At Hoop, we know that safeguarding your data is priority one. This post includes details on how we put value into practice.
How does Hoop protect user data?
All data that we collect and produce is encrypted in transit and at rest. Only meeting participants can access specific meeting content, and users can control access and sharing from there.
In particular, Hoop collects chat data and records meetings, and we retain copies of emails sent to Hoop. We produce meeting transcripts, task objects, and various summaries.
Hoop and user generated content (”UGC”)
At Hoop we never look at User Generated Content, even for analytics purposes, without express user consent typically in the case of a support request.
Hoop’s use of Large Language Models
Hoop uses LLMs provided by OpenAI to generate and curate tasks for users. No Hoop user data is used to train models provided by OpenAI (or any other LLM provider).
In particular, Under the terms of service that control OpenAI’s API, models are not trained on API inputs or outputs.
Read more about OpenAI’s commitment to privacy here:
How does Hoop generate tasks?
For meetings, Hoop attends as a bot in order to generate a transcript of the meeting. We then send segments of that transcript securely to OpenAI’s ChatGPT API in order to generate tasks and summaries, which we store and then display to our users.
For chat, we send messages, along with a prompt, to OpenAI’s ChatGPT API in order to generate tasks. Tasks are stored and then generated to users. Slack messages are redacted and then removed from our production environment.
What user data does Hoop collect?
Hoop connects to your data sources in order to collect tasks on your behalf. That means that we currently establish two connections to generate tasks: we connect to your Google calendar, and we connect to your Slack instance.
For tasks generated from meetings, we retain a recording of the meeting (video and audio), as well as a call transcript which is available to users from within the product.
For tasks generated from Slack messages, we redact Slack messages and remove their contents from our production environment.
For any emails that are forwarded to Hoop for task creation, Hoop retains a copy of the forwarded email in order to display a copy of the email to users when a link back to the original version is not possible.
Additional data privacy considerations
In addition to the above, Hoop also uses the following security practices.
- Unique Accounts - We require authentication to systems and applications to use unique username and passwords or authorized Secure Socket Shell (SSH) keys.
- Production Application Access is Restricted - System access is restricted to authorized access only.
- Production Database Access is Restricted - We privilege access to databases to authorized users with a business need only.
- Access Revoked Upon Termination - In the event of an employee’s termination, system access is promptly revoked.
- Remote Access MFA Enforced - Hoop’s production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.
- Remote Access is Encrypted - Hoop’s production systems can only be remotely accessed by authorized employees via an approved encrypted connection.
___
If you have any concerns or questions about our data privacy practices and policies, please let us know at founders@hoop.app. Thanks!