Spoke.ai | Slack Summarization Privacy & Security

What is your approach to data privacy?

A strong commitment to the ethical use of technology and protecting our users’ privacy lies at the core of what we do. We are especially focused on data minimisation, i.e. we constantly challenge what the minimum necessary amount and retention period of any data is to create a great user experience and whether each data point in our databases creates user value.

Which data do you process?

To provide AI-generated summaries to our users, we process Slack messages, from message threads in public and private Slack channels (only after Spoke has proactively been added to a channel). We process data only based on proactive summarization requests by an authenticated user and all data is fully pseudonymized and/or anonymized before processing.

We generally minimise the collection of any Personally Identifiable Information (PII) and therefore do not collect or save any explicit user information (only if mentioned in the body of a message in natural language).

We are headquartered in Germany and fully comply with GDPR. You can find a high level overview of GPDR requirements here.

You can read more in our Privacy Policy here or reach out to us directly at any time at security@spoke.ai or team@spoke.ai if you have questions or concerns.

What about data storage and application security?

We only store anonymised input data from Slack (e.g. messages from a thread or channel) and summarised data that we create for our users based on anonymised inputs. We also store anonymous user feedback (e.g. summary ratings) to improve our summarisation capabilities over time.

Our technical infrastructure is hosted using AWS Managed Services, which allows us to adopt & maintain best-in-class security and compliance practices. Data at rest is fully encrypted using the 256-bit Advanced Encryption Standard (AES-256) and stored on AWS Servers in Germany (Region eu-central-1 → Frankfurt, Germany). Detailed information about AWS security is available at here and here, AWS SOC Reports are available here.

Additionally, all Spoke applications and website are SSL encrypted. We work with virtual private clouds (VPCs) with IP whitelisting and conduct regular internal audits.

How do you deal with gender bias and/or other harmful content?

One of our core values at Spoke focuses on building AI-products in a human-centred and responsible manner. For example, we remove all gendered pronouns from all content we generate and we’re constantly reviewing our models to diminish the possibility of any harmful content. Users always have the possibility to give direct feedback and report harmful or inappropriate content.

What is your procedure for handling requests for data deletion?

For the minimal amount of user data we might store, Data Deletion requests or requests to be forgotten can be sent to team@spoke.ai and will be answered within 2 weeks. After a data deletion request is submitted, we will remove or anonymize all PII data stored in our databases. We log the request for data deletion for 2 years, keeping only the data subject’s email address to verify to authorities that we complied with the deletion request.

What is your approach to operational security within Spoke?

All team members at Spoke.ai receive the appropriate tools & training to ensure best in class security protocols. We have strict controls for access management via AWS Identity and Access Management (IAM) as well as device management.

In order to protect the confidentiality of all data, team members are required to take reasonable measures to safeguard and prevent unauthorized access or disclosure of confidential information. This includes, but is not limited to, ensuring that all confidential information is kept in a secure location and that only authorized personnel have access to it.

All team members must follow certain requirements, like encrypting storage media and using two-factor authentication (2FA). Usage of strong passwords is enforced and centrally managed. All communication is done through securely encrypted channels.

We have a thorough access removal process that helps to ensure that all company property is returned and that access to company systems is properly removed.

Which technologies do you work with and what about 3rd parties?

We work with a combination of different technologies, leveraging pre-trained models such as OpenAI’s GPT-3.5, as well as developing and fine-tuning our own models (e.g. to identify and pseudonymize PII or to avoid any gender bias / other harmful content).

We use Slack solely as a data input and user interface. When working with third parties (such as large pre-trained language models), we always have Data Processing Agreements (DPAs) in place and we ensure to only push anonymized PII data to such 3rd parties, who generally have no read/write access to any of our data. We’re constantly working on improving our models to ensure full data pseudonymization.

You can find additional information in our Privacy Policy.

Spoke creates the context for work

Thanks for your interest in Spoke!You're being redirected... ⏩

Thanks for your interest in Spoke!
You're being redirected... ⏩