Last Updated: June 27, 2020
“I’ve been in the privacy industry for 13 years before setting out to build Krisp with our team.
I headed Product Security at Twilio, the leading cloud communications platform. During my time at Twilio, the company was going through a major undertaking to become GDPR compliant.
I was also one of the designers of FIDO security protocol, a privacy-first authentication protocol.
We know how to design privacy-first systems.
Krisp (Windows and Mac), by design, sits between your physical microphone and your other apps (e.g. Zoom) and processes your audio to make it higher quality. And you may (rightfully) wonder if it does anything else with the audio. For example, does Krisp send audio to its cloud?
The answer is that we will never send your audio to our servers without your explicit consent. This is a design principle we will always follow.
Krisp Phone (iOS), by design, is a mobile dialing app. It places calls on your behalf and connects to conference meetings or directly to phone numbers. To place these calls we use Twilio which is known to have implemented best-in-class enterprise security practices and holds best security certifications out there. Thus, when you use Krisp mobile app your voice data is sent to Twilio’s servers and then goes through necessary hops until it reaches the necessary end-service (e.g. a carrier like AT&T, conferencing services such as Zoom or Google). With this architecture, Krisp backend never sees your voice data. Your voice data is never recorded or analyzed on Twilio servers (unless you opted in for it).
We very well understand how sensitive this question will become over time and one of the most important design principles of Krisp we adopted early on was – our users’ privacy comes first. This means that whatever design choices our team employs, users’ privacy will be at the center of our mind.”
– Davit Baghdasaryan, CEO and Co-Founder
The exhaustive list of customer data points Krisp collects is specified in our security whitepaper.
Krisp processes microphone/speaker audio data ONLY on user’s device. This data NEVER leaves user’s device.
When you download, install, register with, access, or use Krisp and/or the Site, we may ask you to provide information (a) by which you may be personally identified, such as name, email address, or any other personal or personally identifiable information under applicable law (“personal information“), and/or (b) that is about you but individually does not identify you.
This information includes, without limitation:
We do not have access to any voice content as such content is not available to us or our servers.
The technologies we use for automatic information collection may include:
We also collect the following data from our partners:
When you use or access Krisp Site or its/their content, certain third parties may use automatic information collection technologies to collect information about you or your Device, or you may otherwise be accessing and using third-party platforms, software, and applications.
You can opt-out of remarketing by visiting the links below:
For Google, For Facebook, For Twitter, For Linkedin
To make Krisp and/or the Site work.
To perform the contract, we process data necessary to:
To make Krisp and/or the Site more suitable for our users.
To provide a great application and/or Site to our users, we have a legitimate interest to collect and process necessary data to:
To analyze, profile, and segment.
In all of the above cases and purposes, we may analyze, profile, and segment all collected data, including for the purpose of estimating our audience size and usage patterns.
With your consent.
With your consent, which is implied herein, we may process your data for additional purposes, such as personalized tips to improve your calling experience.
We do not sell, trade, or otherwise transfer to outside parties your personal information. This does not include parties who assist us in operating Krisp and/or Site, conducting our business, or serving our users. We try to work with such parties, which adhere to the highest levels of privacy and security practices. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. Whenever we are obliged to disclose your personal information and if possible, we will disclose only aggregate information that does not identify any individual.
For purposes of GDPR and CCPA, we are the “Processor” of that Personal Data, acting as a service provider on behalf and at the direction of our customer, and our customer is the “Controller” or decisionmaker.
We follow a customer’s instructions related to Personal Data we have collected on behalf of that customer. On a customer’s instructions, we may provide reports containing Personal Data relating to the customer’s account.
We respect and are committed to safeguarding your privacy and have undertaken and put in place physical, electronic and managerial measures which will allow us to deliver on our commitments. Additionally, we try to work with such parties, which adhere to the highest levels of privacy and security practices. The Site/Krisp is scanned on a regular basis for security gaps and known vulnerabilities in order to make your experience as safe as possible.
Your sensitive information is contained behind secured networks and is only accessible by a limited number of persons and third parties who have special access rights to such systems and are required to follow policies stipulated herein. All information you supply is encrypted with Transport Layer Security (TLS) technology.
Nevertheless, you should know that electronic transmission and data storage methods are not perfect by their nature and thus, we cannot guarantee absolute safeguard for your personal information.
We retain your data for as long as your Account is active or unless you request us to delete your data. Note that if you ask us to remove your personal data, we may retain your data as necessary to comply with our legal obligations.
We do not knowingly collect or solicit personal data about or direct or target interest-based advertising to anyone under the age of 13 or knowingly allow such persons to use or access Krisp and/or the Site. If you are under 13, please do not send any data about yourself to us, including your name, address, or email address. No one under the age of 13 may provide any personal data. If we learn that we have collected personal data about a child under age 13, we will delete that data as quickly as possible. If you believe that we might have any data from or about a child under the age of 13, please contact us.
If you have questions about data protection, or if you have any requests for resolving issues with your personal data, we encourage you to primarily contact us through Krisp so we can reply to you more quickly.
Name of the controller: Krisp Technologies, Inc.
Address: 2150 Shattuck Ave, Suite 1300, Berkeley, CA 94704, United States