Fireflies.ai cares deeply about the security of your information and uses commercially reasonable physical, technical, and organizational measures designed to preserve the integrity and security of all information we collect and that we share with our service providers.
Data security and storage
1. What type of encryption is used to secure your data?
- At Fireflies, your data (including audio, transcripts, and related artifacts) is end-to-end encrypted at rest and in transit in AWS S3.
- Encryption at rest is encryption that is used to help protect data that is stored on a disk (including solid-state drives) or backup media.
- We use 256-bit AES encryption in storage and 256-bit SSL/TLS encryption in transit.
2. What type of data gets encrypted in Fireflies?
- Metadata, such as calendar events, emails, and user settings, are also end-to-end encrypted in rest and transit, with the same data security standards.
- We only take snapshots of your metadata every four hours and never of your transcript and audio data.
- The metadata may exist in snapshot/backup for a maximum of one year. This is in compliance with our data availability service level agreements, which we do for all customers.
1. Where is your data stored and how safe is it?
- Our servers are hosted in Google Cloud, and our database is hosted in a Virtual Private Cloud with AWS
- AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001, which means that your data is safe and the facilities that its kept in are monitored 24/7
2. Can the data be stored in our own private cloud?
- We understand that your voice data is mission-critical and some conversations can be highly confidential. We've designed our infrastructure to be completely deployable in your own company's cloud.
- By signing up for our Private Cloud offering, your data is both stored and processed on servers that you control.
- This is currently only supported on the Google Cloud Platform and is available to enterprise customers. To request access to cloud access, check with email@example.com
3. Can the Fireflies internal team access your data?
- Fireflies employees do not have access to production customer data by default.
- If greater access is needed, for example during a support request, permission must be granted by the user and employees must provide documentation for why they are requesting access.
- Access is granted only when required.
- We apply the principle of least privilege in our access controls mechanism to sensitive data. Access to sensitive data is based on a need-to-know basis and is strictly monitored and audited.
4. Is it possible to delete or remove any data?
- If at any point, you wish to delete any meeting from the Fireflies account, it is permanently and irreversibly removed from our database.
- When that happens, it is impossible to recover the meeting. You can delete your meetings from our user interface or by contacting our support team
5. What calendar data do you access when you integrate with Google or Outlook calendars?
- It would read your calendar data like participant information, and meeting URL.
- We use that information to authenticate you and create an account for you. We do not read any other information apart from this.
6. What data do you collect from our calls to improve your transcription accuracy?
- We are essentially looking at what edits you’re making to the system. It's fully anonymous.
- We also read calendar invites and names of the participants to help detect names better when you’re speaking on the call.
- Historically, its only data related to the meeting and nothing else. We are trying to let the machine learn and get it personalised and tailored over time
Compliance and Security
Soc 2 Type II and GDPR Compliance
1. What is Soc 2 compliance?
- The American Institute of Certified Public Accountants' SOC 2 is an auditing process that ensures a company securely manages data and protects the privacy of its clients.
- It defines criteria for handling customer data based on five trust service principles, which are security, processing integrity, availability, confidentiality, and privacy.
2. What is GDPR compliance?
- Similarly, we are General Data Protection Regulation (GDPR) compliant. GDPR is the world's most widespread privacy and security law and includes guidelines for collecting, processing, and storing the personal information of individuals inside the European Economic Area.
In accordance with our uncompromising stance toward the security and confidentiality of your data, we are SOC 2 Type II and GDPR compliant. This means our organization has the infrastructure, tools, and processes to protect customer data from unauthorized access both from within and outside the firm.
- We are also HIPAA compliant and we are constantly innovating to keep our customers' data even more secure than what these certifications require.
- In addition to complying with key regulations, we continuously monitor our code by looking at the security implications of each rollout. Furthermore, we give you complete control over your data and the ability to delete it from our systems at any time.
For details on the report, please send an email to firstname.lastname@example.org
Fireflies.ai Product and Feature Design for Privacy and Security
- Fireflies.ai is built on top of infrastructure and services that use industry-grade security standards. You can see high-level technical documentation that details the system architecture here.
- Our entire product is built with privacy by design as a first principled approach. For example, the recording is controlled by the user who invited Fireflies.
- That user may choose who else is allowed to listen to the meeting and share it.
- The Fireflies internal team does not have access by default. If greater access is needed, permission must be granted by the user.
- Similarly, our product provides settings and features for individual users to control who can view their meeting recaps. The product enables workspace admins to manage these privacy settings.
- Suppose you had a feedback session with one of your teammates, and you want only the teammate to be able to view the meeting recap.
- To achieve this, you can modify the "Who can view the recaps" setting from the meeting notepad.
- To change the privacy settings of a meeting, open the meeting in your Fireflies dashboard Notebook, and click on the icon next to the Share button.
- From the dropdown, select Only participants. With this change, only the participant on the calendar invite can view the recap.
In short, you as the user will have complete control over your data.
Vulnerability Management Program
- Fireflies.ai is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities. In addition, we host an ongoing bug bounty program with HackerOne to continuously detect vulnerabilities.
- However, no security system is impenetrable and we cannot 100% guarantee the security of our systems.
- In the event that any information under our control is compromised because of a breach of security, we will take reasonable steps to investigate the situation and when appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.