Your data security is our top priority.
At Fireflies, we safeguard the privacy of your voice and video data with the most rigorous protections.
And, in this blog, we’ll share some of the measures we take to keep your data safe, including data storage, compliance, and our latest Private Storage offering.
1. Fireflies Infrastructure/Public Cloud
The default infrastructure for anyone who signs up to app.fireflies.ai via self-service.
1.1 Data Storage
a. Where is your data stored?
- By default, all your data is stored and processed in the US cloud infrastructure. It is encrypted with the best security standards. Fireflies is SOC 2 Type 2 and GDPR compliant.
b. Will your data get shared?
- We have signed a Business Associate Agreement (BAA) with OpenAI and with other third-party ASR vendors so that no data is stored on their system for any duration, and will not be used to train their AI algorithm.
c. Who owns your data?
- You have complete ownership of all of your data, as stated in the Fireflies Terms of Service. However, note that the data is stored in the US, and therefore it falls under the jurisdiction of US law.
d. Is it possible to store your data in a location other than the US?
- Yes. If you prefer your data to be stored elsewhere, you can opt for our private storage solution, which adheres to HIPAA standards.
2. Private Storage
For organizations that deal with sensitive data, such as medical records, Protected Health Information (PHI), or confidential data in general.
2.1. Understanding Private Cloud and Private Storage
a. What is Private Storage?
- Private Storage provides you with dedicated and isolated storage, exclusively for your organization's data.
- You have the flexibility to choose the location of your private storage, allowing you to meet your specific compliance requirements.
- Example: For EU organizations, private storage can be located in the EU, falling under EU jurisdiction.
- It's important to note that while your data will be processed and accessed in the US, it will be securely stored in your preferred private storage location.
b. Who should use Private Storage?
- Private Storage is ideal for industries in healthcare, finance, legal, defense, and other sectors that handle sensitive information and require stringent control over their data for regulatory, or other compliance reasons.
- Organizations that prefer to have a dedicated infrastructure and want more control over their data storage, processing, and security.
c. How is Private Storage different from a Private Cloud?
- Private Storage focuses solely on providing a dedicated storage infrastructure.
- Private Cloud includes a complete computing environment with storage, networking, and computing resources.
d. Does Fireflies offer Private Cloud or Private Storage?
- We do not support private cloud as of now.
e. Can I have my data on-premise on my own AWS system and use it as Private Storage?
Yes. There are 2 options for Private Storage
Fireflies Managed Private Storage: Fireflies.ai will provide and maintain the storage bucket. Sign up for the plan, and Fireflies will handle the storage maintenance and ensure normal usage.
- You will have complete data ownership.
- Fireflies.ai supports customization of the policies around organization data, such as permission control, privacy, and data retention.
Bring-your-own-storage: You can provide Fireflies with your own cloud storage bucket credentials from GCP’s Google Cloud Storage or AWS’s S3.
- You will have full control of your data, including permissions, privacy, and data retention.
- Please note that this option is only available for Enterprise deals.
Note: Currently, only GCP and Amazon cloud storage are supported at the moment.
2.2. HIPAA Compliance and Private Storage
a. Should you opt for Public Cloud or Private Storage to be HIPAA compliant?
- One key requirement from HIPAA is that any transcript that contains health information has to be stored separately from the public cloud.
- Therefore, you need private storage to be HIPAA compliant.
b. What data gets stored in Private Storage?
- We store the transcript, video, and audio recordings within the Private Storage bucket.
c. What other measures have been taken to maintain HIPAA compliance?
- The BAA is a legal agreement that shows our commitment to protecting your data. Our vendors are also bound by the BAA and agree not to trade or store your data.
- We have signed a Business Associate Agreement (BAA) with our large language model vendor, OpenAI, and also with our ASR vendors, to ensure HIPAA compliance.
- We employ a specialized workflow from OpenAI with a 0-day retention policy so that no data is stored on their systems for any duration.
The presence of these BAAs with OpenAI and our ASR vendors makes Fireflies safer for your business.
2.3. Private Storage Adoption
a. Why is Private Storage part of the Enterprise plan?
- Private Storage is offered as part of the Enterprise plan to ensure a seamless setup and ongoing maintenance. This approach allows you to focus on your core business while enjoying the benefits of enhanced data protection.
b. How do the features compare between Managed Private Storage, Fireflies Cloud, and Bring Your Own Storage?
Fireflies.ai's Private Storage solutions allow you to secure your data, maintain confidentiality, and comply with regulations like HIPAA.
With the flexibility to store data in your preferred location, you can take full control of your data lifecycle and maintain maximum security, privacy and trust.
For more details on Private Storage, contact us by filling out this form.