Do they own your data? Fireflies.ai Privacy Policy Reviewed.
Issues include data usage for marketing purposes, third-party data sharing, limitations on liability for data breaches, and potential challenges with regulatory compliance like GDPR and HIPAA.
TL;DR: Companies handling highly sensitive calls may face significant privacy concerns when using Fireflies.ai for call recording. Issues include data usage for marketing purposes, third-party data sharing, limitations on liability for data breaches, and potential challenges with regulatory compliance like GDPR and HIPAA. An alternative solution like BuildBetter.ai, which is GDPR, SOC 2 Type 2, and HIPAA compliant, does not train on customer data, and grants full ownership of data to customers, may better meet stringent privacy requirements for sensitive communications.
Our team scored Fireflies.ai a 2/10 on privacy regarding using them for a business user case.
Evaluating Privacy Concerns When Using Fireflies.ai for Sensitive Call Recordings
Introduction
When dealing with highly sensitive calls and working with individuals requiring strict confidentiality, it's crucial to understand how your call recording and transcription service handles data privacy and security. Fireflies.ai is a popular platform offering these services, but it's important to scrutinize their privacy policy (Last Updated: May 03, 2024) to ensure it aligns with your company's privacy standards and regulatory obligations. This post provides a detailed analysis of Fireflies.ai's privacy policy to highlight potential concerns for organizations handling sensitive information.
1. Use of Personal Information for Marketing Purposes
Privacy Policy Insight:
Under Section 3: Use of Collected Information, Fireflies.ai states:
"We use the information you provide to us for the following purposes: ... (v) to provide you with further information and offers from us or third parties that we believe you may find useful or interesting, such as newsletters, marketing or promotional materials."
What This Means for You:
Your personal information, which could include data from sensitive calls, may be used for marketing purposes or shared with third parties for promotional materials. This raises concerns about confidentiality and whether sensitive information might be exposed or used in ways that do not align with your company's privacy policies.
2. Third-Party Data Sharing
Privacy Policy Insight:
In Section 4: Third Parties We Share Personal Information With, Fireflies.ai mentions:
"We may disclose personal information that you provide to us or that we collect automatically on the Site and through our Services to the following categories of third parties, but only if it is necessary and in compliance with relevant laws and regulations:
- Service providers, such as payment processors, web hosting and data storage providers, and those who help us deliver and develop our Services.
- Public authorities, such as law enforcement, if we are legally required to do so or if it is necessary to protect our rights or the rights of third parties."
What This Means for You:
Your data may be shared with various third parties, including service providers and public authorities. This increases the risk of unauthorized access or misuse of sensitive information. Additionally, data may be disclosed without your consent, potentially conflicting with confidentiality agreements and exposing sensitive call content.
3. Use of Artificial Intelligence (AI) and Data Processing
Privacy Policy Insight:
In Section 8: Managing Your Privacy, Fireflies.ai states:
"For certain of its services, Fireflies.ai may employ Artificial Intelligence (AI) or other similar technologies, which may include the processing of user data. Fireflies.ai will take reasonable means to preserve the privacy and security of such data, but Fireflies.ai is not liable for any loss or harm resulting from the user's use of AI or similar technologies."
What This Means for You:
Fireflies.ai uses AI technologies that process user data, possibly including sensitive call recordings. They disclaim liability for any loss or harm resulting from the use of AI. This could leave your company vulnerable in the event of data breaches or misuse arising from AI processing, without recourse to hold Fireflies.ai accountable.
4. Limited Liability for Data Security
Privacy Policy Insight:
Under Section 6: Security, Fireflies.ai mentions:
"Fireflies.ai uses a variety of industry-standard security technologies and procedures to help protect Personal Information about you from unauthorized access, use, or disclosure..."
However, in Section 8: Managing Your Privacy, they state:
"Fireflies.ai is not liable for any loss or harm resulting from the user's use of AI or similar technologies... [The user] agrees to indemnify and hold Fireflies.ai harmless for any claims, damages, or losses resulting from such usage."
What This Means for You:
While Fireflies.ai implements standard security measures, they limit their liability regarding loss or harm resulting from the use of AI technologies. This limitation may be concerning for companies requiring strong assurances about data security, especially for sensitive information. The indemnification clause shifts risk to your company.
5. Data Retention and Deletion Policies
Privacy Policy Insight:
In Section 13: Data Retention, Fireflies.ai states:
"We will delete your Personal Information when it is no longer needed for the purposes for which it was collected, or when you request us to do so. Please note that we may be required by law or other legal obligations to retain some of your Personal Information, even after your request for deletion."
What This Means for You:
There may be circumstances where Fireflies.ai retains your data even after a deletion request, due to legal obligations. This could conflict with your company's policies on data retention and the need for immediate deletion of sensitive information, potentially increasing the risk of unauthorized access over time.
6. International Data Transfers and Compliance
Privacy Policy Insight:
Under Section 11: International Transfers of Personal Information, Fireflies.ai mentions:
"Personal Information that we collect in and through the Services and on the Site may be transferred to our U.S. offices... Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected."
They also state:
"In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Notice and in compliance with applicable laws."
What This Means for You:
International data transfers can complicate compliance with regulations like GDPR or HIPAA. If your calls involve personal data from regions with strict data protection laws, using Fireflies.ai may pose compliance risks due to potential differences in legal standards and protections.
7. Control Over Data and User Responsibility
Privacy Policy Insight:
In Section 8: Managing Your Privacy, Fireflies.ai states:
"You can correct or terminate and delete your Account information by following the instructions on the Services or by email at security@Fireflies.ai... If you cancel your Account or request us to delete your information, Fireflies.ai will limit its access to Personal Information to perform what is requested by you and will delete information accessible to Fireflies.ai within seven business days."
What This Means for You:
While you have the ability to manage your data, the responsibility falls on you to initiate deletion. There may be a delay (up to seven business days) before data is deleted, which could be problematic when handling sensitive information that requires immediate removal.
8. Data Sharing with Public Authorities
Privacy Policy Insight:
In Section 4: Third Parties We Share Personal Information With, Fireflies.ai mentions:
"Public authorities, such as law enforcement, if we are legally required to do so or if it is necessary to protect our rights or the rights of third parties."
What This Means for You:
Your sensitive data could be disclosed to law enforcement or other authorities without your knowledge or consent. This could breach confidentiality agreements and expose sensitive information, with your company possibly being unaware of such disclosures and unable to take protective measures.
9. Use of Cookies and Tracking Technologies
Privacy Policy Insight:
Under Section 2: How We Use Cookies and Other Technologies, Fireflies.ai states:
"The Company may use various tracking technologies, such as cookies, web beacons, and local shared objects, on the Site... These technologies may collect information about your device, browsing habits, and usage of the Site..."
What This Means for You:
Cookies and tracking technologies may collect data about your usage of the Services, potentially revealing sensitive operational information. If these technologies involve third-party services, there may be additional risks regarding data sharing and privacy, which could be a concern for companies requiring strict confidentiality.
10. Links to Third-Party Websites
Privacy Policy Insight:
In Section 5: Links to Other Websites, Fireflies.ai mentions:
"We are not responsible for what is on these sites or what they offer... You use these websites run by other people at your own risk."
What This Means for You:
Interacting with third-party websites or services through links provided by Fireflies.ai may expose you to additional privacy risks. These external sites may have different privacy practices, potentially compromising sensitive information if not handled carefully.
11. Data Processing by Third-Party Controllers
Privacy Policy Insight:
Under Section 11: Accountability for Onward Transfer, Fireflies.ai states:
"When transferring personal information to a third party acting as a controller, Fireflies.ai may enter into a contractual agreement that ensures the data may only be processed for limited and specified purposes consistent with individual consent."
What This Means for You:
Your data might be transferred to third parties acting as data controllers, over whom Fireflies.ai has limited control. This introduces additional risks regarding how your sensitive data is processed and protected, potentially leading to unauthorized use or exposure.
12. Opt-In Requirements for Sensitive Information
Privacy Policy Insight:
In Section 11: Choice, Fireflies.ai states:
"For sensitive information, Fireflies.ai may obtain affirmative express consent (opt-in) from individuals prior to disclosure to a third party or use for a purpose other than those originally collected or subsequently authorized."
What This Means for You:
While there are provisions for obtaining consent before using sensitive information, the policy uses the word "may," suggesting that obtaining opt-in consent is not guaranteed. This ambiguity could result in your sensitive data being used or shared without explicit consent.
Introducing BuildBetter.ai as a Secure Alternative
Given these concerns, companies require a solution that prioritizes data privacy and security. BuildBetter.ai emerges as a robust alternative:
- Compliance: BuildBetter.ai is GDPR, SOC 2 Type 2, and HIPAA compliant, ensuring adherence to international data protection regulations.
- Data Ownership: Customers retain full ownership of their data, providing control over how it's used and stored.
- Data Usage: BuildBetter.ai does not train on customer data, eliminating risks associated with AI model training on sensitive information.
- Security Measures: With stringent security protocols, BuildBetter.ai safeguards your data against unauthorized access and breaches.
- No Third-Party Sharing: They avoid unnecessary data sharing with third parties, minimizing exposure risks.
What This Means for You:
Using BuildBetter.ai allows your company to leverage call recording and transcription services without compromising on privacy. It ensures that sensitive information remains confidential, complies with all relevant regulations, and provides you with full control over your data.
Conclusion
For companies handling highly sensitive calls and working with individuals requiring strict confidentiality, using Fireflies.ai for call recording presents several privacy concerns. These range from data usage for marketing and third-party sharing to limitations on liability and challenges with regulatory compliance.
Recommendations:
- Conduct a Comprehensive Risk Assessment: Evaluate how Fireflies.ai's data practices align with your company's privacy requirements and legal obligations.
- Choose Compliance-Focused Tools: Opt for solutions like BuildBetter.ai that prioritize regulatory compliance and data security.
- Maintain Control Over Data: Ensure that you retain ownership and control over your data to prevent unauthorized use.
- Implement Additional Security Measures: If proceeding with Fireflies.ai, consider adding encryption or other security enhancements where possible.
- Consult Legal Experts: Engage with legal counsel specializing in data privacy to navigate potential liabilities and ensure full compliance.
By making informed choices, your company can protect sensitive information and maintain the trust of the individuals you work with.
Disclaimer: This post is for informational purposes only and does not constitute legal advice. Companies should consult with qualified legal professionals to address specific concerns related to privacy and data protection.