Data Privacy & Security

Our commitment to building privacy-first AI products and protecting our users’ privacy lies at the core of what we do. Spoke is SOC 2 (Type 2) compliant and will be ISO 27001 certified in 2024.

We're always available to answer your questions about Spoke’s approach to Data Privacy and Security – please do not hesitate to contact us:

Request Data Processing Agreement (DPA) ->Request SOC 2 Type II report ->Get in touch via email ->
SOC 2 Security Compliance Badge. Awarded to Spoke.ai in October 2023.

Which data do you process?

To provide AI-powered features such as summarization and prioritization, we process messages from Slack and tools connected to Slack. All data is fully pseudonymized and/or anonymized before processing. We generally minimise the collection and storage of Personally Identifiable Information (PII). Any indirect PII data included in notifications processed by Spoke (e.g. names, phone numbers, or email addresses mentioned in a message) is fully anonymized or pseudonymized via Named Entity Recognition (NER) before being processed by any internal or external models.

We are headquartered in Germany and fully comply with GDPR. You can find a high level overview of GPDR requirements here.

You can read more in our Privacy Policy or reach out to us directly at any time at security@spoke.ai if you have any questions or concerns.

Which technologies do you work with and what about 3rd parties?

We work with a combination of different technologies, leveraging pre-trained models from partners OpenAI and Cohere, as well as developing and fine-tuning our own models (e.g. to identify and pseudonymize PII or to avoid any gender bias / other harmful content). When working with third parties (such as large pre-trained language models), we always have Data Processing Agreements (DPAs) in place and only share pseudonymized or anonymized PII data with such 3rd parties, who generally have no read/write access to any of our data. We’re constantly working on improving our models to ensure full data anonymization. You can find additional information in our Privacy Policy.

What are your policies around data retention and data deletion?

We follow the GDPR guidelines, meaning we will only process your data for as long as is necessary for the respective purposes or as long as there are legal retention obligations. After the respective processing purpose ceases to apply and the retention obligations end, your data will be routinely deleted.

Data Deletion requests or requests to be forgotten can be sent to security@spoke.ai and will be answered within 2 weeks.

What about data storage and application security?

Our technical infrastructure is hosted using AWS Managed Services, which allows us to adopt & maintain best-in-class security and compliance practices. Data at rest is fully encrypted using the 256-bit Advanced Encryption Standard (AES-256) and stored on AWS Servers in Germany (Region eu-central-1 → Frankfurt, Germany). Detailed information about AWS security is available at here and here, AWS SOC Reports are available here.

Additionally, all Spoke applications and website are SSL encrypted. We work with virtual private clouds (VPCs) with IP whitelisting and conduct regular internal audits.

What is your approach to operational security within Spoke?

All team members at Spoke.ai receive the appropriate tools & training to ensure best in class security protocols. We have strict controls for access management via AWS Identity and Access Management (IAM) as well as device management.

In order to protect the confidentiality of all data, team members are required to take reasonable measures to safeguard and prevent unauthorized access or disclosure of confidential information. This includes, but is not limited to, ensuring that all confidential information is kept in a secure location and that only authorized personnel have access to it.

All team members must follow certain requirements, like encrypting storage media and using two-factor authentication (2FA). Usage of strong passwords is enforced and centrally managed. All communication is done through securely encrypted channels. We have a thorough access removal process that helps to ensure that all company property is returned and that access to company systems is properly removed.

How do you deal with potentially harmful AI-generated content and data biases (e.g. gender bias)?

One of our core values at Spoke focuses on building AI-products in a human-centred and responsible manner. For example, we remove all gendered pronouns from all content we generate and we’re constantly reviewing our models to diminish the possibility of any harmful content. Users always have the possibility to give direct feedback and report harmful or inappropriate content.

Get early access to Spoke

The Priority Inbox for Product Builders ⚡️

Terms and Privacy Policy of Spoke Technologies GmbH apply.

🙏 Thank you! Just one more step to secure your spot:
You'll shortly get an email, just follow the link and take 1 min to tell us a bit more about yourself!
Didn't receive an email? Directly fill out the survey here.
Oops! Something went wrong while submitting the form.