Privacy & Security

The AI Scrum Master is powered by GPT-4 API. Just like a real scrum master, Spinach is most effective when you give us access to your meetings, messaging tools, and product management tools. However, we understand that these platforms house some of your most sensitive and confidential information. That's why our top priority is ensuring your data remains protected, never making its way into Large Language Models (LLMs) or into the hands of bad actors.

Spinach is a fast-growing early stage startup. As we grow, we are committed to full transparency regarding the usage of your information as we evolve. We actively collaborate with beta users to determine the controls you desire for the storage, management, and leveraging of your data. And we actively keep all users informed of Security updates as we grow.

SOC 2 compliance

Our data management practices have been independently audited by the AICPA is proud to be SOC 2 compliant. This means we have met the stringent criteria set forth by the American Institute of CPAs (AICPA) for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy—which ensures we have the controls and procedures in place to securely manage and protect your data at all times. Our SOC 2 compliance, which is independently audited, reaffirms our commitment to adhere to the highest standards of data security and provides you with peace of mind knowing your data is safe and secure with us.

SOC2 Badge

Use of AI & GPT-4

Your information will not contribute to the training of Large Language Models (LLMs)

Spinach is a fast-growing early stage startup. As we grow, we are committed to full transparency regarding the usage of your information as we evolve. We actively collaborate with beta users to determine the controls you desire for the storage, management, and leveraging of your data. And we actively keep all users informed of Security updates as we grow.

Spinach is a fast-growing early stage startup. As we grow, we are committed to full transparency regarding the usage of your information as we evolve. We actively collaborate with beta users to determine the controls you desire for the storage, management, and leveraging of your data. And we actively keep all users informed of Security updates as we grow.

When using the GPT-4 API, it is important to know that the information you provide as input does not contribute to the training of Large Language Models (LLMs). OpenAI, the organization behind GPT-4, has implemented strict data handling policies to ensure that user data remains private and secure.

While GPT-4 is trained on vast amounts of data from various sources, the GPT-4 API operates separately from the training process. OpenAI retains API data for a limited period, primarily for operational purposes such as maintaining service quality, addressing bugs, or improving the system's overall performance. During this retention period, user data is not used to retrain or update the LLM.

By keeping the API and training data separate, OpenAI aims to maintain user privacy and prevent sensitive or confidential information from inadvertently becoming part of the model's knowledge base. This commitment to data privacy and security ensures that you can use the GPT-4 API with confidence, knowing that your information will not be integrated into the LLM.

Data storage

Your information is stored securely in AWS S3

Spinach stores information from your meetings in AWS S3, a highly secure and reliable cloud storage service. Amazon Web Services (AWS) S3, or Simple Storage Service, is a highly secure and reliable cloud storage service designed to store and retrieve data at scale. Security is a top priority for AWS, and they have implemented various measures to ensure the protection of the data stored in S3. Some key security features include:

  1. Data encryption: AWS S3 provides server-side encryption (SSE) and client-side encryption options. With SSE, data is encrypted before it is stored, and decrypted when it is retrieved. Client-side encryption allows you to encrypt data on your end before uploading it to S3.
  2. Access control: AWS S3 supports multiple access control mechanisms, including bucket policies, access control lists (ACLs), and Identity and Access Management (IAM) policies, allowing you to manage permissions for users and groups with fine-grained control.
  3. Versioning: AWS S3 supports versioning, which preserves, retrieves, and restores every version of every object in a bucket, providing an extra layer of protection against accidental deletion or overwriting.
  4. Secure data transfer: Data transfers to and from AWS S3 are secured using HTTPS and SSL/TLS encryption, ensuring secure transmission of data over the network.
  5. Compliance: AWS S3 is compliant with a wide range of security standards and certifications, such as GDPR, HIPAA, and SOC 1, 2, and 3, ensuring that data is stored and managed according to industry best practices and regulations.
  6. Monitoring and logging: AWS S3 provides tools like Amazon S3 access logs, AWS CloudTrail, and Amazon Macie to monitor and audit access to your stored data, allowing you to detect and respond to potential security threats.

Spinach employees

Spinach employees and their equipment are secure

All employees have completed background checks and have signed NDAs to ensure any information they encounter via troubleshooting or testing remains private and secure.

Additionally, Spinach leverages Apple Device Management (MDM), also known as Mobile Device Management, which allow us to manage and secure all employee issued devices such as iPhones, iPads, and Macs across our organization. MDM provides centralized control over devices, ensuring that they adhere to our security policies and standards. Implementing MDM helps us enhance security of your information in a few ways:

  1. Device enrollment: MDM enables the streamlined onboarding of devices to the organization's network, ensuring that only authorized devices can access corporate resources.
  2. Configuration management: MDM allows administrators to remotely configure device settings, such as Wi-Fi, VPN, and email, ensuring that devices are set up according to the organization's security policies.
  3. Security policy enforcement: MDM enables the enforcement of security policies on devices, such as requiring complex passcodes, enabling data encryption, and restricting app installations. Administrators can also enforce device updates to ensure that devices run the latest security patches.
  4. Remote lock and wipe: In case of loss or theft, MDM allows administrators to remotely lock a device or perform a complete wipe of its data, protecting sensitive corporate information from unauthorized access.
  5. App management: MDM provides control over the apps that can be installed on devices, enabling organizations to create a whitelist or blacklist of approved or restricted apps. This helps prevent the installation of potentially harmful or non-compliant apps.
  6. Compliance monitoring: MDM continuously monitors devices to ensure they comply with the organization's policies. If a device is found to be non-compliant, the administrator can receive alerts and take appropriate actions, such as revoking access to corporate resources.
  7. Inventory management: MDM provides an overview of all managed devices in the organization, allowing administrators to track device usage, monitor software versions, and ensure that devices meet security requirements.

Ready to try the AI Scrum Master?


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

My meeting is over. Why didn't I get a summary?

The most common reason is that someone from your meeting forgot to leave the video call. If everyone has left the call, you will receive a summary within 5 minutes. If you still do not receive a summary please let us know at so we can investigate.

What integrations does Spinach have?

Spinach can join Zoom, Google Meet and Microsoft Teams meetings. From there, Spinach can send your meeting summaries to Slack and email. Coming soon, you'll be able to send summaries to Notion, Confluence or Google Docs. Spinach integrates with Jira, Trello, Asana, ClickUp, and Linear to add summary links to any tickets or tasks you discuss. We also recommend new tickets or tasks based on your meeting discussion directly in Slack. Get more information on our Integrations page.

How can I get my meeting summaries in Slack?

To get meeting summaries in Slack, you need to connect your Spinach account to Slack. Go to to login. Then go to Spinach Settings and click Configure Slack. Follow the steps to connect to Slack and select which channel you'd like your summaries to go to.

Who will receive the meeting summary from Spinach?

Everyone on the meeting invite will receive a summary from Spinach via email. This includes anyone invited to the meeting and did not join. We're currently building output settings to control where your summaries go (email, Slack, Notion, Confluence, Google Docs) and who receives the summaries.

How long does it take to receive my meeting summary from Spinach?

You'll receive your meeting summary from Spinach within 5 minutes of the meeting session ending. If you do not receive your email summary within 5 minutes of leaving your meeting, check your spam folder and make sure noone from your team forgot to close the video meeting.

What languages does Spinach support?

Spinach currently supports English, Spanish, French, German, Italian, Portuguese and Dutch. If you speak these languages in your meetings, your meeting summary, action items and ticket recommendations will be translated to English. We are adding support for 50+ languages soon and working on local language summaries, action items, and ticket recommendations.

When exactly does Spinach join the meeting?

Spinach joins your meeting 1-2 minutes prior to the scheduled start time. If you add Spinach to a meeting already in progres, it takes 1-2 minutes for Spinach to join.

My meeting already started. Can I still invite Spinach?

Yes! If you forget to invite Spinach before the meeting begins, you can open the invite, add and we will join within 2 minutes. Please note: If you're connected to Slack for summary outputs, the summary will go to your default Slack channel.

Why hasn't Spinach joined my meeting?

Here's a few troubleshooting steps for you to try. 1. Are you sure Spinach is on the meeting invite? 2. Did you join the meeting link on your meeting invite? 3. Is Spinach stuck in the waiting room of your meeting? 4. Did someone on your meeting kick Spinach out? 5. Did you start more than 5 minutes late? If no one joins in the first 5 minutes, Spinach leaves.

How do I add Spinach to a meeting?

There are 2 ways to add Spinach to a meeting. 1.  Login with Google, connect your calendar, and simply check off all the meetings you'd like Spinach to join. 2. Open the meeting invite (or meeting series) and add as a guest.

Does Spinach have a free plan?

Yes. The Spinach Starter plan is completely free. You get unlimited users and unlimited meeting summaries with access to our Slack integration. Upgrade to Pro to unlock additional features, ticketing integrations, and meeting controls.