At Fireflies.ai, we've redefined what it means to be the most secure notetaker on the web. By giving you complete control over your data and access, we’ve built a platform where privacy and security come first.
This document provides an overview of our robust security policy and our commitment to protecting your information.
Data Privacy
-
Does Fireflies use my data for training purposes?
No. We don’t use your data for training purposes.
-
Does Fireflies share my data with third parties?
No, Fireflies does not share your data with third parties. We prioritize your privacy and have signed a Business Associate Agreement (BAA) with OpenAI and other third-party ASR (Automatic Speech Recognition) vendors.
The BAA enforces:
- Zero Data Retention Policy: Vendors cannot store or retain your data.
- Restricted Access: Vendors are prohibited from accessing or using your data for any purpose beyond the agreed services.
- No Training on Your Data: Your data will not be used to train AI models.
-
Where is your data stored?
By default, your data is stored and processed in our US-based cloud infrastructure.
-
- Servers: Hosted on Google Cloud Platform (GCP).
- Database: Managed in a Virtual Private Cloud on AWS.
For greater control, you can choose to store data in your private storage.
-
Can I store my data in private storage?
Yes. You can store data on your servers in your preferred location. Here are the options.
# | Fireflies managed | Bring your storage |
Infrastructure | Store data on a dedicated cloud storage managed by us | Store data on your storage bucket in AWS or GCP |
Data locality |
Processing: US Storage: Your preferred location |
Processing: US Storage: Your preferred location |
Note:
Private storage is available exclusively to Enterprise customers. To upgrade to an Enterprise plan, read the guide below.
Related: How to upgrade to an Enterprise plan from the Fireflies dashboard
-
What data does Fireflies store?
We collect and store user content and user metadata.
-
User content:
- Transcription
- Summaries
- Audio and video recordings
- AskFred chats
- Soundbites and any derivatives like:
- AI assistant responses like from AskFred
- Text summaries
- Extracted audio/video soundbite clips
- Links/URLs providing access to those derivatives or the original content
-
User metadata:
- Calendar metadata
- Meeting participants' emails and names
- Usage logs
- User settings/configuration.
-
Who owns this data?
You own your data. Fireflies.ai serves as the data custodian, as stated in our terms of service.
Your data is stored in the US by default, and therefore, it is subject to US law. Check out our Private Storage option to store data in a different location.
Related: Learn about data storage and transfer
-
Does Fireflies access my data?
No. We follow the principle of least privilege, strictly granting access to sensitive data on a need-to-know basis, with monitoring and auditing.
If greater access is needed, for example, during a support request, you must first grant permission.
-
Can I delete or remove my data?
Yes. You can delete the data from the user dashboard or by contacting the support team. Once deleted, it is impossible to recover the meeting data.
Compliance
-
Is Fireflies SOC 2 compliant?
Yes. Fireflies maintains annual compliance with SOC 2 Type 2 requirements. You can access our reports after signing an NDA with us.
-
Does Fireflies comply with UK/EU data protection requirements?
Fireflies complies with GDPR and ensures adherence to data protection regulations and data subject rights for EU residents.
Corporate organizations can use the Private Storage option to store their data within the EU and meet your compliance requirements.
Note:
- Your data will be stored in the EU but processed in the US.
- In the future, we will offer you the ability to process data in the EU or your region of choice via Private Cloud.
- Private Cloud will allow you to deploy the entire Fireflies platform in your cloud.
-
Is Fireflies HIPAA compliant?
Yes. Fireflies is HIPAA compliant and adheres to protecting patient health information in the United States.
-
What other measures have been taken to safeguard health data?
- Private storage to ensure HIPAA compliance
- BAA with vendors: Our vendors (OpenAI, ASR) agree not to trade, train, or store your data.
- Zero-day retention policy: We employ a specialized workflow from OpenAI and all third party vendors that process User Content. This policy prohibits them from storing or using Fireflies data to train their AI algorithms.
Related: Fireflies HIPAA terms
Data Security
-
How does Fireflies manage security vulnerabilities?
Fireflies.ai is continuously scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities.
We also host an ongoing bug bounty program with HackerOne to continuously detect vulnerabilities.
However, no security system is impenetrable, and we cannot 100% guarantee the security of our systems.
If a security breach compromises any information under our control, we will promptly investigate the situation and, if necessary, notify affected individuals, taking actions in accordance with applicable laws and regulations.
-
What data is encrypted?
All user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, are encrypted end-to-end both at rest and in transit using industry-standard encryption.
We take snapshots of User Metadata (calendar events, emails, user settings) every 4 hours for backup purposes. Snapshots do not include User Content such as transcripts, audio recordings, or derivatives.
Metadata snapshots are retained for one year to comply with our customer data availability agreements.
No transcript or audio data is included in these snapshots or backups.
-
What encryption is used?
To secure your data during transit, storage, and processing, we use 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.
At Fireflies.ai, we implement robust security practices to protect the integrity and confidentiality of all the data we collect and share with our service providers.
Related: Fireflies Security FAQ’s
Fireflies.ai product design
-
What is the architecture on which Fireflies.ai is built?
Fireflies.ai is built on top of infrastructure and services that use industry-grade security standards. You can find high-level technical documentation detailing the system architecture here.
-
How does Fireflies.ai ensure privacy by design?
Fireflies.ai is built with privacy by design as a core principle, ensuring that users control their data at every step.
Here’s how we ensure privacy:
-
User-Controlled Recordings:
- Recordings are initiated and managed by the user who invites Fireflies to a meeting.
- The user determines who can access or share the recordings using Meeting Privacy settings.
-
Restricted Internal Access:
- The Fireflies internal team cannot access user data by default.
- Explicit user permission is required for any additional access.
-
Admin Governance:
- Admins control which team members can access meetings and how data is retained.
- Enterprise Plan admins can request a Super Admin Role for complete workspace governance.
-
User Group Management:
- Workspace admins can create or delete User Groups to define access levels and manage data sharing within the organization.
-
What privacy settings are available for users?
Workspace admins can manage these privacy settings. Users can modify the "Who can view the recaps" setting from the meeting Notepad to restrict access, such as allowing only meeting participants to view the recap.
Related: How to share meetings with only the people you choose
Additional Resources
- NDA, SOC 2 documentation: Get access to our NDA and SOC2 documentation
- Vendor information: Learn more about our trusted vendors, access policy documents, and review the status of our security controls.
- Fireflies Enterprise tier: Learn about our Enterprise tier, including HIPAA compliance (with a BAA), SSO login, Private Storage, Super Admin, and Custom Data Retention.
We hope this guide explains our security and data privacy policy. If you have any other questions about using Fireflies please contact us here.