Building a Secure AI Notetaker: How We Think About Security at Fireflies.ai
security Fireflies Solution

Building a Secure AI Notetaker: How We Think About Security at Fireflies.ai

Sam Udotong
Sam Udotong

Security issues around voice data are new; capturing voice and video data has not been previously done at scale. In most parts of the world, rules and regulations around it are rudimentary at best. There is a lot of gray area.

At Fireflies, we keep security and privacy as the top priority when handling your voice and video data. For us, your data security and confidentiality are paramount.

We adhere to the strictest privacy and cybersecurity standards. From the moment someone joins our internal team, to the first step of product design, to the engineering build process, and to every product release, we ask ourselves, "How does this decision affect the security of our system?"

In this blog, we will explain the measures we take to keep your data safethrough data storage, compliance, and product design.

Data storage

Security threats are constantly evolving. And accordingly, so must Fireflies' security and privacy infrastructure.

At Fireflies, your data (including audio, transcripts, and related artifacts) is end-to-end encrypted at rest and in transit in AWS S3. We use 256-bit AES encryption in storage and 256-bit SSL/TLS encryption in transit.

Metadata, such as calendar events, emails, and user settings, are also end-to-end encrypted in rest and transit, with the same data security standards. We only take snapshots of your metadata every four hours and never of your transcript and audio data. The metadata may exist in snapshot/backup for a maximum of one year. This is in compliance with our data availability service level agreements, which we do for all customers.

If, at any point, you wish to delete any meeting from the Fireflies account, it is permanently and irreversibly removed from our database. When that happens, it is impossible to recover the meeting. You can delete your meetings from our user interface or by contacting our support team.

Our servers are hosted in Google Cloud, and our database is hosted in a Virtual Private Cloud with AWS. AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001, which means that your data is safe and the facilities that its kept in are monitored 24/7.

Compliance and security

In accordance with our uncompromising stance toward the security and confidentiality of your data, we are SOC 2 Type II and GDPR compliant.

The American Institute of Certified Public Accountants' SOC 2 is an auditing process that ensures a company securely manages data and protects the privacy of its clients. It defines criteria for handling customer data based on five trust service principles, which are security, processing integrity, availability, confidentiality, and privacy.

Similarly, we are General Data Protection Regulation (GDPR) compliant. GDPR is the world's most widespread privacy and security law and includes guidelines for collecting, processing, and storing personal information of individuals inside the European Economic Area.

But that's not enough. We plan to be HIPAA compliant by the end of 2022, and we are constantly innovating to keep our customers' data even more secure than what these certifications require.

In addition to complying with key regulations, we continuously monitor our code by looking at the security implications of each rollout. Furthermore, we give you complete control over your data and the ability to delete it from our systems at any time.

Product and feature design to ensure privacy and security

Our entire product is built with privacy by design as a first principled approach. For example, the recording is controlled by the user who invited Fireflies. That user may choose who else is allowed to listen to the meeting and share it. The Fireflies internal team does not have access by default; if greater access is needed, permission must be granted by the user.

Similarly, our product provides settings and features for individual users to control who can view their meeting recaps. The product enables workspace admins to manage these privacy settings.

Suppose you had a feedback session with one of your teammates, and you want only the teammate to be able to view the meeting recap. To achieve this, you can modify the "Who can view the recaps" setting from the meeting notepad.

To change the privacy settings of a meeting, open the meeting in your Fireflies dashboard Notebook, and click on the icon next to the Share button.

Fireflies security: privacy settings

From the dropdown, select Only participants.

Fireflies security settings

With this change, only the participant on the calendar invite can view the recap.

If you are a team admin, you can manage who can view your teammates’ meeting recaps by clicking on Team on the left navigation bar.

Fireflies Team Workspace settings

Click on the Settings tab in the top right corner.

Fireflies Team Workspace settings

Click on the dropdown under "Choose who can view recaps" and select the setting that best suits you.

Fireflies recaps settings

Allow teammates to choose: This setting allows your teammates to choose their recap settings. Team settings override personal settings and cannot be modified by team members unless admins enable them to.

Anyone with a link: Anyone who receives the link to the Fireflies transcript can view the recap. You can automatically share meeting links to participants using your Share Settings. Or, you can individually share the link:

Every meeting saved in the Notebook has a Share button at the top.

Fireflies meeting transcript share setting

Click on the share button, and add the email addresses.

Fireflies meeting transcript share setting

Click Send.

Fireflies meeting transcript share setting

This option will let you share it with people with a Fireflies account.

Alternatively, you can click the Copy link button and share it on a platform of your choice.

Fireflies meeting transcript share setting

As long as the share setting is on Anyone with a link, the recipient can view the transcript even if they do not have a Fireflies account.

Only Participants: As an admin, you can ensure that a meeting is accessible only to people who were on the calendar invite (meeting participants).

Only Teammates: Similarly, you can share the transcripts with just your teammates and exclude participants. If some of your meeting participants also share your team workspace, they will be able to see the meeting recaps.

Only Participants & Teammates: Only people on the calendar invite and those in your workspace can view the meeting recaps.

Only you: This setting makes the meeting recap private and only accessible to you.

In addition to your default setting, you can manually change the meeting recap setting by going to each meeting and clicking on the small icon next to Share.


Fireflies meeting transcript share setting

Bug bounty program

As part of Fireflies' commitment to security, we have a comprehensive bug bounty program to make customers' data more secure by enlisting third-party help. Security researchers worldwide are integral to our security ecosystem and help us discover any vulnerabilities missed during the software development process. We then prioritize addressing those issues to minimize risk and secure our IT infrastructure.

Read more about our bug bounty program.

Bot training

When considering integrating an automated notetaker into your meetings, understanding how the AI is trained is important. What data is used for training? How does accuracy improve over time? Is someone listening to conversations? Is my audio and transcript data private?

At Fireflies, your audio and transcript data is entirely private. Your data isn’t used to train models for other customers. Our base machine learning model uses public datasets and APIs to convert speech to text and make predictions.

You can further tune our base model with these options:

  • Adding custom vocabulary
  • Selecting your industry
  • Editing the transcript

Adding custom vocabulary

You can improve the accuracy of your transcripts by adding phrases, jargon, and commonly used words in your industry.

To do that, navigate to the Settings tab on the left navigation bar.

Fireflies settings

Under the AI customization heading, look for Vocabulary Settings.

Fireflies Custom Vocabulary

Enter the phrases you want Fireflies to learn and recognize. By default, Fireflies is a high-accuracy system, so only enter phrases that are complex or commonly gotten wrong. Entering too many common phrases may negatively impact accuracy.

The bot automatically uses calendar metadata like names, emails, and titles to improve your transcription.

Selecting your industry

You can also select your industry from the Industry Settings so that Fireflies can optimize its speech model for your particular industry.

To do that, navigate to the Settings tab on the left navigation bar.

Fireflies Industry Settings

Editing transcripts

You can also improve the transcription quality and accuracy by editing the meeting transcripts. These edits will be incorporated into your company's fine-tuned model, which is strictly based on your company's data.

To edit the transcripts, go to the meeting transcript and click the Edit button on the top right corner (next to the transcription search bar).

Fireflies edit transcript

Notice the background color of the transcript changes to gray. This means the transcript can be edited.

Fireflies edit transcript

Click on the text you want to edit, make the changes, and click Save.

Fireflies edit transcript

Final thoughts

We understand that your voice data is mission-critical; some conversations are better done through calls instead of a messaging platform or email. Those conversations can be highly confidential, so we default to treating our customers' data with maximum security and privacy at every step in our process.

Because capturing voice data is still a relatively new capability in the modern workplace, there is a lot of gray area on what's acceptable and what's not. At Fireflies, we hold ourselves to the highest standards of security and take a firm stance on protecting the people who use our platform. Furthermore, we seek to continually improve and innovate upon our security stance, even beyond what is required by industry standards.

One example of this is that we've designed our infrastructure to be completely deployable in your own company's cloud. By signing up for our Private Cloud offering, your data is both stored and processed on servers that you control. This is currently only supported on Google Cloud Platform and is available to enterprise customers. To request access to the beta, fill out this form.

Security Form
Powered By Paperform

We will continue to do everything we can to ensure your conversations are secure, private, and confidential. We are transparent about our privacy and security policies and happy to discuss further at security@fireflies.ai.

For more information, read our Security FAQ here.


Try Fireflies for free

Join the conversation.