In the age of AI, data security is a top concern.
Many companies could potentially use your data to train their own large language models without consent.
So, when implementing generative AI tools like Fireflies, it's only natural to have questions about data privacy, security, and ownership.
Data security is our top priority at Fireflies, and we’ve compiled answers to some of the most common questions about how we approach security.
Related article: How we think about Security at Fireflies?
1) Where is my data stored?
- All your data is stored and processed in the US cloud infrastructure by default.
- Our servers are hosted in Google Cloud, and our database is in a Virtual Private Cloud with AWS. This means that your data is safe and monitored 24/7 by the teams that secure Google's and Amazon's infrastructure.
- Fireflies also leverages multiple third-party security assessment agencies to continually audit and validate that we comply with comprehensive security policies, including SOC 2 compliance, GDPR adherence, and HIPAA compliance.
- We offer Private Storage to give you full ownership over your data: You can store your data in your preferred location, such as your own servers, and meet your compliance requirements.
2) What data gets stored in Fireflies?
- We collect and store User Content and User Metadata.
- User Content: Transcription, summaries, audio & video recordings, AskFred chats, Soundbites, and any derivatives of such.
- User Metadata: Calendar metadata, meeting participants, emails, names, usage logs, and user settings/configuration.
- We encrypt your data during rest and transit. We use 256-bit AES encryption in storage and TLS 1.2 encryption in transit.
- If you sign up for Private Storage, all User Content is stored in your isolated storage bucket
3) Who owns the right to this data?
- You own your data. Fireflies.ai serves as the data custodian as stated in our terms of service.
- Though it's stored in the cloud, your data can be purged and deleted immediately at your authenticated request.
4) Does Fireflies.ai access my data?
- Fireflies does not access User Content by default.
- If greater access is needed, for example, during a support request, you must first grant your permission. Check our policy on keeping information safe for more details.
5) Do you use my data to train your bot?
- Some companies train their proprietary LLMs on user data, with or without seeking permission.
But that’s not the case with Fireflies:
- We don't train our AI model with your data.
- We've signed BAA with all our vendors, so your data isn’t used for training purposes.
- We have a 0-day data retention policy with all vendors with access to user content (our transcription and LLM vendors). So, none of your data is used for training their AI models.
- We offer Private Storage to let you store your data in your preferred location and meet your compliance requirements. This also allows you to control your data lifecycle with features like data audit trails and data retention policies
In short, we have the security infrastructure and policies to safeguard your data.
6) Does Fireflies.ai use other sub-processors or third parties?
- Yes. Fireflies works with a select group of third parties.
- You can find these details in the data processing agreement document. Get in touch with our security team to know more.
7) Will OpenAI use Fireflies User Content to train their algorithms?
- We have a BAA signed with OpenAI and have also subscribed to their Zero data retention policy.
- Therefore, OpenAI cannot use your data to train its algorithms.
8) Does Fireflies provide a dedicated private storage option?
Yes. We offer a private storage option to companies on the Enterprise tier. Here are the key features of private storage:
- You get dedicated and isolated storage exclusively for your organization's data.
- Choose the location of your private storage and meet your compliance requirements.
- You get complete control over your data storage, processing, and security.
- You can bring your own storage bucket in AWS or GCP for complete control over the data lifecycle.
For more details, refer to the Fireflies Private Storage document.
9) Is Fireflies compliant with key data protection and security regulations?
- Yes, Fireflies fully complies with all major data protection and security regulations.
- Fireflies is compliant with GDPR regulations. You can access our reports after signing an NDA with us.
- Fireflies also maintains annual compliance with SOC 2 Type 2 requirements. You can access our reports after signing an NDA with us.
- Fireflies is also compliant with HIPAA standards for data protection and Fireflies is willing to sign a BAA for clients that require it
10) How does Fireflies comply with UK/EU data protection requirements?
- While our servers are currently hosted in US data centers, our company has built the product in accordance with the General Data Protection Regulation (GDPR).
- Corporate organizations can use the Private Storage option, which allows you to store your User Content data within the EU and meet your compliance requirements. Here's more information on private storage.
Note: Fireflies stores your data in the EU, but it processes it in the United States to provide the service. In the future, we will provide the ability for you to process the data in the EU, or in your region of choice, via Private Cloud. Private Cloud will allow you to deploy the entire Fireflies platform in your cloud
11) How does Fireflies ensure the security of my data?
At Fireflies, we take every step to secure your data:
- We maintain SOC-2 compliance through regular audits annually.
- We have a Bug bounty program to identify and address any security-related issues.
- We also have a detailed data breach response plan in case of a security incident. In such a case, we will promptly investigate the situation, notify affected users, and take necessary steps in compliance with applicable laws and regulations. For more information, please visit our Policy on Keeping Information Safe.
12) How long is my data saved?
As specified in our data retention policy, data is saved for at least 12 months.
- You are in control of what is retained. If you delete individual meetings, the data will be deleted and purged from our systems immediately and irreversibly.
- If you delete your account, all of your meeting data will be irreversibly deleted within 30 days.
Note: Once your data has been deleted, it is permanently gone and irrevocable, so be sure to download any important recordings or transcripts before canceling your subscription.
13) Can I turn Fireflies off for certain meetings, or will Fireflies always be listening?
- Yes, you can decide not to invite Fireflies to the meeting or bar it from entering certain meetings.
- If it's already in the meeting, you can remove it at any time.
- See the guide here: Getting started with Fireflies.ai
14) Is there a notification to inform participants that Fred will be joining, transcribing, and summarizing?
- Fireflies can send a pre-meeting email to participants 1 hour before the meeting to ask for their consent to record. This is configurable in your settings page
- The email will explain that Fireflies was invited to take notes and transcribe the meeting.
- The message is customizable, and participants can opt out of the recording by clicking on a link in the email. If a participant opts out, Fireflies will not join the meeting.
Related article: The 5 different ways to ensure meeting compliance at Fireflies
15) Is there an SSO integration within Fireflies.ai?
- Yes. SSO is available on the Enterprise tier. Please reach out to firstname.lastname@example.org to enable it for your team.
We hope we’ve answered most of your data security and privacy concerns at Fireflies.