Our commitment to building privacy-first AI products and protecting our users’ privacy lies at the core of what we do. Spoke is SOC 2 (Type 2) compliant and will be ISO 27001 certified in 2024.
We're always available to answer your questions about Spoke’s approach to Data Privacy and Security – please do not hesitate to contact us:
To provide AI-powered features such as summarization and prioritization, we process messages from Slack and tools connected to Slack. All data is fully pseudonymized and/or anonymized before processing. We generally minimise the collection and storage of Personally Identifiable Information (PII). Any indirect PII data included in notifications processed by Spoke (e.g. names, phone numbers, or email addresses mentioned in a message) is fully anonymized or pseudonymized via Named Entity Recognition (NER) before being processed by any internal or external models.
We are headquartered in Germany and fully comply with GDPR. You can find a high level overview of GPDR requirements here.
We follow the GDPR guidelines, meaning we will only process your data for as long as is necessary for the respective purposes or as long as there are legal retention obligations. After the respective processing purpose ceases to apply and the retention obligations end, your data will be routinely deleted.
Data Deletion requests or requests to be forgotten can be sent to firstname.lastname@example.org and will be answered within 2 weeks.
Our technical infrastructure is hosted using AWS Managed Services, which allows us to adopt & maintain best-in-class security and compliance practices. Data at rest is fully encrypted using the 256-bit Advanced Encryption Standard (AES-256) and stored on AWS Servers in Germany (Region eu-central-1 → Frankfurt, Germany). Detailed information about AWS security is available at here and here, AWS SOC Reports are available here.
Additionally, all Spoke applications and website are SSL encrypted. We work with virtual private clouds (VPCs) with IP whitelisting and conduct regular internal audits.
All team members at Spoke.ai receive the appropriate tools & training to ensure best in class security protocols. We have strict controls for access management via AWS Identity and Access Management (IAM) as well as device management.
In order to protect the confidentiality of all data, team members are required to take reasonable measures to safeguard and prevent unauthorized access or disclosure of confidential information. This includes, but is not limited to, ensuring that all confidential information is kept in a secure location and that only authorized personnel have access to it.
All team members must follow certain requirements, like encrypting storage media and using two-factor authentication (2FA). Usage of strong passwords is enforced and centrally managed. All communication is done through securely encrypted channels. We have a thorough access removal process that helps to ensure that all company property is returned and that access to company systems is properly removed.
One of our core values at Spoke focuses on building AI-products in a human-centred and responsible manner. For example, we remove all gendered pronouns from all content we generate and we’re constantly reviewing our models to diminish the possibility of any harmful content. Users always have the possibility to give direct feedback and report harmful or inappropriate content.