At Fireflies.ai, you will have complete control over your data and access. This document gives an overview of our security policy.
Data Privacy
-
What data does Fireflies store?
- We collect and store user content and user metadata.
-
User content:
- Transcription,
- Summaries
- Audio and video recordings
- AskFred chats
- Soundbites and any derivatives like:
- AI assistant responses like from AskFred
- Text summaries
- Extracted audio/video soundbite clips
- Links/URLs providing access to those derivatives or the original content
-
User metadata:
- Calendar metadata
- Meeting participants' emails and names
- Usage logs
- User settings/configuration.
-
Where is your data stored?
- By default, all your data is stored and processed in our US cloud infrastructure.
- Our servers are in GCP, and the database is in a Virtual Private Cloud with AWS.
-
Who owns this data?
- You own your data. Fireflies.ai serves as the data custodian, as stated in our terms of service.
Note:
- Your data is stored in the US by default, and therefore, it is subject to US law. Check out our Private Storage option to store data in a different location.
-
What calendar data is accessed during calendar integration?
- We access metadata like participant information, meeting time, and meeting URL to facilitate inviting Fireflies to your meetings.
- Your account name and email are accessed for authentication and account creation purposes.
-
Does Fireflies access my data?
- No. We follow the principle of least privilege, strictly granting access to sensitive data on a need-to-know basis, with monitoring and auditing.
- If greater access is needed, for example, during a support request, you must first grant permission. Check our policy on keeping information safe for more details.
-
Can Fireflies access voice and facial images?
- No. Fireflies can’t access these details.
-
Can I delete or remove my data?
- Yes. You can delete the data from the user dashboard or by contacting the support team. Once deleted, it is impossible to recover the meeting data.
-
Can I store my data in private storage?
- Yes. You can store data on your servers in your preferred location. Here are the options.
# | Fireflies managed | Bring your storage |
Infrastructure | Store data on a dedicated cloud storage managed by us | Store data on your storage bucket in AWS or GCP |
Data locality |
Processing: US Storage: Your preferred location |
Processing: US Storage: Your preferred location |
Note:
- Private storage is currently only available to Enterprise customers. To request access to it, please fill out this form.
Related: Fireflies Private Storage
-
Does Fireflies share my data with third parties?
- No. We have signed a Business Associate Agreement (BAA) with OpenAI and other third-party ASR vendors. So none of your data is stored on their system for any duration or used to train their AI models.
-
Does Fireflies use my data for training purposes?
- No. We don’t use your data for training purposes.
Compliance
-
Is Fireflies SOC 2 compliant?
- Yes. Fireflies maintains annual compliance with SOC 2 Type 2 requirements. You can access our reports after signing an NDA with us.
-
Does Fireflies comply with UK/EU data protection requirements?
- Fireflies is compliant with GDPR, and, therefore, complies with data protection and data subject rights for EU residents.
- Corporate organizations can use the Private Storage option to store their data within the EU and meet your compliance requirements.
Note:
- Your data will be stored in the EU but processed in the US.
- In the future, we will offer you the ability to process data in the EU or your region of choice via Private Cloud.
- Private Cloud will allow you to deploy the entire Fireflies platform in your cloud.
-
Is Fireflies HIPAA compliant?
- Yes. Fireflies is HIPAA compliant and adheres to protecting patient health information in the United States.
-
What other measures have been taken to safeguard health data?
- Private storage to ensure HIPAA compliance
- BAA with vendors: Our vendors (Open AI, ASR) agree not to trade, train, or store your data.
- Zero-day retention policy: We employ a specialized workflow from OpenAI so that no data is stored on their systems for any duration.
The presence of these BAAs with OpenAI and our ASR vendors makes Fireflies safer for your business.
Related: Fireflies HIPAA terms
Data Security
-
How does Fireflies manage security vulnerabilities?
- Fireflies.ai is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities.
- We also host an ongoing bug bounty program with HackerOne to continuously detect vulnerabilities.
- However, no security system is impenetrable, and we cannot 100% guarantee the security of our systems.
- If any information under our control is compromised because of a breach of security, we will take reasonable steps to investigate the situation and, when appropriate, notify those individuals whose information may have been compromised and take other steps by any applicable laws and regulations.
-
What data is encrypted?
- All user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, are encrypted end-to-end both at rest and in transit using industry-standard encryption.
- We take snapshots of metadata (calendar events, emails, user settings) every 4 hours for backup purposes but never store transcripts or audio recordings.
- Metadata snapshots are retained for a maximum of 1 year to comply with our customer data availability agreements.
- No transcript or audio data is included in these snapshots or backups.
-
What encryption is followed?
- To secure your data during transit, storage, and processing, we use 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.
At Fireflies.ai, we implement robust security practices to protect the integrity and confidentiality of all the data we collect and share with our service providers.
Related: Fireflies Security FAQ’s
Fireflies.ai product design
-
What is the architecture on which Fireflies.ai is built?
- Fireflies.ai is built on top of infrastructure and services that use industry-grade security standards. You can find high-level technical documentation detailing the system architecture here.
-
How does Fireflies.ai ensure privacy by design?
- The entire Fireflies.ai product is built with privacy by design as a fundamental principle.
- For example, the recording is controlled by the user who invited Fireflies, and that user decides who else can listen to and share the meeting recording.
- The Fireflies internal team does not have access by default and requires explicit permission from the user if greater access is needed.
-
What privacy settings are available for users?
- Workspace admins can manage these privacy settings. Users can modify the "Who can view the recaps" setting from the meeting Notepad to restrict access, such as allowing only meeting participants to view the recap.
Related: How to share meetings with only the people you choose
We hope this guide explains our security and data privacy policy. If you have any other questions about using Fireflies please contact us here.