Data Privacy & Security

To provide AI-powered features such as summarization and prioritization, we process messages from Slack and tools connected to Slack. All data is fully pseudonymized and/or anonymized before processing. We generally minimise the collection and storage of Personally Identifiable Information (PII). Any indirect PII data included in notifications processed by Spoke (e.g. names, phone numbers, or email addresses mentioned in a message) is fully anonymized or pseudonymized via Named Entity Recognition (NER) before being processed by any internal or external models.

We are headquartered in Germany and fully comply with GDPR. You can find a high level overview of GPDR requirements here.

You can read more in our Privacy Policy or reach out to us directly at any time at security@spoke.ai if you have any questions or concerns.

We work with a combination of different technologies, leveraging pre-trained models from partners OpenAI and Cohere, as well as developing and fine-tuning our own models (e.g. to identify and pseudonymize PII or to avoid any gender bias / other harmful content). When working with third parties (such as large pre-trained language models), we always have Data Processing Agreements (DPAs) in place and only share pseudonymized or anonymized PII data with such 3rd parties, who generally have no read/write access to any of our data. We’re constantly working on improving our models to ensure full data anonymization. You can find additional information in our Privacy Policy.

We follow the GDPR guidelines, meaning we will only process your data for as long as is necessary for the respective purposes or as long as there are legal retention obligations. After the respective processing purpose ceases to apply and the retention obligations end, your data will be routinely deleted.

‍

Data Deletion requests or requests to be forgotten can be sent to security@spoke.ai and will be answered within 2 weeks.

Our technical infrastructure is hosted using AWS Managed Services, which allows us to adopt & maintain best-in-class security and compliance practices. Data at rest is fully encrypted using the 256-bit Advanced Encryption Standard (AES-256) and stored on AWS Servers in Germany (Region eu-central-1 → Frankfurt, Germany). Detailed information about AWS security is available at here and here, AWS SOC Reports are available here.

Additionally, all Spoke applications and website are SSL encrypted. We work with virtual private clouds (VPCs) with IP whitelisting and conduct regular internal audits.

All team members at Spoke.ai receive the appropriate tools & training to ensure best in class security protocols. We have strict controls for access management via AWS Identity and Access Management (IAM) as well as device management.

In order to protect the confidentiality of all data, team members are required to take reasonable measures to safeguard and prevent unauthorized access or disclosure of confidential information. This includes, but is not limited to, ensuring that all confidential information is kept in a secure location and that only authorized personnel have access to it.

All team members must follow certain requirements, like encrypting storage media and using two-factor authentication (2FA). Usage of strong passwords is enforced and centrally managed. All communication is done through securely encrypted channels. We have a thorough access removal process that helps to ensure that all company property is returned and that access to company systems is properly removed.

One of our core values at Spoke focuses on building AI-products in a human-centred and responsible manner. For example, we remove all gendered pronouns from all content we generate and we’re constantly reviewing our models to diminish the possibility of any harmful content. Users always have the possibility to give direct feedback and report harmful or inappropriate content.