This guide covers the essential aspects of data storage and transfer at Fireflies, including storage locations, compliance, and security practices.
Data storage
1. Storage locations
- Public cloud: By default, your data is stored and processed in Fireflies' secure cloud infrastructure in the United States (AWS and GCP).
- Private storage:
- Fireflies offers private storage for organizations dealing with sensitive data or stringent compliance needs. (Available in the Enterprise plan).
- With private storage, you can store your meeting data in a dedicated and isolated storage.
Note:
- Your data will be stored in the EU, but processed in the US.
Related: Fireflies Private Storage
2. Data encryption
- All user data, including transcripts, recordings, calendar events, emails, and settings, are encrypted end-to-end using 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.
3. Data ownership
- You have complete ownership of all your data, as stated in the Fireflies Terms of Service.
- Fireflies acts as the custodian of your data but does not share or use it for training purposes.
4. Data type collected
We collect and store user content and user metadata.
- User content: Transcription, Summaries, Audio and video recordings, AskFred chats, Soundbites, and any derivatives of such.
- User metadata: Calendar metadata, meeting participants' emails, names, usage logs, and user settings/configuration.
Data transfer
-
Data backups and disaster recovery
- All user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, is encrypted end-to-end using industry-standard encryption both at rest and in transit.
Data privacy and compliance
-
Compliance
- Fireflies is SOC 2 Type 2, GDPR (for EU data protection), and HIPAA (for safeguarding health information in the US) compliant.
- Fireflies is listed in the EU-US Data Privacy Framework, ensuring adherence to data protection requirements for EU residents.
-
Data privacy
- Fireflies has signed Business Associate Agreements (BAAs) with vendors like OpenAI and ASR providers, ensuring no data is stored or used for training purposes on their systems, thereby maintaining data privacy and security.
- We follow the principle of least privilege, strictly granting access to sensitive data on a need-to-know basis, with monitoring and auditing.
- If greater access is needed, for example, during a support request, you must first grant your permission.
Related: Policy on keeping information safe.
Security practices
- Fireflies regularly scans for vulnerabilities and has an ongoing bug bounty program to detect and address security issues.
- In case of a security breach, Fireflies will investigate, notify affected individuals, and take appropriate steps as per applicable laws and regulations.
Related: Fireflies Security FAQ’s
We hope this guide explained the data storage and transfer policies in Fireflies. If you have any other questions about using Fireflies, please get in touch with us here.