How Fireflies Protects Meeting Data in the AI Era (Full Transcript)

[00:00:03] Speaker 1: This webinar, your Firefly's Fortress, these are topics that are very, very important to every tech company, every company out there, actually, to be honest, and we're more than happy to cover these with you today. I'm going to make a quick intro. I have Hui here, our product manager.

[00:00:26] Speaker 2: Hi, everyone. My name is Hui, and I'm the product manager at Firefly, specializing in privacy, security, and admin control.

[00:00:34] Speaker 1: Thank you, Hui. So today, we're going to dive in straight away into these topics. They're very important, like I mentioned, and we would like to give you an overview of what Firefly does when it comes to privacy, security, and compliancy, and also a little bit of tips and tricks on how you can basically access some exclusive features that we have that will ensure that these pillars of protection are bulletproof. So we will now start with a poll that kind of gives you an impression of how we're going to take the privacy subject into account for the webinar. I'm going to put the poll on the chat, and the question is very simple. Who here has been asked by their legal slash security team to audit which tools have access to the company's conversations? I'm going to give you a few seconds for you to make that pick. And why are we asking this question? Because there is a trust gap, the trust gap between AI adoption and privacy. And I'll hand it over to Hui, who will just cover that with you.

[00:02:04] Speaker 2: So as you guys, I'm sure you guys already know, there's a clear tension between the AI adoption within an enterprise setting versus the privacy concern that AI and LLM bring to the table. On one hand, you would like to use LLM in your workspace because it's increased productivity, it's easier to use, and there are a lot of cool functionalities that you can do with chat GPT, with Cloud. There's also the privacy concern of who owns this data, whether your meeting transcript is being trained, used to train any AI algorithm, who's having access to this meeting, is your meeting transcript being kept strictly confidential and protected? Since after all, meeting transcript is one of the most sensitive meeting data on the internet.

[00:02:56] Speaker 1: That's right. That's a very, very sensitive piece of data, meeting conversations. So how do we cover these pillars of protection? Could you give us an idea, an overview on our framework?

[00:03:09] Speaker 2: At Fireflies, we believe that your meeting data should be protected at all costs, and it is one of the most highest priority within Fireflies. Essentially, we look at meeting data with three pillar framework for protection. We have privacy and ownership to protect your conversation. We have admin control to provide enterprise-graded control over your admin for your organization. And we provide Fort Knox security practices to meet our regulatory excellences.

[00:03:44] Speaker 1: Thank you, Hui. That's very important. Really good to know. So privacy, the first pillar of the three, your conversations, your control. What makes us different?

[00:03:57] Speaker 2: So what makes us different from the market is that we explicitly state customer owns their data. This is explicitly stated on our TOS. You own your data, which means you have full control over your data, including how it's being used, who has access to it, and whether your data is being used by any purposes. We do this because we strictly believe that your data should be used just for you. We do not use your data to train any AI algorithm. Your data is meant to keep strictly protected, which is why even though we use third-party AI vendors, such as OpenAI, AssemblyAI, we enforce something called zero-day retention policy. This policy enforced our AI vendors that they are not allowed to store or access Fireflies data. They're not allowed to use Fireflies data to train any AI algorithm. In short, your meeting transcript is kept strictly confidential during the usage of LLM on our platform. There's no data training. There's no accessing your data without your consent, which brings us to the third option, which is called least privilege principle. This principle enforces even internally that we do not access your data by any means necessary without your explicit consent. We only access your data when you contact us, provide your consent for us to go in and debug any issue that you may have on Fireflies. Otherwise, we do not provide any access to anyone without your consent. And lastly, we have an offering called private storage. To clearly demonstrate private storage option, I will have a walkthrough of our data flow on Fireflies. Here's a regular data on Fireflies. On the top, you'll see a meeting, a computer. This is where the meeting is going on. And Fireflies join the meeting to record and capture the conversation. It will then go through Fireflies cloud infrastructure domain. It will go through the transcription services, the ASR on the bottom to transcribe your meeting. And it will go to OpenAI for the summarize and for the action items. These are the third party AI vendors that we are leveraging, which we have been forced to do a retention policy so that they do not have access to the data. Once your meeting is transcribed and summarized, we will store the data onto our AWS storage, which is in the US by default. However, we also provide something called private storage. Private storage follows the same procedure as the regular storage, but instead of having the data stored on the same cloud container on Fireflies, we will spin up a separate storage that stores only the organization data. And the cool thing is that this storage will be stored at any place, any location that you prefer outside the US. It can be stored in the EU, in Asia, in the Middle East, depending on where your team compliance is required to be. We even take one step further and we provide something called bring your own storage solution. So bring your own storage solution means that you can provide your own cloud storage through AWS or Google Cloud Storage. You provide us the storage, the access needed to that storage, and we will automatically store your data onto that storage so that you will have complete control over your data along with who is having access to it. This is the most, this is the more private option that we provide so that you have full control over your own data. So we don't just talk about you, you own the data, you physically will host the data on your server. So that is the private storage.

[00:08:14] Speaker 1: That is really good. Really good. Because that is the total control that people need. And when I say people, I say organizations as well, because we both know that some organizations actually have as a requirement to store that data in a specific region of the world, right? Given the type of data that they host. And I was very reassured to know that even though we use those 30-party services, they just work with the data for what we need and never store it during the process. Really, really good. I'm going to take the opportunity to share a quick help desk guide that we have on how to set up private storage. If you didn't catch quite well who he was covering, I'm going to put that on a chat. In general, the help desk has very, very good articles that will help you, you know, guide you through the privacy, security, and compliance topics that we're covering today. And I'll be sharing more links during this webinar. It's time to bring the slides back on, Hui. And move to the next one.

[00:09:24] Speaker 2: Yeah. So our goal with privacy is that it's not just the compliances, it's a peace of mind for our user. When you know that your conversation are kept protected, you will feel safe and more engaging and communicate more openly and honestly during your meeting.

[00:09:41] Speaker 1: I think it's quite straightforward, isn't it? You know, I know a lot of people, friends of mine, actually use the little camera cover as well. You know, we know that Apple have used the little orange icon at the top to show that, you know, the mic is working, the camera is on. So you always know when data is actually being captured. So this statement that you just put in here for us is actually really, really crucial if you come to think of it. So you'll say, if you get all the certifications, you got all the, you know, the reassurances from the company that data is being taken care of properly and it's not being used for more than what you need, then it's literally peace of mind. Okay, so moving forward, let's try to translate that into things that people actually can measure in the real world. Give us an overview.

[00:10:40] Speaker 2: So as you, I'm sure you already know, but every conversation on Fiverr that you have is has a lot of implication and naturally would like to be kept strictly confidential. In healthcare, the HIPAA compliance patient consultation, you go to meet a doctor, you will expect that conversation to be strictly confidential and not shared to anyone. Same with legal, with the attorney, client privilege protection, for finance, for HR, you would not want your performance review to be accessible by anyone, even internally within your company. Same with your PM's discussion, your strategy sync discussion, your internal meeting data. Every meeting that captured by Firefly should be able to be protected and private all the same. That's true.

[00:11:32] Speaker 1: That's really good to know as well. Okay, moving forward, we're going to cover now the second pillar of protection that you mentioned to us early on, admin controls. So what do we mean by enterprise grade control at your fingertips?

[00:11:53] Speaker 2: At Firefly, for admin control, we believe in the philosophy set at once and enforce everywhere. So we have invested a lot in rules-engine automation, where you can create rules configuration to automatically route a meeting, to provide meeting access to different personnel, depending on what you need. We provide super admin, where one person can have access, full access to every meeting on your workspace, even the private one. We also have user group setting coming soon, where you can enforce the setting onto a user group level. So different type of user will have different setting and you can have flexibility in enforcing them. I can do a walkthrough with the rules-engine for everyone to see how it works in action. That'll be really cool. So in the rules-engine, in the team setting page, you will be able to create a rules. For example, let's say if meeting title is security webinar, and then you will be able to decide whether it should be shared to a particular user, or if this meeting privacy should be changed, and you can dictate how it should be changed into. With this, you will have a very flexible configuration to how you want your meeting to be accessed internally. That's really good. And with rules-engine, it means that you can set it once, and then you trust that all your upcoming meeting will be respected by that rules-engine. You no longer have to manually worry about who's having access to what, because you have full control over it.

[00:13:52] Speaker 1: Again, that peace of mind that people look for when they're working, isn't it? It's AI running in the background, helping you be more productive, more efficient, but at the same time, all of these measurements in terms of security and privacy are invisible. You don't even feel it, but they are there and they're running. They're running free. Amazing. What about scaling?

[00:14:18] Speaker 2: With this automation setup, we believe that it will help the organization to scale within Fireflies, no matter if you are managing 50 people, 100 people, or more than 1,000 users. With this setting, you can spend some time, create all the different configurations, and have a peace of mind that this is working as expected, and different people will have different levels of access on your workspace.

[00:14:45] Speaker 1: Thank you, Hui. I actually also added the help desk guide for rules-engine and super-admin onto the chat so that you can follow step-by-step guides on how to work with these features. As Hui said, you can spend some time configuring, but it's actually quite quick and very easy. Moving forward, let's talk about the last and not least, third pillar of protection, which is security and compliance. All to you.

[00:15:17] Speaker 2: Here's our final pillar. We believe in security and compliance so that you believe our meeting data is kept strictly secure. Your conversation should not just be private, it should be secure against external attacker that wants to get their hands on your data, which means that you will have a peace of mind having a conversation captured by Fireflies, knowing that your data is not accessible by anyone, even if they try to. We provide bulletproof protection. We all enterprise-grade security measure that are SOC2 type 2 compliances, GDPR and HIPAA compliances. We are regularly audited by third-party vendors to ensure that we meet our security compliance every year, so that we try to be always up-to-date, provide newest updates to security, fixes all the vulnerabilities. We even have a HackerOne bug bounty program for all the hackers to pen test and stress test our product to ensure that our security is top-notch.

[00:16:28] Speaker 1: Yes, I'm going to quickly fetch that link so that everyone will have access to that information as well. I think there's one help desk article. Oh, no, I don't think I know. One help desk article that covers all of these certifications, encryption, and obviously our other features related to privacy and security. So it's really, really good to know. It's not just about how we manage the data internally, not how we see it with our third-party vendors, but also making sure that while the data is being used within Fireflies, that is also protected against eventual attacks and all sorts of vulnerabilities. That's really cool, Hui. Moving forward, we want to go back to this statement, don't we?

[00:17:21] Speaker 2: Yeah, as always, security is invisible when it works. You should not notice or think about how your meeting is private and secure. It should just work in the background, and you will be fully focused on your conversation to your teammates. And with all that said, we believe that trust has to be earned, not given, which is why we do our best to protect your data, so you can feel safe and trust that we're doing our best to protect you. And we do this through both our talk and our action, so that you can see the effort that we're putting in to protect your data, and you can believe that we will continue to do our best to protect your data as we move forward.

[00:18:12] Speaker 1: Thank you very much, Hui. I think we covered everything. I've also added to the chat the trust.fireflies.ai page for all of the information regarding your last statement and obviously how we manage data and privacy and security. It's very reassuring to know that our company is looking after every single little bit of data in the most respectful and secure way. If you have any questions related to any of these topics, please do reach out on our socials or even via email with the support teams. We're here to help. Hopefully these helpdesk articles can give you also a lot of food for thought and can answer the questions that you may have. But that's it from us for now. Thank you very much. See you soon. Bye, everyone.

[00:19:05] Speaker 2: Thank you for attending.