At Fireflies.ai, we redefine security as the cornerstone of the most trusted notetaker on the web. Our platform puts you in complete control over your data and access. This guide highlights our policies and key features designed to ensure responsible, secure meeting recording, transcription, summarization and more.
Security & Compliance
1. Data Encryption
- In Transit: All data transmitted between users and Fireflies servers is encrypted using HTTPS and TLS protocols to prevent unauthorized access.
- At Rest: Meeting recordings, transcripts, and other data are securely stored using AES-256 encryption.
Related: Policy on keeping information safe
2. Role-Based Access Control (RBAC)
- Administrators can control user access to Fireflies features and meeting data, ensuring that sensitive information is accessible only to authorized personnel.
Related: Learn about the Super Admin role
3. Compliance with Global Standards
Fireflies aligns with major security and privacy standards, including:
- GDPR: Ensures user data protection for EU residents.
- CCPA: Complies with California Consumer Privacy Act requirements.
- SOC 2 Type 2: Demonstrates commitment to secure handling of user data in cloud-based systems.
- HIPAA: Secures compliance with United States data privacy measures to protect patient data.
- BAA with vendors: Our vendors (LLM, ASR) agree not to trade, train, or store your data.
- Zero-day retention policy: We employ a specialized workflow from OpenAI and all third-party vendors that process User Content. This policy prohibits them from storing or using Fireflies data to train their AI algorithms.
4. Customizable Bot Controls
Users have full control over how and when the Fireflies bot joins meetings:
- When you first sign up, Fireflies asks you to review which type of meetings you want the bot to join as a participant and with whom you want to share the recaps.
Related: How to set up your Fireflies account
- Adjust settings from the dashboard anytime to specify meeting types and participants for recording.
Related: Learn about Fireflies auto-join settings
5. Secure User Authentication
- Supports Single Sign-On (SSO) for enterprise users, ensuring secure access with robust identity management.
- Offers two-factor authentication (2FA) to add an additional layer of security.
Related: How to setup SSO for OneLogin
6. Regular Security Assessments
- Fireflies.ai conducts regular penetration testing and vulnerability assessments to identify and address potential security risks.
- We manage a continuous bug bounty program, inviting external security researchers to identify potential risks
7. Private storage
- Allows data to be stored in your private storage bucket in your preferred location.
Related: Learn about Private Storage
Transparency
To ensure transparency, we follow:
1. Compliance Notification System
- Users can enable an email notification feature to inform participants that a meeting will be recorded.
Related: Do I need to disclose that I am recording meetings?
- Participants can opt-out, and if even one participant opts out, Fireflies will not join the meeting.
2. Transparent Bot Naming
The Fireflies notetaker is explicitly named "Fireflies.ai Notetaker [Inviter’s Name]" to ensure all participants know its presence and purpose.
Related: How to customize the bot name.
3. Real-Time Meeting Control
- Users can stop the Fireflies bot mid-meeting via the dashboard or by removing it from the meeting.
- If removed within the first 3 minutes, no data is captured.
Related: How to remove Fireflies from a meeting
4. Data Deletion Features
-
User-Initiated Deletion:
- Users can delete recordings and transcripts directly from the dashboard.
- Once deleted, data is completely and irreversibly removed from Fireflies servers.
-
Participant Requests:
- Participants who are not Fireflies users can request the person on whose behalf Fireflies joined to delete the meeting from their dashboard. Once deleted, the meeting is completely and irreversibly wiped from our system.
- If the user is unresponsive to the request, a non-Fireflies user can send a deletion request to support@fireflies.ai
- Email us at support@fireflies.ai using the same email ID that you used to join the meeting so we can validate the details.
- In the email, provide us with the Fireflies meeting ID, your name, email ID, and the person on whose behalf Fireflies joined the meeting.
- The meeting ID can be found on the Fireflies meeting recap link. For example, for this meeting recap:
https://app.fireflies.ai/view/Sample-meeting-Soorya-Ayush::sotLqeLaH4reoEpr
the meeting ID would be sotLqeLaH4reoEpr.
- If, for whatever reason, you didn't get the meeting recap or don’t know the meeting ID, share the title of the meeting, date, time, and email of the person Fireflies joined on behalf of at support@fireflies.ai. Any information that will help our support team will be most valuable here.
Related:
- How to automatically delete meetings from Fireflies
- How to delete a meeting recording from Fireflies.
5. Join Permissions
- For many video-conferencing platforms (like Zoom and Google Meet), attendees have the option to admit or deny participants outside their organization into the meeting.
- Similarly, the Fireflies AI notetaker also explicitly seeks permission to join the meeting. Anyone in the meeting can admit or deny entry.
FAQs
-
Should I disclose that I am recording meetings?
- Call recording laws vary by state and country, so we strongly recommend researching your local laws and notifying participants that the call is being recorded for note-taking and transcription purposes.
- This requirement is emphasized in our Terms of Service and Platform Rules page. It’s also one of the first things we notify users about during the signup process. We encourage all users to review and follow these guidelines before using Fireflies.
-
Can Fireflies be removed from a meeting that it joined?
- The Fireflies bot can be removed from a meeting like any other participant. This can be done for any web conference app we support. Learn more.
- As a Fireflies user, you can also remove the bot from the dashboard by clicking the stop icon. Doing so will also wipe off all the data captured during the meeting.
-
What happens once Fireflies is removed?
- Once removed, Fireflies will stop capturing the remaining meeting. Fireflies only records meetings where it stays for at least 3 minutes. Kicking the notetaker out before that will ensure that meetings are not recorded.
-
Does Fireflies notify participants in advance that it will record the call?
- Fireflies has a compliance notification feature.
- If a user enables this feature, an email will be sent to all participants informing them that the meeting will be recorded for note-taking purposes an hour before the meeting. You can customize the email message.
-
Can a participant without a Fireflies account delete a meeting captured by Fireflies?
- Participants who are not Fireflies users can request the person on whose behalf Fireflies joined to delete the meeting from their dashboard, or they can send a deletion request to support@fireflies.ai.
Conclusion
Fireflies provides the tools for users to record, transcribe, summarize, and analyze their meetings and be more productive. However, it is the user's responsibility to ensure that other people in the meeting are informed. Security, privacy, and compliance are of the utmost importance for Team Fireflies.
Related: How do we keep your information safe?
Related: Gain access to our SOC 2 Type II, DPA, and other security documentation
If you still have questions about using Fireflies, ask them here.