access is granted only when required.
- We apply the principle of least privilege in our access controls mechanism to sensitive data. Access to sensitive data is based on a need-to-know basis and is strictly monitored and audited.
4. Is it possible to delete or remove any data?
- If at any point, you wish to delete any meeting from the Fireflies account, it is permanently and irreversibly removed from our database.
- When that happens, it is impossible to recover the meeting. You can delete your meetings from our user interface or by contacting our support team
5. What calendar data do you access when you integrate with Google or Outlook calendars?
- The calendar data accessed includes metadata like participant information, meeting time, and meeting URL. This is to make it easy for you to invite Fireflies to your meetings.
- Your account name and email is also accessed, which is used to authenticate and create an account for you.
Compliance and Security
SOC 2 Type II and GDPR Compliance
1. What is SOC 2 compliance?
- The American Institute of Certified Public Accountants' SOC 2 is an auditing process that ensures a company securely manages data and protects the privacy of its clients.
- It defines criteria for handling customer data based on five trust service principles, which are security, processing integrity, availability, confidentiality, and privacy.
2. What is GDPR compliance?
- Similarly, we are General Data Protection Regulation (GDPR) compliant. GDPR is the world's most widespread privacy and security law and includes guidelines for collecting, processing, and storing the personal information of individuals inside the European Economic Area.
Under our uncompromising stance toward the security and confidentiality of your data, we are SOC 2 Type II and GDPR compliant. This means our organization has the infrastructure, tools, and processes to protect customer data from unauthorized access both from within and outside the firm.
- We are also HIPAA compliant and we are constantly innovating to keep our customers' data even more secure than what these certifications require.
- In addition to complying with key regulations, we continuously monitor our code by looking at the security implications of each rollout. Furthermore, we give you complete control over your data and the ability to delete it from our systems at any time.
Read more: Fireflies HIPAA Terms
Fireflies.ai Product and Feature Design for Privacy and Security
- Fireflies.ai is built on top of infrastructure and services that use industry-grade security standards. You can see high-level technical documentation that details the system architecture here.
- Our entire product is built with privacy by design as a first principled approach. For example, the recording is controlled by the user who invited Fireflies.
- That user may choose who else is allowed to listen to the meeting and share it.
- The Fireflies internal team does not have access by default. If greater access is needed, permission must be granted by the user.
- Similarly, our product provides settings and features for individual users to control who can view their meeting recaps. The product enables workspace admins to manage these privacy settings.
- Suppose you had a feedback session with one of your teammates, and you want only the teammate to be able to view the meeting recap.
- To achieve this, you can modify the "Who can view the recaps" setting from the meeting notepad.
- To change the privacy settings of a meeting, open the meeting in your Fireflies dashboard Notebook, and click on the icon next to the Share button.
- From the dropdown, select Only participants. With this change, only the participant on the calendar invite can view the recap.
In short, you as the user will have complete control over your data.
Vulnerability Management Program
- Fireflies.ai is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities. In addition, we host an ongoing bug bounty program with HackerOne to continuously detect vulnerabilities.
- However, no security system is impenetrable and we cannot 100% guarantee the security of our systems.
- In the event that any information under our control is compromised because of a breach of security, we will take reasonable steps to investigate the situation and when appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.