Security and Privacy
We want to ensure system security and customer privacy is a priority at every step of the engineering process. All employees are required to go through security training and best practices for data handling.
SOC 2 TYPE 2 & GDPR COMPLIANTTechnology
Fireflies is built on top of infrastructure and services that uses industry grade security standards. We encrypt your data at rest, including emails, calendar events and other personally identifiable metadata.
Security compliances
SOC2
Our SOC 2 (Type 2) shows our commitment towards a continuous effective build and improvement of our system and organization controls regarding security, privacy, availability, and confidentiality. This report explains the extreme care we take to earn and maintain our users' trust in Fireflies, its systems, and product. Request your report here.
GDPR
Fireflies is committed to ensuring ongoing compliance with the General Data Protection Regulation (GDPR). At Fireflies, data security and privacy serve as the major pillars we work with. Consent is a key factor in ensuring the trust of our users
HIPAA
Fireflies ensures the highest standards of data protection and privacy in compliance with HIPAA. Our systems safeguard the privacy and security of protected health information (PHI), demonstrating our commitment to protecting users' sensitive health data.
Process
- Data Encryption
- Data Availability
- Secure development
- Third party audits
Strict controls over data accessStrict controls over data access
We use a 256-bit AES encryption in storage and a 256-bit SSL/TLS encryption in transit. Our Private storage provides you with dedicated and isolated data storage, in the location of your choice. Our database is hosted in a Virtual Private Cloud with AWS. AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001.
Uptime and loggingUptime and logging
Our production environments have security logging, uptime monitoring, and system availability metrics of our core services. This helps our security team enforce automated monitoring and uptime.
We implement coding best practices focused on the OWASP Top TenWe implement coding best practices focused on the OWASP Top Ten
Development, testing, and production environments are separated. All code changes are peer reviewed and tested prior to deployment into production.
Third party auditThird party audit
In addition to our extensive internal scanning and testing program, we employ third-party security experts to perform penetration tests.
Our Commitment on privacy
- Privacy assessments
Impact assessmentImpact assessment
We continuously evaluate the impact of our activities on data privacy to ensure that we collect the minimum data needed to improve our practices.
Here's our FAQs documentation for extra clarification.
In the event all the given informations are unclear, please contact us through security@fireflies.ai for further clarification. We will respond as soon as we can.