<aside> 💡 Vanta Trust Report: https://app.vanta.com/fireflies/trust/u6469ujlwmoxqblnrwoksa

</aside>

Is Fireflies SOC 2 compliant?

Fireflies is SOC 2 Type 2 compliant and we maintain our compliance annually. For details on the report, please send an email to security@fireflies.ai

Is Fireflies HIPAA compliant?

Fireflies is compliant with HIPAA standards

Where would our data be stored? Where are the servers located?

Data is stored in S3 in Amazon Web Services (AWS) and processed in our private Google Cloud Platform (GCP) data centers. Both of our data centers are located in the US. This provides both security and ease of use.

For more information about AWS security, please see: https://aws.amazon.com/security/ For more information about GCP security, please see: https://cloud.google.com/security

Who owns the data? Describe the circumstances in which customer data is allowed to leave your production systems? Who owns the rights to the content?

Ultimately, you own your data. Though it's stored in the cloud, your data can be purged and deleted immediately at your authenticated request.

Data privacy - how does Fireflies comply with UK/EU data protection requirements?

Our servers are currently hosted in US data centres, Our company has built our product in accordance with General Data Protection Regulation (GDPR) regulations. However, EU residents who wish to use our service, "Fireflies," will need to accept the terms and conditions of having their data processed in the United States. For corporate organizations that are required to strictly process data within the United Kingdom, we offer private cloud services to meet their needs. To see more details about how we comply, you can view our full report here:

[Fireflies.ai GDPR Report.pdf](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/56ab58f3-9eaa-4211-b2b2-14d23a912db7/FireFlies_GDPR_Report.pdf)

Does Fireflies have access rights to the data? Do any third parties get sold content or contact details?