Privacy

At Hetki, we’re committed to your privacy. We know that earning your trust is utmost important to us when you use our product and services. We're a small team in Helsinki, Finland. Our users' privacy is of high priority to us at Hetki.ai and underscores our technology and business decisions.

 

Transcription processing is held only on your side and you control where your transcription is stored. We neither own or host your transcript unless you ask us to do so,  to improve product experience purposes.

Our product aims to improve work productivity and collaboration and we go to the best possible extent to protect Your data and keep it private and secure. Practically this means we adhere to best practices of privacy and data security. Data we may collect within the scope of a meeting are with the purpose of providing best results and personalized experience. We don’t access or intervene with the data other than absolute mission critical situations such as server/production issues, if necessary.

What does this Privacy Policy cover?

This Privacy Policy explains how we respect your data, privacy and practices we follow. If you are a subscribed user of our Hetki.ai services, this Policy applies to you.

 

How does Hetki store data?

We will only store your data for the purposes described in this policy and where we have a legal basis for doing so. The purposes for which we process your data are:

  • Keeping Hetki.ai service running - Providing services to you and ensuring the functioning and maintenance of the services. 

  • Verifying your identity for the purposes of signing into the service. 

  • Managing the customer relationship with you, including customer communication, user account management and processing payments.

  • Improving Hetki.ai product and service offerings. 

  • Interacting with You for feedback on our services. 

  • Improving and personalizing the services and to develop new products and services and providing notifications on new features, changes, and improvements.

  • Managing, pursuing, analysing, and improving the customer relationship with you, including using technically gathered information, data analysis and profiling, this in some cases with the assistance of third-party services.

  • Customer Support, Corresponding with users, solving issues, and providing customer support through phone or email. 

  • Informing you of new services, features, and content we may offer.

What types of data do we store and when?

Data from your meetings. Text-based data that you may collect within the scope of a meeting, such as notes, agenda items, tasks, names, email id of meeting participants and transcriptions, are stored in an encrypted* database in GCP*. We adhere to best practices for persisting and encrypting data, and to that end, data is always encrypted at rest*. Hetki.ai databases are located are not directly accessible from the Public Internet and can only be reached via privileged Hetki.ai application servers. Our application servers, database servers, and other aspects of our infrastructure are all located in highly secured environment to prevent any direct access from the outside world. 

 

Where do we store your data?

The data we collect is processed by us within the European Union and in third party data processing facilities within the European Union or the European Economic Area. In addition, we may use third party services that may transfer data outside the European Union or the European Economic Area. We do so only in case we believe that such third-party services are best-of-breed and provided that the transfer and processing of data is done in compliance with applicable privacy legislation such as the GDPR.

Accessing Hetki.ai

Any account-level access to Hetki.ai requires authentication and authorization using OAuth2* through your Google or Microsoft accounts — industry standards for authentication.

 

Who has access to what within Hetki.ai

Our technical team can be granted temporary access to our servers, text data or audio in absolute necessary situations. This is always for debugging and development purposes. All actions are logged. 

 

How do we keep your data safe?

We and our external service providers protect the safety of your data through industry standard, technical and organizational safety measures. Although our good faith efforts to store your data in a secure operating environment that is not available to the public, please remember that unfortunately no data transmission or storage is 100% risk free. You provide your personal data at your own risk and we cannot guarantee the absolute security of your data. In the unfortunate case of a security breach that that endangers your privacy or data we will inform you as well as the relevant authorities, as required by law. We may also temporarily shut down the Services to protect the Personal Data.” Please remember to keep your account registration information secure and to change your password at regular intervals.

 

How is your data shared with third parties?

The data is encrypted before written to the disk, according to the high standard encryption provided by Google. Additionally, to provide our users state-of-the-art, secure full-text search capabilities we save the transcripts in a third-party service called Algolia, trusted by companies such as Slack, Stripe and Lacoste.

 

Changes to this privacy policy

We may from time to time change this privacy policy. Significant changes will be posted on our website.

 

 

Useful Vocabulary

🤝 Database: this is a server that stores data that relates to one another. 

🔒 Encrypted: encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally identifiable data (notes and text) are encrypted at-rest.

🛌🏾 At-rest: your data is physically being stored on a device (usually a server)

GCP (Google Cloud Platform): our cloud provider that allows us to rent storage and compute capacity from their data centers.

💻 Kubernetes: an open-source system for automating deployment, scaling, and management of containerized applications

🔐 OAuth2: allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials.

🗄 SSL (Secure Sockets Layer): the standard security technology for establishing an encrypted link between a web server and a browser.