[go: up one dir, main page]

Privacy for humans

Last updated: October 25, 2024

At Krisp, we believe in protecting your privacy and ensuring the security of your personal information. We also believe that reading some complex legal texts may be tiresome and difficult to understand, so we decided to create this page to help you be informed about what information we collect, how we use it, and how we keep it safe. For more detailed information about how we use personal data, please review our Privacy Policy for AI Meeting Assistant. You can find some useful information on our Security for AI Meeting Assistant webpage as well.

When detailing our privacy practices, we will inevitably use some technical terms, so we have posted below a short vocabulary of such terms which can help you understand what we mean.

  • AWS: AWS (Amazon Web Services) is a cloud computing platform that allows us to access computing resources (like storage, processing power, and networking). It’s like renting a computer instead of buying one. AWS is used to run websites, process data, and store information securely in the cloud.
  • Database: an organized collection of data that is stored and accessed using a computer system. The data in a database can be any information connected with providing our services, like customer names and contact information.
  • Encryption At-rest: a way of protecting information that is stored on a computer or other device by converting it into a secret code. At-rest encryption is used to keep personal information safe from unauthorized access even if someone gains access to the device where it is stored.
  • Encryption In-transit: a way of protecting information that is being sent from one device to another, such as when you send an email or make an online purchase. In-transit encryption is used to keep personal information safe from hackers or other unauthorized people who might try to intercept the information as it travels over the internet.
  • Personal Information: any information that can be used to uniquely identify an individual, such as name, email address, or billing information.
  • Subprocessors: organizations that provide services to Krisp. It’s like hiring someone to do a job for you instead of doing it yourself. At Krisp, subprocessors are used for things like processing payments, handling customer support, or providing website hosting.
  • VPC: A VPC (Virtual Private Cloud) is a way of creating a private, secure network in the cloud. A VPC allows us to control access to our resources and keep them separate from other users of the cloud. 

Where Does Your Data Go Within Krisp?

We take privacy seriously and store your data securely in our servers. Your data is encrypted and can only be accessed by authorized personnel within Krisp.

As you use Krisp, some of your data may be stored on our cloud in order to provide our services to you. Such data consists of your email address, call insights metadata, analytics data, transcripts, meeting recording, and so on. This data is stored on an encrypted database both at-rest and in-transit within Amazon Web Services (AWS).  The server is only accessible by privileged servers in a Virtual Private Cloud (VPC). Encrypted data is also sent to a caching layer, which is also secured in a VPC and inaccessible between AWS data centers.

Who May We Share Your Data With?

We will never sell your personal information to third parties. However, we may share your information with our subprocessors who help us provide our services. For example, we may use a payment processor to process your payments. We only share the minimum necessary information with our subprocessors or group of affiliates and require them to maintain at least the same level of security and privacy as Krisp. Subprocessors may only access or process personal data in the following cases:

  • On behalf of you as a Krisp user
  • In accordance with your instructions as communicated by Krisp
  • In accordance with the terms of a written contract between Krisp and the subprocessor

We have entered into written contracts with all of our subprocessors that require them to:

  • Protect personal data with appropriate security measures
  • Not use personal data for any purpose other than as instructed by Krisp
  • Delete personal data when instructed by Krisp

We regularly review our subprocessors to ensure that they are meeting their obligations under applicable Data Protection and Privacy regulations. If you have any questions about our subprocessors, please contact us. To ensure transparency, below you can find the list of our subprocessors and the details of processing of personal data by them.

Amazon Web Services (AWS)
Location: United States
Nature of Processing: Cloud Hosting Services and Storage
What: AWS is the cloud provider we use at Krisp to run our service. AWS processes, hosts, and stores your account and data with us.
Why: AWS provides Krisp with a reliable, scalable, and secure global computing infrastructure. In addition, AWS data centers have rigorous security, physical, and environmental controls to ensure these risks are mitigated. By utilizing AWS services, we can concentrate on delivering the best user experience without distractions.

SendGrid
Location: United States
Nature of Processing: Email Delivery Services
What: SendGrid’s email delivery services include sending emails, tracking email opens and clicks, and managing email lists.
Why: Krisp relies on SendGrid’s dependable and scalable email delivery service, which not only ensures reliability but also offers a wide range of features to enhance the overall experience. SendGrid places a high priority on data privacy and security, implementing robust measures to safeguard sensitive information and maintain the integrity of their systems.

HubSpot
Location: United States
Nature of Processing: Marketing Automation Services
What: HubSpot’s marketing automation services allow Krisp to send email marketing campaigns and track the results of those campaigns. This data can include information about email opens, clicks, and unsubscribes.
Why: HubSpot’s marketing automation solutions enable us to optimize efficiency, achieve better outcomes, and grow our operations effectively. Moreover, HubSpot furnishes valuable insights into our users’ preferences and behaviors. To uphold the confidentiality and security of personal data, HubSpot has implemented comprehensive technical and organizational safeguards in their data processing procedures.

Drift
Location: United States
Nature of Processing: Marketing and Sales Acceleration
What: Drift provides live chat services, chat analytics and chat intelligence services to us. We use Drift services when chatting with our existing and potential customers.
Why: Drift offers live chat functionalities that enable us to engage in real-time conversations with both prospective and current customers. By utilizing Drift, we not only have the ability to chat with individuals instantly but also gain valuable insights from analytics on these chat interactions. These analytics provide us with a deeper understanding of our customers, including their preferences, challenges, and objections, allowing us to better tailor our approach and enhance customer satisfaction.

Zendesk
Location: United States
Nature of Processing: Customer support service
What: Zendesk is a customer ticketing system, or help desk system, which allows us to track, prioritize, and solve customer support requests. Zendesk allows our Customer Care team to assist our community in many different ways; email, webform, chat and others.
Why: Zendesk plays a pivotal role in cultivating strong customer relationships through customized and prompt support services. Additionally, it provides us with a centralized platform to manage customer support requests and inquiries, guaranteeing that our customers receive the best assistance and attention.

Slack
Location: United States
Nature of Processing: Customer support internal communications
What: Slack stores and processes the content of internal communications among our team members regarding customer support requests. This may include details about the request itself, such as the customer’s identifiers, issue description, and any troubleshooting steps taken.
Why: We use Slack to facilitate efficient collaboration and communication within our teams. This allows our customer support team members to share information about customer requests and seek assistance from colleagues. Using Slack helps us provide faster and more effective support to our customers.

Stripe
Location
: United States
Nature of Processing: Payment processing
What: Stripe is a payment processor which collects payment information on our behalf in order to complete transactions.
Why: We do not directly collect your payment information and we do not store it. Instead, we rely on Stripe, a PCI-compliant payment processor, to handle payment transactions on our behalf. This means that Stripe securely receives and processes payments, ensuring the confidentiality and safety of your payment information.

PayPal
Location: United States
Nature of Processing: Payment processing
What: PayPal is a payment processor which collects payment information on our behalf in order to complete transactions.
Why: We do not directly collect your payment information and we do not store it. Instead, we rely on PayPal, a PCI-compliant payment processor, to handle payment transactions on our behalf. This means that Stripe securely receives and processes payments, ensuring the confidentiality and safety of your payment information.

Google Analytics
Location: United States
Nature of Processing: Business Analytics 
What: Google Analytics is a web analytics service that helps us track our website,  analyze and provide reports on website traffic
Why: Google Analytics is a valuable tool for us to track and analyze our website traffic. The data provided by Google Analytics can be used to track the effectiveness of marketing campaigns, identify trends in website traffic, improve the user experience  and make informed decisions about marketing and website development. Google handles personal data in a responsible manner and has a number of security measures in place to protect your personal data.

Tableau
Location: United States
Nature of Processing: Business Analytics
What: Tableau is a data visualization and business intelligence platform that helps us analyze data. Tableau offers a variety of features, including data connection, data preparation, data analysis and dashboard and report creation.
Why: Tableau is a valuable tool which enables us to analyze large amounts of data quickly and efficiently. Tableau helps us gain insights about your usage of Krisp and make better business decisions. Tableau is also a trusted brand that has a proven track record of protecting personal data.

Sentry
Location: United States
Nature of Processing: Logging and Monitoring
What: Sentry is used as one of our error logging platforms. We use Sentry to capture errors thrown within our Service to better understand and resolve issues in real-time.
Why: To help us fix bugs, we send some data to Sentry, including your IP address and user ID. Your IP address helps us determine the general location where the error occurred, and it can also be used to identify bugs that are related to time zones. Your customer ID helps us quickly find and diagnose issues that are reported by our users in our customer support panel.

Papertrail
Location: United States
Nature of Processing: Logging and Monitoring
What: Papertrail is a cloud-based log management and aggregation service. The platform allows us to collect, search, and analyze log data from our app, systems, and servers.
Why: We use Papertrail to monitor and troubleshoot our systems and applications by aggregating logs in a single location, making it easier to identify and resolve issues. Papertrail offers real-time log streaming, search, and filtering capabilities that enable us to quickly identify and diagnose problems and perform root cause analysis.

Hotjar
Location: United States
Nature of Processing: Web Analytics
What: Hotjar is a web analytics and user feedback tool. The platform allows us to understand how our website is used, and collect feedback from our users.
Why: We use Hotjar to collect data on how users interact with their website, including user clicks, scroll behavior, and heatmaps of where users spend their time on a page. Hotjar also offers features such as user feedback tools, survey tools, and funnel analysis tools to help us better understand our customers and make data-driven decisions to improve user experience and conversion rates.

Typeform
Location: United States
Nature of Processing: Customer Feedback
What: Typeform is an online form and survey builder. Typeform allows us to create and share online surveys, forms, quizzes, and polls with our audience, and collect responses and feedback.
Why: We use Typeform to collect information from our audience through customizable, interactive forms that provide a better user experience. Typeform offers features such as branching logic, multimedia content, and advanced analytics tools to help us collect valuable data and insights from their audience.

Microsoft Azure
Location: United States
Nature of Processing: Backend support for certain product features
What:  We employ  Microsoft’s Azure OpenAI Service, which gives access to powerful language models and machine learning tools that can be used to automate tasks, analyze data, and improve business processes. Azure OpenAI Service offers state-of-the-art machine learning models that allow customers to access powerful language processing capabilities, such as text generation.
Why: Azure OpenAI Service is exclusively used for the purpose of providing AI-generated summaries of meeting transcripts to our users, ensuring that this data is utilized solely for this particular feature. Microsoft Azure is ISO 27001:2013, GDPR, and HIPAA compliant. Microsoft Azure doesn’t use customer data for their internal training purposes or for otherwise improving their services. More information on how Microsoft uses customer data is available via this link.

Anthropic
Location: United States
Nature of Processing: Backend support for certain product features
What:  We employ Anthropic’s Claude API, which gives access to powerful language models and machine learning tools that can be used to automate tasks or summarize texts, among other things.
Why: Anthropic’s Claude API is exclusively used for the purpose of providing our Meeting notes feature to our users, ensuring that this data is utilized solely for this particular feature. Anthropic is HIPAA and SOC 2 Type I and Type II compliant. Anthropic doesn’t use customer data for their internal training purposes or for otherwise improving their services.

Groq
Location: United States
Nature of Processing: Backend support for certain product features
What: We utilize Groq’s LPU™ AI inference technology, which provides fast and accurate meeting transcripts and summaries.
Why: Our partnership with Groq is exclusive to our Meeting Notes feature, ensuring that the data of our users is used solely for this purpose. Groq is SOC 2 Type II compliant. Groq doesn’t use customer data for their internal training purposes or for otherwise improving their services.

Nebius AI
Location: Finland
Nature of Processing: Backend support for certain product features
WhatWe use Nebius AI’s Inference Service, which provides fast and accurate meeting transcripts and summaries.
Why: Our partnership with Nebius AI is exclusive to our Meeting Notes feature, ensuring that the data of our users is used only within the scope of this feature. We have opted out from Nebius AI’s use of our customer data for internal training purposes or for otherwise improving their services.

Recall.ai
Location: United States
Nature of Processing: Meeting bot API service
What:  Recall.ai offers a universal API for meeting bots that provides access to real-time meeting data from various meeting platforms. It provides the required infrastructure and tools to build meeting bots efficiently.
Why: We use Recall.ai services when our customers elect to join their online meetings with a meeting bot. Recall.ai runs on SOC2 compliant infrastructure and monitors performance and reliability 24/7.

AssemblyAI
Location: United States
Nature of Processing: Cloud-based Speech-to-Text API service
What:  AssemblyAI’s speech-to-text AI models are a powerful and versatile tool that can be used to accurately transcribe audio data in multiple languages. AssemblyAI integrates with Recall.ai to transcribe the online meetings of our customers.
Why: We use AssemblyAI services when our customers elect to join their online meetings with a meeting bot. AssemblyAI is SOC 2 compliant and is committed to meeting GDPR, PCI-DSS, and other relevant standards.

We also use the following of our group affiliates to help us provide our services to you:

Krisp LLC
Location: Armenia
Nature of Processing: Support and Maintenance

Who Has Access to What Within Krisp?

We restrict access to your personal information to only those who need it to provide our services to you. This includes our employees, contractors, and subprocessors. We use access controls and authentication methods to ensure that only authorized personnel can access your data.
Our Customer Care team may be provided access to your data, such as your account or content, for the purposes of handling support requests.

Our technical team can be granted temporary access to our servers. This is only for debugging or development purposes. Each engineer has a unique key that identifies them within our systems. All actions are logged for 2 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base.

 

What is Krisp’s data retention policy?

Generally, your personal data is retained for as long as necessary to provide our services to you. However, certain personal information may be retained based on ongoing legitimate business needs (such as legal, tax, or accounting requirements) or when required for legal claims.

When there is no ongoing legitimate business need, your personal information will be either deleted or anonymized. Anonymization ensures that the data cannot be linked back to you, allowing it to be used for statistical purposes, as an example.

For more information or questions about data retention, please contact us at [email protected].

 

How Can I Export or Delete My Data?

You can request a copy of your personal information at any time by contacting us at [email protected]. We will respond to your request within a reasonable timeframe and provide you with a copy of your data in a commonly used format, such as CSV or JSON.

If you ever want to delete your data, deleting your account will permanently delete all of your data off our systems. This action is irreversible. Alternatively, you can request a deletion of a certain part of your data without deleting your account entirely.