Security & Privacy

Your security is our top priority

We take every step to make sure your data is safe and secure. We protect your data using the highest security standards
Download our Security Whitepaper

Data center

Eric.ai hosts all its software in Microsoft Azure facilities in the UK. Microsoft Azure provides an extensive list of compliance and regulatory assurances. Click here to see a list.
Private cloud deployment solutions are also available.

Security operations

Microsoft Defender for Cloud

Microsoft Defender for Cloud is used to prevent, detect, and respond to threats with increased visibility into and control over the security of our Azure resources. It provides integrated security monitoring and policy management across our estate and helps detect threats that might otherwise go unnoticed, giving complete digital protection.

Azure Resource Manager

Azure Resource Manager works with the resources within the Eric.ai solution as a group. By adopting the Azure Resource Manager templates we maintain a high security standard of solutions deployed in Azure. Standard security control settings can be integrated into the templates which reduces the risk of security configuration errors that might take place during manual deployments.

Azure Monitor logs

Azure Monitor logs are used for forensic and other security analysis. This provides a central logging service that is connected to other security services with the Microsoft Azure ecosystem including our firewalls.

Application security

Web application vulnerability scanning

The Eric.ai technical team maintains robust software development principles to maintain a high security standard. As part of these development principles, the technical team proactively uses Web Application scanning during development. 
This process allows the technical team to scan and secure the Eric.ai software application throughout the software development lifecycle.

Web Application Firewall

The Web Application Firewall (WAF) helps protect the Eric.ai software application from common web-based attacks including SQL injection, cross-site scripting attacks, and session hijacking. This enhances digital protection and ensures data access and security are under control.
The web application firewall that is embedded within the Eric.ai architecture uses threats that are identified by the Open Web Application Security Project (OWASP).

Layered Security Architecture

We adopt the Layered Security Architecture within the Eric.ai software application to provide differing levels of network access for each application tier. An example of this is to hide the API back-end services from general Internet access, and only allow APIs to be called by upstream web apps. 

Access, authentication and authorization

Accessing the Eric.ai software application from a browser uses Secure Socket Layer (SSL) encryption. Authenticating and authorizing users within Eric.ai are facilitated either by Auth0 or Microsoft Single Sign On (SSO). For users that authenticate using SSO the 2FA authentication service is embedded within their own security configuration and by default users that authenticate with the Eric.ai software application directly use Auth0, 2FA mandated. 

Data security

Eric.ai Interface

Azure role-based access control

Using the role-based access control service we restrict access based on the need to know and least privilege, security principles within Eric.ai.

Encryption in transit

Encryption in transit is a mechanism that we use to protect data and maintain information transmitted across networks. 
TLS 1.2 is used to support transport level encryption.

Encryption at rest

Encryption at rest is a mechanism that is used to protect data that is at rest.
Storage service encryption (AES-256) is embedded within Eric.ai

Enterprise-level privacy and security to protect your business

Connect your virtual and hybrid meetings to popular applications to maximize you and your team’s productivity and cut out unnecessary meeting admin time
What data is being collected?

The data collected is the personal information you disclose to use along with analytical data to support and shape Eric.ai

For product services and features: We collect email addresses, meeting audio(including active speaker) and video, meeting attendee email addresses, meeting attendee display names and other similar information.

For analytical activity we collect logins, session duration, interaction with platform (features),  name, email, IP address and location details

How and where is my meeting data being stored?

You’re in safe hands. The data being collected is audio,  and the transcriptions from the audio data.

Data is stored using accredited hosting providers, Microsoft Azure and AWS.
When you add Eric.ai into your Teams organisation as a Microsoft Media Bot you are allowing Eric to record the audio and video to all meetings you have asked Eric.ai to join. It is the Media Bot that stores the audio and video content within Microsoft Azure securely.

This is where your data journey ends. It is all stored and accessible for the lifetime of your active account within AWS.

Meetings can be full of private and confidential information, who has access to the data?

As a registered user and therefore the organiser of the meeting, you are in control of when Eric.ai will join your meeting and who can and cannot access your meeting outcome data through our share information feature.

We use a third party service to transcribe your audio outcomes.

Internally we govern data access by roles and responsibilities therefore limiting the exposure of identifiable data on a role based approach

What measures are taken to protect unauthorised access to keep data secure?

We aim to protect your personal information through a system of organisational and technical security measures.

As a Microsoft partner, we must comply with high data and security requirements and Microsoft Azure protects customer data.

Eric requires two-factor authentication for increased security when accessing the application.

How is my data being used and analysed?

We process your information for purposes based on legitimate business interests such as data analysis, identifying usage trends and informing improvements we can make to our services.

Your information is used to ensure our contract with you is fulfilled. We use your information in compliance with our legal obligations and/or your consent.

Our data usage and analysis comply with GDPR.

Do you retain data?

We may retain some information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

The data we may retain includes non identifiable transcription data for the purpose of training our Algorithms to further enhance your user experience

What data is deleted and when?

All your data is deleted when you have deleted your Eric account.

What is your data policy?

We have the following policies:

You can access the links to read in more detail.

Ready to see Eric in action?

Claim your free account or arrange a quick demo to get started.