Security & Privacy

Since Day 1, your privacy, safety and security have been our top priority. Parrot AI’s founding team comes from the software security industry, having founded leading companies such as Netscout/Arbor Networks and VMware/Carbon Black. We built a product that we feel safe using.

What would a product need to do in order for us to feel comfortable inviting it into our meetings?

This was our first design principle for the product – and one we continue to focus on every day.

It might sound cliché, but we have done our best to build security and privacy into the product from the ground up. It is not an afterthought or a second-class feature.

Parrot AI takes special care to ensure that you can take advantage of AI in a safe and secure way. To that end, we do several things that you won't find in a typical knowledge base:

• We keep track of who was in the meeting to ensure that knowledge is only shared within that group. You can always share it more broadly; however, our AI will never share knowledge outside of the group that you have already shared it with.
• We will never 'train' our AI on your data.
• We follow industry best practices in the responsible use of AI technology.

We have a robust privacy policy that can be viewed here.

Your data is your data — it’s not our data. We won’t share it with anyone without your permission. You can delete it any time if you want.

The support escalation process makes sure that no one at Parrot AI can see any of your pages, video clips or recordings unless you have given us explicit permission to do so. All access to customer data and customer metadata is logged and monitored. These logs are then audited by a compliance process both inside our company as well as part of our ongoing SOC2 compliance process.

Your data is encrypted everywhere, and all the time. It’s encrypted at rest; it’s encrypted in transit within our server architecture; and it is, of course, encrypted between our servers and the content distribution network and your browser.

Workspaces — both personal and shared — are password protected. Your password is stored in a one-way vault and can’t be extracted. Additionally, the product supports multi-factor authentication (MFA). Making the product both secure and delightful to use is important to us, and we will continue to invest heavily in access control features on a continuous basis.

Individual users control who has access to their recordings. Granting access to a video clip from within a recording does not confer access to the original recording.

Parrot AI uses Amazon Web Services for most of its components. AWS uses state-of-the-art approaches to ensuring the overall security of our infrastructure.

https://aws.amazon.com/compliance/data-center/controls/

The majority of our founding team came from the security industry after having worked on security products for decades. Additionally, all our employees complete ongoing security training — we think it’s fun!

Access to customer data is restricted to a limited group of employees. and. as described above, they must have explicit permission from a customer before they can escalate their privileges to troubleshoot any problems.

We also scrutinize our vendors to ensure they also maintain expected levels of security controls.

We are committed to complying with GDPR, HIPAA and CCPA regulations. For more details on GDPR, please review our Privacy Policy. Users can also see our Parrot AI and GDPR page in their account which has information about our Data Processing Agreement, our practices and our sub-processors.

We are also SOC2 Type II certified ensuring that our security policies and controls continuously meet the highest industry standards.

Parrot AI takes the security and safety of our platform and our users very seriously. We recognize the critical role that external security researchers and developers play in helping keep our community safe. As with most security research programs, we ask that you use common sense when looking for security bugs.

Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts. We do not consider denial of service, spam or social engineering vulnerabilities to be covered under our safe harbor. If you believe that you have found a security vulnerability you may responsibly disclose it by emailing our security team at security@parrot.ai (optionally using our PGP key below) under the same responsible disclosure terms outlined in the program brief.

In case you need to communicate securely with us about anything — especially around disclosure and vulnerabilities

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYqJjChYJKwYBBAHaRw8BAQdAYzPJ7rpvwTx/gY/Hwt0oDSTEwuMlLAsNnkI0
SwrY+sG0QVBhcnJvdCBBSSBTZWN1cml0eSAoUGFycm90IEFJIHNlY3VyaXR5IHRl
YW0pIDxzZWN1cml0eUBwYXJyb3QuYWk+iJkEExYKAEEWIQT+UYFvmjGkyjaiVvFk
v65nrQwHcAUCYqJjCgIbAwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX
gAAKCRBkv65nrQwHcLE3AQDN0v3qByIrvwWsO1aWu8n/6caxshvXz+5vapzoDdCA
JwEAz9nYK7snKRWdVbePLMO4/3YAGIbh2t22Cye+S+hQSwm4OARiomMKEgorBgEE
AZdVAQUBAQdA9y3AKAoJlxw+W9bAqv6XfQ8oPIghlklyk2C5sC4ToiIDAQgHiH4E
GBYKACYWIQT+UYFvmjGkyjaiVvFkv65nrQwHcAUCYqJjCgIbDAUJCWYBgAAKCRBk
v65nrQwHcPmqAQD5kTAjPTVzmTU6PC69Z2mrTPqtfRXh1tp4ghGXk2q3lAD/dDaI
BpF3tCKY6wbEoCAsEjQQ252RT8lYqz8wKRjXxQc=
=73DP
-----END PGP PUBLIC KEY BLOCK-----

When conducting vulnerability research according to this policy, we consider this research to be:

• Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
• Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
• Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
• Lawful, helpful to the overall security of the Internet, and conducted in good faith.
• You are expected, as always, to comply with all applicable laws.

If, at any time, you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via security@parrot.ai before going any further.